By Scott Barker, SBTDC/PTAC counselor at East Carolina University
There has been a growing level of deceptive attempts to attract companies looking to pursue governmental contracts into registering with false sites designed to charge money for services that are normally done for free. These phishing exercises have become more and more sophisticated in recent times even fooling companies that have been doing business with the federal government for quite a while.
One common attempt at fooling unsuspecting customers involves changing the domain of an official site to something very similar which can fool the customer into thinking that he/she is registering on an official government site. For example, one recent phishing scheme involved creating an alternate site by changing the name of the System Award Management (SAM) web-site from SAM.gov to SAM.com or changing a .mil address to a .com address. Once a customer gets into the phony site, most information is very similar to that offered on the official site only in order to list one’s company in the registry; there is a fee to do so.
Once a customer pays the fee as requested, the site now owns the new account and will continue to charge the customer yearly fees to maintain its registration. Getting your information release from the company can prove to be very difficult as well.
Another recent example of something similar involves a very successful company that has been working with the federal government for many years. The owner of the company was sent an email from someone claiming to be a sub-contracting administrator for the Navy indicating that she had seen the company’s information via a recent NAICS search and was looking for a company just like theirs for some possible sub-contracting work; the imposter asked for an updated capabilities statement and gave some suggestions about avoiding email firewalls when responding.
The PTAC client company believed the email was from an official Navy sub-contracting administrator. This email string was eventually joined by someone claiming to be a Navy Lieutenant from Naval Contracting Command indicating that a recent review of their account revealed that everything was in excellent shape; high levels of praise were given to the company owner for maintaining such an updated posture on several sites. Then the ‘Navy Lieutenant’ commented that there was one particular site on which the company had overlooked registering: Virtual Government Expo Network and suggested that the company would be well-served by registering on the site as soon as possible. Upon opening up the site, the company started to get a bit suspicious as a fee of $199 was being requested for the registration.
After a quick call to the local PTAC office to ask for advice, the company was informed of the deception and told to delete the email string.
As technology advances, so too do the complexity and realistic appearances of fraudulent attempts to trick unsuspecting customers. We in the PTAC business are cognizant of this growing trend and remain vigilant in our efforts to best serve our customers.