Scammers impersonating NSW government agencies are attempting to dupe IT suppliers into providing information using spoofing emails that contain fake quote requests and purchase orders.
NSW Treasury issued a warning late last week of the email spoofing scam after being notified by the Australian Cyber Security Centre.
Although not solely limited to IT, the emails invite suppliers to “quote for the supply of goods and services” by referencing senior executives such as an agency's chief information officer.
“The scammers register realistic looking NSW government websites and email addresses and use these to communicate with suppliers,” the warning states.
“The emails include the contact details of the chief procurement officer, chief information officer and secretary.”
NSW Treasury said that, in some instances, the spoofing emails contained fake “purchase order for the supply of goods and services”.
“We are aware of purchase orders and emails that have been sent from procurement@xxx-nsw-xxx.org referencing the chief procurement officer and secretary’s details,” it said.
“Other addresses may be in use.”
Fake purchase orders can be used by scammers to mask malicious files that infect systems when opened.
One such scam last year saw a fraudulent purchase order from the Australian Securities and Investment Commission used to do exactly this.
NSW Treasury has asked that businesses verify the address the email has been sent from, particularly if emails are unsolicited.
The NSW government spends approximately $3 billion on IT each year.
