Fraudsters targeting NSW govt IT suppliers

By

Using fake quotes, purchase orders.

Scammers impersonating NSW government agencies are attempting to dupe IT suppliers into providing information using spoofing emails that contain fake quote requests and purchase orders.

Fraudsters targeting NSW govt IT suppliers

NSW Treasury issued a warning late last week of the email spoofing scam after being notified by the Australian Cyber Security Centre.

Although not solely limited to IT, the emails invite suppliers to “quote for the supply of goods and services” by referencing senior executives such as an agency's chief information officer.

“The scammers register realistic looking NSW government websites and email addresses and use these to communicate with suppliers,” the warning states.

“The emails include the contact details of the chief procurement officer, chief information officer and secretary.”

NSW Treasury said that, in some instances, the spoofing emails contained fake “purchase order for the supply of goods and services”.

“We are aware of purchase orders and emails that have been sent from procurement@xxx-nsw-xxx.org referencing the chief procurement officer and secretary’s details,” it said.

“Other addresses may be in use.”

Fake purchase orders can be used by scammers to mask malicious files that infect systems when opened.

One such scam last year saw a fraudulent purchase order from the Australian Securities and Investment Commission used to do exactly this.

NSW Treasury has asked that businesses verify the address the email has been sent from, particularly if emails are unsolicited.

The NSW government spends approximately $3 billion on IT each year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?