Malicious email campaign purporting to be Subway delivers Trickbot malware
Malicious emails purporting to be from sandwich company Subway UK are being reported by multiple sources, including consumers and security researchers alike.
Fraudsters imitating one university’s address lead to a total victim loss of over £350,000.
Action Fraud is issuing a warning as reports show that fraudsters are registering domain names to look like they belong to UK university email addresses. UK and European supply companies are being defrauded out of vast sums of money as a result of this.
Fraudsters imitating one university’s address lead to a total victim loss of over £350,000.
How the fraud works
This type of fraud, known as European distribution fraud, happens when a company from overseas (usually from Europe) delivers products to the UK, but isn’t paid for the goods or the cost of shipping.
Fraudsters are registering domains that are similar to genuine university domains such as xxxxacu-uk.org, xxxxuk-ac.org and xxxacu.co.uk. These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name.
Suppliers will receive an email claiming to be from a university, requesting a quotation for goods on extended payment terms. Once the quotation has been provided, a purchase order is emailed to the supplier that is similar to a real university purchase order. The purchase order typically instructs delivery to an address, which may or may not be affiliated with the university. The items are then received by the criminals before being moved on, however no payment is received by the supplier.
Director of Action Fraud, Pauline Smith, said:
“This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar.
“We know that there is a lack of reporting by affected companies and without this vital intelligence, a true picture of EDF cannot be reflected.
“If you or your business has been a victim, report it to Action Fraud.”
Protect your business against European distribution fraud: