- Observed test pirates using stolen files to falsify businesses
- Threat actors would send Electronic RFQ emails and request net financing terms 45
- The goods would end up sold in African countries
Cybercriminals have found a way to take advantage of the company’s stolen files to obtain real physical goods, and revolve around a commercial practice called the request for quotation (RFQ).
A quote application is when a company asks another how much it would cost to buy certain products, and is used when buying in bulk, wanting to compare prices or look for volume -based discounts.
But according to security researchers in ProofPoint, scammers are using stolen files in other cyber attacks to falsify companies and create convincing RFQ emails.
Shipping to Ghana
In the emails, they would request all kinds of equipment, from network equipment to CCTV cameras, medical care hardware and the like.
After receiving a quote, they would request the net terms of financing 15/30/45, terms of payment that buy the buyer 15, 30 or 45 days to pay the total amount of the invoice, with interest, * after * receiving the goods, which is a common practice in the B2B transactions.
If the victims’ business agrees, the scammers would share a shipping address. Sometimes, these are residential addresses, and other times, they lead to rented stores in the United States. From there, criminals would hire shipping services that specialize in sending products to Western Africa countries such as Nigeria and Ghana, where the equipment ends (it is likely to be sold).
The victim, on the other hand, never gets her money since scammers simply disappear.
Proofpoint also declared that shipping services probably do not even know that they are transporting stolen goods, and that people living in houses listed as shipping address can be scammers, or the former victims of scams that seek to pay a debt.
The researchers also said they were tracking and blocking the emails associated with the RFQ scam groups, and associated with the company’s elimination team to successfully eliminate 19 domains associated with these scams.
