Educational Procurement Journal - Spring 2018 - 12

FEATURE

Scammed-
How to Protect
Your University

U

niversities and
healthcare
organizations
across the United
States and Canada
are increasingly
falling prey to a rising trend of
supplier-imposter email scams that
often involve payments related to
construction projects. The fraudster's
email typically requests changes to a
supplier's bank account information or
payment method. Once the requested
changes are made, payments to
suppliers are diverted instead into
the fraudster's bank account. Largescale schemes such as this are on an
international scale and are committed
by sophisticated criminals who are
extremely organized and methodical in
their planning and execution. In many
instances, they have successfully
stolen millions of dollars.

How Fraud Occurs
An increasingly common kind of
fraud does not use highly technical
hacking or social engineering
techniques. Rather, it depends on
clever deception and careful use of
information available on an institution's
website, or visible on a construction
firm's signs around construction sites.
This fraud involves use of an email

12

By Vanessa Wong, CPSM
University of California, San Francisco

address that is similar to one that is
being used by the legitimate supplier
to trigger a payee scam as follows:
fraudster creates an Internet
1 Adomain
name that is visually
similar to that of the real supplier's
email. A common example is adding a
dash, such as smith-construction.com
to mimic smithconstruction.com.
fraudster researches
2 Apublicly
available information
about the supplier for the names of
senior personnel, especially chief
financial officers and controllers.
Using the CFO's name (e.g., Gary
Smith), the thief creates a similar, but
bogus, email account: gary.smith@
smith-construction.com instead of
garysmith@smithconstruction.com.
imposter will then send an
3 The
email that purports to be, in

EDUCATIONAL PROCUREMENT JOURNAL | SPRING 2018

this example, from Gary Smith to the
institution. In it, the fraudster requests
the institution to change the existing
correct payment data to that pointing
to the fraudster's account. The request
involves the bank routing number
and account number, and will involve
changing a paper-check method to
Automated Clearing House (ACH).
institution is thus tricked into
4 The
updating the information. The
fraudulent account is often located out
of state or in a foreign country. Once
the fraudulent payment is sent, only a
short time is available to intercept and
recover the funds.
Many institutions are engaged
in large construction projects that
require regular electronic payments of
several-hundred-thousand dollars. A
scammer can relatively easily identify


http://www.smith-construction.com http://www.smithconstruction.com

Table of Contents for the Digital Edition of Educational Procurement Journal - Spring 2018

Letter from the CEO
Cyber Security—Everyone’s Business
Scammed—How to Protect Your University
Have Festival, Will Travel: Virginia’s Advocacy Program for Small-, Women-, and Minority-owned Businesses
What Is It You Can’t Do?
Heard on the Street: New Hot Topics from the NAEP Exchange
Building a Fund of Sustainability Knowledge, One Book at a Time— Part Eight
Best and Final: Crowdsourcing Beyond the Buzzword
Index to Advertisers
Educational Procurement Journal - Spring 2018 - Intro
Educational Procurement Journal - Spring 2018 - cover1
Educational Procurement Journal - Spring 2018 - cover2
Educational Procurement Journal - Spring 2018 - 3
Educational Procurement Journal - Spring 2018 - 4
Educational Procurement Journal - Spring 2018 - 5
Educational Procurement Journal - Spring 2018 - Letter from the CEO
Educational Procurement Journal - Spring 2018 - 7
Educational Procurement Journal - Spring 2018 - Cyber Security—Everyone’s Business
Educational Procurement Journal - Spring 2018 - 9
Educational Procurement Journal - Spring 2018 - 10
Educational Procurement Journal - Spring 2018 - 11
Educational Procurement Journal - Spring 2018 - Scammed—How to Protect Your University
Educational Procurement Journal - Spring 2018 - 13
Educational Procurement Journal - Spring 2018 - 14
Educational Procurement Journal - Spring 2018 - 15
Educational Procurement Journal - Spring 2018 - Have Festival, Will Travel: Virginia’s Advocacy Program for Small-, Women-, and Minority-owned Businesses
Educational Procurement Journal - Spring 2018 - 17
Educational Procurement Journal - Spring 2018 - What Is It You Can’t Do?
Educational Procurement Journal - Spring 2018 - 19
Educational Procurement Journal - Spring 2018 - Heard on the Street: New Hot Topics from the NAEP Exchange
Educational Procurement Journal - Spring 2018 - 21
Educational Procurement Journal - Spring 2018 - Building a Fund of Sustainability Knowledge, One Book at a Time— Part Eight
Educational Procurement Journal - Spring 2018 - 23
Educational Procurement Journal - Spring 2018 - 24
Educational Procurement Journal - Spring 2018 - 25
Educational Procurement Journal - Spring 2018 - Best and Final: Crowdsourcing Beyond the Buzzword
Educational Procurement Journal - Spring 2018 - 27
Educational Procurement Journal - Spring 2018 - 28
Educational Procurement Journal - Spring 2018 - 29
Educational Procurement Journal - Spring 2018 - Index to Advertisers
Educational Procurement Journal - Spring 2018 - cover3
Educational Procurement Journal - Spring 2018 - cover4
http://www.nxtbook.com/naylor/NEPQ/NEPQ0318
http://www.nxtbook.com/naylor/NEPQ/NEPQ0218
http://www.nxtbook.com/naylor/NEPQ/NEPQ0118
http://www.nxtbook.com/naylor/NEPQ/NEPQ0417
http://www.nxtbook.com/naylor/NEPQ/NEPQ0317
http://www.nxtbookMEDIA.com