spearphishing | Georgia Tech Procurement Assistance Center

A transnational fraud ring is specifically targeting America’s federal procurement offices and vendors, according to an alert the Homeland Security Department’s Office of Inspector General issued this week.

Last July, the OIG discovered that members of a ring based in Atlanta, Georgia had posed as a Homeland Security procurement official to get their hands on computer equipment supplied by private vendors. Diving deeper into the case, the IG found that the fraudsters were also stealing electronic equipment from other agencies including but not limited to the Commerce, Defense, Labor, Justice and Transportation departments.

“Some of the purchase orders identified were for hundreds of thousands of dollars each,” the OIG said.

In their scheme, the phony actors find federal government solicitations for equipment such as hard drives or smartphones, and send fraudulent requests for quotations to federal vendors from across the nation. Though the RFQs use the legitimate names of procurement officials, the schemers use their own phone and fax numbers and they are also known to spoof government agency email addresses, using domain names such as “rrb-gov.us.”

Continue reading at: Nextgov

Cybercrooks who stole federal payments by hacking contractor accounts on a General Services Administration (GSA) website used sophisticated spearphishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop.

It’s unclear how much the scammers have netted through their scheme, which is being investigated by the GSA inspector general and federal law enforcement.

The inspector general’s office declined to comment, but sources familiar with the investigation told FedScoop that the cyberattacks that facilitated the fraud had been identified last year and were ongoing as
recently as last week.

Keep reading this article at: https://www.fedscoop.com/sam-gov-hackers-used-spearphishing-spoofing-credential-theft/

Also see Tips for Surviving Compromise of Government’s Vendor Database: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

OIG: Beware of fraud ring scamming equipment by posing as federal buyers

SAM.gov hackers used spearphishing, spoofing, credential theft

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities