Scan co-jacking nets crooks '€40k in IT gear'

Crooks have masqueraded as buyers at web bazaar Scan to obtain goods from its suppliers by deception.

The fraudsters bought a domain name similar to scan.co.uk, and crafted a counterfeit website and headed paper using the etailer's logo. Letters, complete with the correct VAT and company registration numbers, with orders for kit were then sent to distributors across Europe that had had little or no contact with Scan.

Elan Raja, managing director of the Bolton-based biz, told Channel Reg that the company identity hijackers' shipping address was different to their billing address - a tell-tale sign of a 'co-jacking' that was spotted by nearly all of the businesses contacted.

He revealed, though, that one European supplier had been duped into shipping €40,000 (£32,000) worth of low-cost items on credit to an alternative address provided by the fraudsters.

"Suppliers that are shipping blind without any form of credit checks or contact with the customer need to redefine their business processes with special attention to where the goods are being delivered," he said.

Raja was unable to name the firm caught out by the fraud, but said police in the UK were working with cops on the continent to clampdown on those responsible. He reckoned the fraudsters had carefully leafed through the products on his website to identify his suppliers.

Fraud is becoming a bigger issue in the channel, according to Graydon UK head of intelligence Alan Norton. He added: "There is always a rise in times of recession."

Norton said in recent years company hijacking became a particular problem for resellers seen as relatively easier targets than distributors, which have built techniques to thwart such scams. ®