Fraudulent purchase orders

This group is thought to still be active in contacting suppliers using University names to obtain goods. Please take the necessary precautions so that you do not become a victim of this scam. The scam involves purchase orders and requests for product quotations that purport to originate from the University but are in fact fraudulent.

How the scam operates

The scam operates in the following way:

1. The supplier will receive an email requesting a quotation for specific item(s) of equipment. These may be in large or small quantities and of low to high values. In some of these instances the fraudster has used the name of an individual connected to the University. They will ask for the quote to be sent to an email address resembling a legitimate university email address. For instance they may use –ac.uk instead of .ac.uk or universityof….procurement@outlook.com
2. Once the quotation has been provided, a purchase order is emailed to the supplier that bears resemblance to an authentic University purchase order. The purchase order typically instructs delivery to an address not affiliated with the University. If the University address is used, they then try to intercept or redirect the delivery using courier dispatch notification and tracking portals. The fraudster gives a mobile number and asks that this is the first number to try as they may be away from their desk or in meetings, therefore will not be able to take calls on the office extension.
3. After shipping the item(s) of equipment, the supplier never receives payment and is unable to retrieve the shipped products.

Indicators of fraud

• Incorrect domain name used to send emails and purchase orders. A valid University email address will always end in @york.ac.uk. Hovering over the email address may reveal the originator’s email address if different from that displayed. An example of an incorrect domain being used is yorkac.co.uk
• The delivery address is not a University address. A genuine University purchase order will request delivery to Department of XXXXX, Heslington, York, YO10 XXX, Department of XXXXX, King’s Manor, Exhibition Square, York YO1 7EP and a few legitimate third-party addresses such as York Hospital, York Sports Village and York Science Park. Fraudulent addresses will typically be a domestic residence or a self-storage facility (though they may purport to be a University address).
• Poorly written email with grammatical errors.
• Use of a false or unknown contact from the University.
• Phone numbers not associated with the University. University landlines commence with the numbers 01904.
• Unusually large quantities are requested.
• Rush to ship priority/overnight.

What to do if you suspect fraudulent activity

If you receive a request for quotation or purchase order that raises your suspicion, please contact procurement@york.ac.uk to verify the validity of the request. Do not contact the name or number used on the email or purchase order. If the request cannot be verified as valid, then please report to Action Fraud.

Please do not attempt to call any phone numbers contained within the fraudulent emails that purport to be University numbers as they will attract a service charge. Typically these numbers begin with 0843/0844/0845/070.

What the University is doing

• Contacting all its existing suppliers that may be subject to this type of fraudulent activity in order to raise awareness and provide basic guidance on how to deal with it.
• Requesting that domain names used for fraudulent activity are closed when they have been brought to our attention.
• Reporting any instances of known fraudulent activity to Action Fraud.