Georgia Tech Procurement Assistance Center

Suspicious contract activity proliferates — watch out!

By

The Georgia Tech Procurement Assistance Center (GTPAC) continues to become aware of apparent contracting scams designed to trick unsuspecting vendors to deliver products for which they will receive no payment.

(You can view a compendium of articles about previously-identified scams at: https://gtpac.org/?s=scam.)

The latest example that’s come to our attention involves an email sent to vendors asking for a quote on some computer equipment.  The email is supposedly from a contracting representative with the Securities and Exchange Commission.

Vendors are asked to quote on name-brand portable hard drives and two brands of laptop computers.  The solicitation document appears to be a version of the federal Standard Form 1449.  But there are several suspicious elements associated with the solicitation:

  • While the email purportedly is from the SEC’s headquarters, the document indicates that the SEC office is in Germany.
  • Place of delivery is not listed.
  • The solicitation is pre-signed by the contracting officer.
  • The solicitation number is not consistent with standard numbering.
  • The phone number provided could be a cell phone number.

We have seen suspicious documents like this before.  What can result is that a vendor will respond with pricing.  Then, the scam artist will respond by saying that the quote has been accepted and directing that the products be shipped to a particular address.  After that, all communication ceases.  The vendor is cheated out of products (plus the cost of shipping), and receives no payment.

Be alert to scams like this.  If you receive something that looks suspicious, call it to our attention.  We’ll help you figure out what to do.

In doubt? Check with GTPAC!

By

Your team at the Georgia Tech Procurement Assistance Center (GTPAC) stands ready to offer you advice about any aspect of government contracting — especially when you have any doubt about the legitimacy of a contract-related service or solicitation.

We’ve published many articles before about government contracting scams (click here to see previous articles), and once again we want to bring another one to your attention.

Just a few days ago, a GTPAC client contacted one of our Counselors and asked about the legitimacy of a request for a quotation he received, supposedly from the Dept. of Defense (DoD).  Once we examined the email and the attachment that our client sent us, we told him to run — not walk — away from it!

Here Are the Details

The email was purportedly from a DoD official soliciting a quote for some laptops and computer drives.

We examined the email and its attachment, including the following:

  • We called the phone number in the email which was answered by a person who didn’t identify himself.  When we asked questions, he said that he’d have the person identified in the email call us back with details.  No one called back.
  • We checked the identity of the person who supposedly sent the email.  The email’s Quote form identified him as Deputy Director for Procurement at AT&L.   We determined that, in reality, he is DoD’s Deputy Director for Earned Value Management.  AT&L (Acquisition, Technology and Logistics) is a unit within DoD that no longer exists; it’s been reorganized into two groups: research and engineering (R&E) and acquisition and sustainment (A&S).  (See details of that reorganization by clicking here.)
  • We also identified the DoD official’s real email address and his actual phone number; they were not the email address or phone number shown in the email and on the Quote form that was sent to our client.
  • We noted that the federal solicitation number shown on the Quote form was not in the correct format, and the Quote form itself was not a form we have ever seen before.
  • The wording of the email was sloppy and unprofessionally prepared.

Based on the above, we advised our client to not respond because we believe this is a probable scam which will lead to an order to ship the products to a bogus shipping address, for which payment will never be received.  We also alerted the appropriate DoD officials of this probable scam.

What You Should Do

It’s as simple as 1-2-3.

  1. Stay alert to possible scams involving government contracting.  There are many scams in circulation literally every day.
  2. Don’t let the temptation of landing a sale overtake your common sense.  If it looks like easy money, it’s probably bogus.
  3. Whenever you are in doubt, contact GTPAC for advice.  We’ll be happy to check things out for you and provide you with our opinion.  It’s as simple as forwarding anything suspicious to us at: gtpacatl@innovate.gatech.edu.

Remember, the GTPAC team is here to help you succeed in the government marketplace!

P.S.:  If your business is located outside the state of Georgia, you can find a procurement technical assistance center (PTAC) by clicking here.

 

Just 5 percent of federal contractors are fully protecting against email spoofing

By

Government contractors still lag far behind on implementing an email security tool that’s now mandatory for government agencies, according to industry data released Thursday.

Among the top 98 government contractors by dollar value, only 45 have properly installed the tool known as DMARC and only five have set it up to quarantine or reject spoofed or phishing emails that might contain malware, according to an analysis by the company ValiMail.

That means 93 of those companies are more vulnerable to phishing and spoofed emails, which might endanger those contractors’ federal clients—even if those agencies have installed DMARC themselves.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/06/just-5-percent-federal-contractors-are-fully-protecting-against-email-spoofing/149165/

Scam Alert: Malicious e-mail spoofs being sent to vendors

By

The Defense Logistics Agency (DLA) is reporting that a fake solicitation is being sent to vendors in the form of a Request for Quotation (RFQ).

The fake email solicitation, purporting to be from DLA, has been targeting GSA STARS II vendors.

The emails are not from DLA.mil.  Instead, they are coming from a “Reply-To” address ending in @dla-mil.us, which is not a government address.

In some cases, “stars2@american consultants.com” has been identified to supposedly send messages on behalf of a DLA Contract Specialist — these are also fake.

Some of the bogus emails suggest that vendors use the “stars2” Google Group at https//groups.google.com/a/americanconsultants.com to obtain more information or to unsubscribe from the email communication.  Be advised that “stars2” is not a DLA affiliated group.

Always remain cautious of emails that arrive in your inbox that are not explicitly addressed to you.  Sometimes scammers attempt to hide their actions by addressing their targets in the “bcc” line.

Also, please be aware that the phone number in these recent bogus emails is not a DLA phone number.  In addition, the RFQ form in the email is not an official government form, nor is the signature block legitimate.

DLA’s notice about this matter can be seen here: Vendor Phishing Notice -DLA – 8 June 2018.  The notice shows copies of the bogus emails.

Bottom line: Vendors should always remain vigilant about suspicious emails, and be cautious about opening email attachments.  Questions or comments can be directed to DLA at CERTFusionCell@dla.mil.

In addition, if you ever have a question about the legitimacy of any emails having to do government contracting opportunities, especially those which solicit a fee, please feel free to contact the Georgia Tech Procurement Assistance Center (GTPAC) for advice.  GTPAC can be emailed at gtpacatl@innovate.gatech.edu.

To read previous articles about scams involving government contracting, visit http://gtpac.org/?s=scam

SAM.gov hackers used spearphishing, spoofing, credential theft

By

Cybercrooks who stole federal payments by hacking contractor accounts on a General Services Administration (GSA) website used sophisticated spearphishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop.

It’s unclear how much the scammers have netted through their scheme, which is being investigated by the GSA inspector general and federal law enforcement.

The inspector general’s office declined to comment, but sources familiar with the investigation told FedScoop that the cyberattacks that facilitated the fraud had been identified last year and were ongoing as
recently as last week.

Keep reading this article at: https://www.fedscoop.com/sam-gov-hackers-used-spearphishing-spoofing-credential-theft/

Also see Tips for Surviving Compromise of Government’s Vendor Database: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

Fraud alert: HHS OIG hotline telephone number used in scam

By

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently confirmed that the HHS OIG Hotline telephone number is being used as part of a telephone spoofing scam targeting individuals throughout the country.

These scammers represent themselves as HHS OIG Hotline employees and can alter the appearance of the caller ID to make it seem as if the call is coming from the HHS OIG Hotline 1-800-HHS-TIPS (1-800-447-8477). The perpetrator may use various tactics to obtain or verify the victim’s personal information, which can then be used to steal money from an individual’s bank account or for other fraudulent activity.

It is important to know that HHS OIG will not use the HHS OIG Hotline telephone number to make outgoing calls and individuals should not answer calls from 1-800-HHS-TIPS (1-800-447-8477).

HHS OIG encourages the public to remain vigilant, protect their personal information, and guard against providing personal information during calls that purport to be from the HHS OIG Hotline telephone number.

The OIG’s office also reminds the public that it is still safe to call into the HHS OIG Hotline to report fraud.  The OIG particularly encourages those who believe they may have been a victim of the telephone spoofing scam to report that information through the HHS OIG Hotline 1-800-HHS-TIPS (1-800-447-8477) or spoof@oig.hhs.gov. Individuals may also file a complaint with the Federal Trade Commission 1-877-FTC-HELP (1-877-382-4357).

 

Source: https://oig.hhs.gov/fraud/consumer-alerts/alerts/phone-scam.asp

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More