Cyberthieves posing as Singapore government agencies and universities stole $749,000 worth of goods after tricking companies into delivering them.
The Straits Times, a Singapore newspaper, reported that police have received about 11 reports of purchase order (PO) scams since August.
The companies describing the products allegedly received emails purportedly sent from a generic procurement email address, or the sender identified themselves as a procurement officer.
Requested products included electronics, medical devices such as automated external defibrillators, IT-related items and laser projectors. After the selling company agreed to send the items, a faux PO was sent to the firm, but no payment was made.
Investigators said they traced the delivery addresses in the POs to freight forwarding companies routinely used by scammers to ship goods to the United Kingdom and Nigeria, the newspaper reported. Like many cybercriminals, these thieves used slightly different email addresses from the domain names used by government agencies and schools.
A police spokesman said that when in doubt, companies should verify the sender’s domain name and should also call the organization at its official contact number instead of the one provided in the email. Investigators also suggested looking out for indicators such as spelling errors and delivery addresses that are private residences, freight forwarding companies or self-storage facilities.
Singapore isn’t the only country dealing with online theft. More than 200,000 Americans have lost $145 million linked to the COVID-19 pandemic since the start of the year, the Federal Trade Commission (FTC) reported last month.
Fraud has soared during the coronavirus, spurred by the massive shift to digital that has left doors open for scammers. In addition, many people were banking online for the first time, and may have been unaware of the warning signs for fraud.
“While people are scared about their health and finances, con artists are having a field day,” Lucy Baker, a consumer program associate at the U.S. PIRG Education Fund, told CNBC. “We all need to be on our guard. Before you click, pause first. Do your research and ask yourself if that website, email, text, direct message or call is legit. Be wary of handing over your money or personal information.”