New RFQ Scams Hit Businesses: Fraudsters Steal Goods via Net Financing & Fake Procurement
Ddos 
Cybercriminals are evolving beyond phishing emails and malware-laced links. According to a new report by Proofpoint Threat Research, a sophisticated form of business-oriented fraud is gaining momentum—one that leverages Request for Quote (RFQ) scams to steal physical goods using vendor-supplied Net 15/30/45 financing.
“RFQ scams are a diverse category of business-oriented fraud and among the top five most frequently observed social engineering themes used by fraud actors,” the report explains.
By impersonating legitimate procurement officials and manipulating credit approval workflows, scammers are deceiving suppliers into shipping expensive electronics and equipment—often to fake addresses or freight forwarding services—with no intention of ever paying.
These attacks typically start with a fake quote request sent via email or online forms, appearing to come from real companies, universities, or local governments. The attackers use stolen or publicly available business credentials like:
- Employer Identification Numbers (EINs)
- DUNS numbers
- Articles of incorporation
- Business licenses
They often include highly specific equipment lists featuring in-demand items such as Fluke testing tools, surveillance cameras, network hardware, and medical devices—items that are easy to resell in unregulated markets.
“The brands and products involved are not leveraged maliciously, but rather as part of the fraud… with the requested goods to be stolen and sold,” the report states.
The fraudsters request Net 15/30/45 credit terms, exploiting the delay between shipment and payment to vanish with the merchandise before anyone suspects foul play.
Proofpoint researchers found that scammers rely on a global logistics network to receive and redirect stolen goods:
- Shipping mules: Often unwitting participants—sometimes even former scam victims repaying debts—receive deliveries at residential addresses.
- Freight forwarding services: These are used to discreetly send stolen goods to West African countries like Nigeria and Ghana.
- Rented warehouses: Threat actors lease short-term storage units (10’x15′ to 15’x20′) across the U.S. to avoid detection.
Proofpoint didn’t just study these fraud campaigns—they actively disrupted them. The company’s Takedown Team collaborated with registrars to disable 19 domains associated with active RFQ scams.
In other cases, threat actors quickly spun up new domains to resume communication, showcasing their adaptability but also providing new intelligence opportunities.
Proofpoint also worked with U.S. shipping carriers to halt package deliveries, successfully preventing some stolen goods from reaching their final destinations.
Related Posts:
- Professional Goods & Services at Risk: Decoding CYFIRMA’s Cybersecurity Report
- Fraudsters Exploit Trust with Fake Refund Schemes in the Middle East
- OpenAI Secures $200M DoD Contract to Develop Advanced AI for National Security
- Chinese Fraudsters Target India’s UPI: The Rise of Counterfeit Loan Apps
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
