“Spear phishing fraud” has been used by hackers impersonating federal entities to create fraudulent orders for large amounts of PC supplies including toners, ink cartridges and even laptops.
According to Federal News Radio, hackers targeted the General Services Administration’s (GSA) schedules program using falsified or spoofed identities to make purchases.
A notification from the GSA said, “Over the past few months there have been orders for laptop computers (Schedule 70) wherein perpetrators have set up/attempted to set up accounts directly with vendors to procure laptop computers. They are spoofing actual Department of Defense domains, and in some cases, using actual DoD members’ information.”
The hackers brazenly used these spoofed account credentials from multiple government agencies to purchase a staggering $1.5 Million worth of equipment.
“By calling the GSA Global Supply or vendors directly, perpetrators are placing orders for toner cartridges and laptop computers ranging from a few hundred to $20,000 using stolen credit card numbers.“
Suppliers have been notified to record IP addresses of purchasers and to be on the lookout for suspicious orders including large purchases to unusual locations, and orders using declined cards.