IT News

Beware of Supplier Chain Scams

Supplier scams can be a serious threat to organizations like the University of Miami. These scams revolve around the real or even imagined relationship between a company and its vendors, and they come in different forms. Let's take a closer look at some common methods used by criminals:

• Purchase order scams: Criminals pretend to be representatives from the University of Miami, and contact vendors to request a quote. They will then place a large order and have it shipped to their own location instead of the University of Miami.
  
  
• Supplier imposter fraud: In this scheme, a fraudster poses as a legitimate supplier and tries to take advantage of the situation. They might change payment details, offer unbelievable discounts, or even ask for payment for services or products that don't actually exist.
  
  
• Phishing scams: You've probably heard of these before. Phishing scams involve the use of cleverly crafted emails that trick recipients into taking specific actions or sharing sensitive information. These emails can be quite elaborate and may appear genuine, so it's important to be cautious.

Protecting ourselves from these scams is crucial. Stay vigilant and take the necessary precautions to ensure the University’s safety.

How to Spot a Scam:

• Use your best judgement. If something about a transaction or communication does not feel right, it probably isn't.
• Does the request you have received attempt to make you feel a sense of urgency? Some examples of this tactic include:
  • “Act now or lose your service!”
  • “You must order today to take advantage of the price.”
  • “You can receive free items or gifts if you order now!”
• Does the request you received claim a prior relationship with the University? Examples of this tactic include:
  • “This is a call on behalf of [department's usual supplier].”
  • “We’re a function of your service agreement.”
• Make sure to compare prices and check your invoices. Criminals may attempt to sell items at much higher prices than normal or offer “too good to be true” discounts with hidden strings attached.
• The listed company name on the request is similar to a regular supplier’s name. The criminal may be trying to fool you into thinking that you are dealing with a legitimate company.
• Is there little to no contact information? Criminals typically do not give their full names or provide telephone numbers and email addresses.
• You are not sent a quote or anything in writing. Criminals usually do not want to put any part of their deals in writing for fear of legal action.
• You are asked for your social security number or credit card number to qualify for a deal or identify your purchase. This information is highly sensitive and can be used for identity theft. Never send your or other's SSN or credit card number over email.

How to Prevent a Scam:

• Order only from known companies; if searching for a new supplier, only use references from trusted sources.
• Review email addresses and any other contact information and ensure that they make sense.
• Only share information about your department or the University's business operations with people whose identities you are certain of, and who have a crucial need to know that information.
• Return or refuse all items received from an apparent scam.
• Never authorize payment for transactions you believe are scams.

Helpful Links:

• General UM Cybersecurity Information
• Report a Security Incident or Phishing, Spam, or Other Email Abuse
• More Information on How to Spot a Scam (Better Business Bureau)