This devious RFQ scam is letting hackers steal real-life goods

News
By published

No, a Belgian hospital is not looking to buy 50 cameras

Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details
(Image credit: Shutterstock)
  • Proofpoint observed hackers using stolen files to spoof businesses
  • The threat actors would send RFQ emails and ask for Net 45 financing terms
  • The goods would end up sold in African countries

Cybercriminals have found a way to leverage stolen company files to obtain actual physical goods, and it revolves around a business practice called Request for Quote (RFQ).

An Request for Quote is when one business asks another how much it would cost to purchase certain products, and is used when buying in bulk, wanting to compare prices, or looking for volume-based discounts.

But according to security researchers at Proofpoint, scammers are using files stolen in other cyberattacks to spoof the businesses and create convincing RFQ emails.

Get Keeper's Personal Password Manager plan for just $1.67/month

Get Keeper's Personal Password Manager plan for just $1.67/month

Keeper is a password manager with top-notch security. It's fast, full-featured, and offers a robust web interface. The Personal Plan gets you unlimited password storage across all your devices, auto-login & autofill to save time, secure password sharing with trusted contacts, biometric login & 2FA for added security.

View Deal

Shipping to Ghana

In the emails, they would ask for all kinds of equipment, from networking gear, to CCTV cameras, healthcare hardware, and similar.

After receiving a quote, they would then ask for Net 15/30/45 financing terms - payment terms that give the buyer 15, 30, or 45 days to pay the full invoice amount, with interest, *after* receiving the goods - which is common practice in B2B transactions.

If the victim business agrees, the scammers would share a shipping address. Sometimes, these are residential addresses, and other times, they lead to rented warehouses across the US. From there, the crooks would hire shipping forwarding services that specialize in sending goods to West African countries like Nigeria and Ghana, where the gear ends up (likely to be sold).

The victim, on the other hand, never gets their money as the scammers just disappear.

Proofpoint also stated the shipping forwarding services most likely don’t even know they’re transporting stolen goods, and that people living in houses listed as the shipping address can be scammers, or former scam victims themselves looking to pay off a debt.

The researchers also said they were tracking and blocking emails associated with RFQ scam groups, and partnered with the company’s Takedown Team to successfully take down 19 domains associated with these scams.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.