This devious RFQ scam is letting hackers steal real-life goods

  • Proofpoint observed hackers using stolen files to spoof businesses
  • The threat actors would send RFQ emails and ask for Net 45 financing terms
  • The goods would end up sold in African countries

Cybercriminals have found a way to leverage stolen company files to obtain actual physical goods, and it revolves around a business practice called Request for Quote (RFQ).

An Request for Quote is when one business asks another how much it would cost to purchase certain products, and is used when buying in bulk, wanting to compare prices, or looking for volume-based discounts.

But according to security researchers at

Get Keeper’s Personal Password Manager plan for just $1.67/month

Keeper is a password manager with top-notch security. It’s fast, full-featured, and offers a robust web interface. The Personal Plan gets you unlimited password storage across all your devices, auto-login & autofill to save time, secure password sharing with trusted contacts, biometric login & 2FA for added security.View Deal

Shipping to Ghana

In the emails, they would ask for all kinds of equipment, from networking gear, to CCTV cameras, healthcare hardware, and similar.

After receiving a quote, they would then ask for Net 15/30/45 financing terms – payment terms that give the buyer 15, 30, or 45 days to pay the full invoice amount, with interest, *after* receiving the goods – which is common practice in B2B transactions.

If the victim business agrees, the scammers would share a shipping address. Sometimes, these are residential addresses, and other times, they lead to rented warehouses across the US. From there, the crooks would hire shipping forwarding services that specialize in sending goods to West African countries like Nigeria and Ghana, where the gear ends up (likely to be sold).

The victim, on the other hand, never gets their money as the scammers just disappear.

Proofpoint also stated the shipping forwarding services most likely don’t even know they’re transporting stolen goods, and that people living in houses listed as the shipping address can be scammers, or former scam victims themselves looking to pay off a debt.

The researchers also said they were tracking and blocking emails associated with RFQ scam groups, and partnered with the company’s Takedown Team to successfully take down 19 domains associated with these scams.

You might also like

Related Articles

Sem imagem MoFace for MacOS
Sem imagem British and French government to collaborate on securing GPS for critical infrastructure
Sem imagem Palmier
Sem imagem
PayPal’s new cross-border payments platform looks to make sending money easier for 2 billion users

Request data export

Use this form to request a copy of your data on this website.

Request data removal

Use this form to request removal of your data from this website.

Request data rectification

Use this form to request the rectification of your data on this website. Here you can correct or update your data, for example.

Request unsubscribe

Use this form to request to unsubscribe your email from our email lists.