Hackers exploit vulnerable businesses, submit fake orders through distribution
Distributor Ingram Micro is urging partners to double-check customer account activity for telltale signs of fraudulent activity after catching an increasing number of orders faked by hackers and criminals.
The Lowdown: Ingram isn’t saying how much fraudulent activity is happening, only that the volume is on the rise as hackers and criminals break into business systems or spoof e-mail accounts to submit orders through solution providers.
The Details: Typically, hackers and criminal elements are using business e-mails and copied letterheads to create fake purchase orders. The illegitimate orders get submitted to solution providers, who turn to distribution for fulfillment. Typically, the orders specify drop-shipping direct to the customer, which — in these cases — is a legitimate address.
Ingram is advising solution providers to verify orders submitted by e-mail. For existing accounts, Ingram says solution providers should verify orders by phone. For new customers, solution providers should verify the orders by phone and check the addresses with Google Maps or other online resources.
Some of the signs that an order is fake include:
> Customers submitting orders by e-mail or online without live interaction
> Customers not pushing back on pricing or accepting the first price given
> Ordering more product than they have employees
> Requesting shipment to a new or unusual address
> Requests for products that they don’t usually buy
The Impact: The extent of the fraudulent activity is unknown. Ingram Micro was seeing enough suspicious and illegitimate orders to sound the alarm. While Ingram hasn’t linked the trend to the COVID-19 pandemic, there’s a good chance that hackers and criminal organizations are taking advantage of the disruption.
Channelnomics reached out to other distributors to see if they were experiencing the same uptick in fraudulent activity. No response was received as of this writing. Channelnomics will update this report when more information becomes available.
The Buzz: “Please pay closer attention to details, watch for suspicious activity, and let’s work together to keep our teams informed and empowered to take the extra step to verify legitimate deals,” said Eric Kohl, vice president of the Advanced Solutions, Networking and Security Business Unit at Ingram Micro. “We’re seeing instances of fraud for our partners from their long-term customers (who have had their e-mail breached), as well as from ‘new customers that are 100% fraudulent.”