- Proofpoint observed pirates using stolen files to usurp companies
- Threat actors would send RFQ emails and request net financing conditions 45
- The goods would eventually sell in African countries
Cybercriminals have found a way to take advantage of stolen company files to obtain real physical goods, and it revolves around a commercial practice called quote request (RFQ).
A request for a quote is when a company requires how much it would cost to buy certain products and is used when buying in bulk, wishing to compare prices or search for volume -based discounts.
But according to proofpoint safety researchers, crooks use stolen files in other cyber attacks to usurp businesses and create convincing RFQ emails.
Shipping to Ghana
In emails, they requested all kinds of equipment, from networking equipment to video surveillance cameras, health care equipment and similar.
After receiving a quote, they then requested net financing conditions of 15/30/45 – payment conditions which give the buyer 15, 30 or 45 days to pay the full amount of the invoice, with interest, * after * having received the goods – which is a common practice in B2B transactions.
If the victim company agrees, the crooks would share an shipping address. Sometimes they are residential addresses, and other times they lead to warehouses rented in the United States. From there, the crooks would hire shipping services that specialize in sending goods to West African countries such as Nigeria and Ghana, where equipment ends (likely to be sold).
The victim, on the other hand, never obtains his money because the crooks disappear.
Proofpoint also said that shipping transfer services probably do not even know that they were carrying stolen products, and that people living in houses listed such as the shipping address can be crooks, or former victims of scams themselves who seek to repay a debt.
The researchers also said that they were following and blocked the emails associated with RFQ scam groups and had associated themselves with the company withdrawn to successfully eliminate 19 areas associated with these scams.
