Nagesh Rao was sitting in New York visiting his family when someone on his team at the Bureau of Industry and Security at the Commerce Department headquarters called him about a large box that just arrived.
The BIS chief information officer wasn’t expecting a delivery so, needless to say, he was a bit surprised.
As his team opened it, they found about $10,000 worth of Lenovo laptops and Microsoft Surface tablets.
At that moment, Rao knew the fraudsters were a little too close for comfort.
“I didn’t know to the extent of the fraud. About 3-to-5 months ago, I got email messages and LinkedIN requests about a solicitation on the street. But I didn’t have one out there so I flagged it to our security team,” Rao said. “Some company thought it was a real solicitation and shipped laptops and charged us for shipping under the fake RFQ.”
Rao is the victim of whaling — a new term all senior executives and political appointees need to add to their lexicon.
Think of a phishing attack, but much larger. Think of the casinos and big spenders, who are commonly called “whales.”
A scammer put out a request for quotation on BIS letterhead in Rao’s name and sent it to smaller businesses.
The fraudster called the small business, trying to get them send the equipment to an address in Atlanta. The owners of the company decided something wasn’t right so sent the equipment to Washington, D.C.
A copy of a fake RFQ released by scammers. Source: Nagesh Rao, the chief information officer for the Bureau of Industry and Security at the Commerce Department.
“I have now had about a half a dozen vendors reach out to me about it over the last three or four months, including an unfortunate small business owner who sent equipment to Commerce HQ, instead of to the address in Atlanta, because they were like, well, we’re not sure about the address that they thought was suspicious but there I will send it to Nagesh,” Rao said at the recent ACT-IAC Emerging Technology and Innovation conference. “We had to ship it back and say ‘no this is not right.’ But it’s stuff like that that is happening and so I have to be able to jump on pretty quickly.”
This was the fourth or fifth time Rao has been targeted by these or similar scammers, issuing fake RFQs. He said it’s not just him but several Commerce executives have been the subject of these fraudsters.
Rao said he’s been trying to get the word out over the last months to make sure vendors know this is a scam.
He’s also working with the Commerce inspector general on an investigation.
“This is it gets a little too insane when you actually get the equipment shipped to you,” Rao said.
Rao also posted details, including the fake RFQ, on LinkedIn as a way to spread the word further to the community.
While scammers have often used the federal government as a cover, think of the fake calls from IRS or Social Security Administration, this is one of the first, or at least most public, attempts where fraudsters posed as a senior executive.
Recent Comments