Here’s How Spoofing Works and Destroys Your Business

Cybercrime concept with small handcuffs on computer keyboard

Cybercrime attacks are escalating. According to a Federal Bureau of Investigation (FBI) report, it climbed by more than 20 percent in 2016 with individuals and businesses losing over $1.3 billion.

Cybercrimes come in many different forms, and that includes spoofing, which can severely damage your B2B relationship.

Here’s How the Scheme Works

Spoofing is a complex crime that involves sending a wrong impression to the recipient by using your business name and email address to make fraudulent purchase orders. In the purchase order scam, it works like this:

A cybercriminal known as a cracker sends a fraudulent email to a supplier. The content of the email is a purchase order supposedly sent by a retailer or a post-secondary institution. It sounds credible and professional enough to compel the vendor to send a quote to the cracker.

Once the cracker receives the quote, it then places an order for the items, which should be delivered to a specific location.

It is a complete fraud for two reasons. One, the criminals can use your own business (or employee) name and email address. But they only forge the IP so they can conceal their actual Internet address. Second, the shipment location is different from your real business address.

In the end, with all the false information, the suppliers won’t still be able to get their merchandise back once they realize what had occurred.

The purchase order scam has been around for some time. The FBI already released a warning as early as 2014. But it continues to defraud companies and even spread to other countries. In Canada, 10 Calgary businesses lost $100,000 to such a scam.

Protecting Yourself From the Scam

Spoofing is more than an attack on a network or email. It causes a breakdown in trust between two partners, as well, which has more long-term effects. It’s important, therefore, to protect yourself and your business from it.

One of the effective solutions is to use a cloud-based purchase order management system like the one offered by SourceDay that is more secure and easy to monitor. It can send automatic and traceable communications to the suppliers for any changes in the purchase order.

Employees should also learn even the basic online protection tips including not answering suspicious emails, running anti-malware software, and reporting any unusual Internet activity.