Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

Bad bid: Malicious actors target government contractors

September 12, 2019 By Andrew Smith

IT personnel working the trenches in the fight against malicious emails know that financial transactions — and the various documents that support and accompany those transactions — provide malicious actors seemingly endless fodder for clever phishing attacks designed to separate legitimate organizations from their money and reputations, as well as their customers, clients, and partners.

Indeed, fake invoices, RFQs, POs, ACH documents, and remittance forms collectively constitute the “social engineering” backbone of innumerable phishing campaigns.  And hapless employees keep falling for them, clicking through malicious links and opening malware-laden attachments — often with nary a thought to the potential consequences — bringing malicious actors and their sophisticated malware inside their employers’ networks.

Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.  In what follows, we’ll take a look at a number of actual phishing emails reported to us by customers using the Phish Alert Button (PAB).

Continue reading at:  SC Magazine

Filed Under: Contracting Tips Tagged With: cyber crime, cybersecurity, fake purchase orders, fake RFQs, phishing

GTPAC Special Fraud Alert

July 25, 2019 By Andrew Smith

Dear GTPAC Clients:

Recently, we have seen a substantial increase in fraudulent schemes aimed at harming GTPAC clients and other government contractors in Georgia and around the nation.  Specifically, we’ve seen a large increase in incidents, where criminals impersonate government procurement officials and send out fake Request for Quotes (“RFQ”) and fake purchase orders in order to acquire equipment and other goods that they then sell on the black market.

Often, the fake RFQs / purchase orders at issue use the name of legitimate government officials but include phone and fax numbers that are associated with the fraudsters.  These fraud schemes have become more sophisticated lately, because the fraudsters also use hacked government accounts and spoofed U.S. government agency domain names in order to trick our clients into thinking the RFQ or Purchase Order is from a legitimate government source.

Fraudsters also use domain names they purchase, which are similar to real government domain names, but which are controlled by the fraudsters (such as rrb-gov.us).  While the email header may display a legitimate government email address (.gov address), the Reply-To header is often slightly different, or from a non-government email address.  Sometimes the fraudsters avoid email and insist on communicating by fax.

Vendors who respond to these fraudulent RFQs/Purchase Orders are instructed to ship products to addresses that are chosen by the fraudsters, frequently abandoned commercial properties.  When the fraudsters receive the shipment, the ringleader decides whether to sell the equipment in the United States or ship it to Nigeria for resale.

The equipment enters the black market and the government vendor never receives payment for the goods.  Please review this alert that has been recently issued by the U.S. Department of Homeland Security: https://www.oig.dhs.gov/sites/default/files/assets/pr/2019/oigpr-071619-fraud-alert-transnational-fraud-ring-targets-us-government-procurement-offices-and-vendors.pdf

Prevention Measures

If you receive an RFQ or purchase order for equipment that appears to come from the U.S. Government, take the following precautions:

  • Do as much due diligence as you can to ensure that the RFQ or purchase order is from a legitimate government source;
  • Independently obtain the phone number for the listed procurement official and call them to confirm the RFQ is legitimate before responding to any RFQs received by fax;
  • Respond to RFQs received by email only when the sender’s domain and the Reply To header end in “.gov”;
  • Independently verify that the shipping address is a legitimate government address or facility before shipping equipment;
  • Beware of typographical errors, unusual language, and distorted U.S. government seals and other graphics;
  • Be suspicious of any purported procurement officials who refuse to communicate by email;
  • Clearly indicate on the outside of all boxes that the contents are the property of the United States Government (in at least one case, a buyer refused to purchase the stolen goods from the fraudster when he saw “U.S. Department of Homeland Security” on the boxes); and
  • Take any and all other precautions necessary to ensure you are dealing with a legitimate government customer;

Anyone who believes they may have been a victim of this fraud scheme is urged to call the DHS OIG Hotline (1-800-323-8603) or file a complaint online via the DHS OIG website, www.oig.dhs.gov

Filed Under: GTPAC News Tagged With: fake purchase orders, fake RFQs, fraud, scam

Recent Posts

  • Podcast: Buy American executive order and recent changes
  • Podcast: Contractors say they’re seeing a resurgence of LPTA procurements
  • Reminder: If pricing is too high, VA “rule of two” might not apply
  • CPARS challenges: No appeals without contracting officer claim
  • GAO: In “best value” procurement agency has wide discretion to pay price premium

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Podcast: Contractors say they’re seeing a resurgence of LPTA procurements

CPARS challenges: No appeals without contracting officer claim

GAO: In “best value” procurement agency has wide discretion to pay price premium

Contractor settles fraud claims related to 8(a) joint venture

Senator: Pandemic makes anti-fraud law more important than ever

Read More

Contracting Tips

Podcast: Buy American executive order and recent changes

Reminder: If pricing is too high, VA “rule of two” might not apply

Startups should try to win city and school district contracts. Here’s why.

Surviving proposal weaknesses after discussions: what not to do

E-Verify records purge scheduled for May 14, 2021

Read More

GTPAC News

DLA hosting event March 10th with special emphasis on Women-Owned Small Businesses

Navy Office of Small Business Programs holding three events in March

SBA hosting conversations with contracting officers forum Feb. 25th

USACE seeks vaccination center construction support

GTPAC updates cybersecurity resource page to include CMMC guidance

Read More

Georgia Tech News

Future of 5G is under the microscope at Georgia incubator

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Georgia Tech will help manage DOE’s Savannah River National Laboratory

Dr. Abdallah testifies on U.S. competitiveness, research, STEM pipeline at Congressional hearing

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute