Active Scam Targets GSA Schedule Holders for $1.5m to Date Using Spoofed Federal Email Addresses

April 7, 2014

Scammers using spear phishing attacks are attacking the General Services Administration (GSA) Schedule 70 (IT) and 75 (Office) Schedules program by placing orders using spoofed actual Department of Defense domains, and in some cases, using actual DoD members’ information, according to an email sent by GSA to Schedule 70 and 75 vendors on Wed 4/3/14. Federal New Radio reports the attacks have cost vendors more than $1.5 million. And law enforcement officials say these attacks are increasing.

Since July 2012 the FBI, the Environmental Protection Agency and GSA inspectors general have been investigating a series of fraudulent orders placed online to GSA vendors from criminals posing as federal contracting officials. Investigators have traced the fraudulent activity going as far back as December 2011. The hackers ordered HP printer toner cartridges using official federal employee credentials but fake email addresses, telephone numbers and stolen credit cards. Law enforcement officials now say scammers are targeting orders for laptop computers, though it’s unclear if these two cases are related. However, GSA said significant similarities have been noted.

GSA said scammers so far have targeted employees of the EPA, Interior Department’s Fish and Wildlife Service, the Commerce Department’s Census Bureau and the Department of Health and Human Services’ National Institutes of Health. The email stated the list of affected government agencies continues to grow. “By calling the GSA Global Supply or vendors directly, perpetrators are placing orders for toner cartridges and laptop computers ranging from a few hundred to $20,000 using stolen credit card numbers,” the email notice stated.

Federal News Radio reports, “in the email notice to vendors, GSA requests vendors take several steps to help catch the scammers and protect themselves. ‘Although it is extra work, investigators are requesting that any representatives receiving orders for HP printer toner cartridges or laptop computers verify the provided shipping address using the ‘street view’ function on Google Maps,’ the email stated. ‘If it is a very large order going to what appears to be a residential address, it is likely fraudulent. Once the order is placed, the perpetrator ‘spoofs’ a disconnected telephone number to call the GSA vendor and ask for shipping and tracking information. Witnesses say that the caller has a foreign accent. The perpetrator may also attempt to contact the representatives through online chats or direct phone calls.’”

While these type of spear phishing attacks against GSA schedule holders may be new and focused on Schedules 70 and 75, all GSA Schedule holders / vendors are advised to be thorough in their customer review when accepting orders from Schedule users to protect against fraud now and in the future.

Please contact Vanessa Payne or Hope Lane at 301.231.6266 for questions or assistance related to government contracting issues.