Crooks set up stall on UK govt's IT marketplace to peddle email fraud services targeting 'gullible' punters

Who would have thought the G in G Cloud stood for Gangster?

Got Tips? 16 Reg comments
Hacker

Exclusive The Cabinet Office has confirmed that scammers and/or jokers broke into the UK government's Digital Marketplace to promote a round-the-clock "bespoke" fraudulent email service that preys on "gullible consumers".

The Reg was last week alerted by a source to a "Fraud Consultancy Service" listed for sale on the G Cloud portal by a business calling itself Fraud Consulting Ltd.

"We develop bespoke Cloud-based online fraud solutions to target gullible consumers into parting with their cash, using payment gateways in Russia rotating funds through the Cayman Island to facilitate payment to public sector customers through UK-based institutions untraceable to the fraudulent activities," the notice reads.

Fraud consultancy service on G-cloud

Click to enlarge

Just as a word of warning: we've not clicked on the various links on the marketplace listing (which at the time of publication was still online).

Fraud consultancy service on G-cloud

Click to enlarge

The features of the service, which is sold at £10,000 per transaction, are that it "significantly increases cash generation opportunities"; "eliminates restrictions on genuine revenue raising"; "increases the quality of online fraud solutions"; and "uses the cloud in the way it was always intended".

Among the benefits, Fraud Consulting Ltd promises "total discretion to reduce risk of legal and compliance issues", saying that it utilises online "secure payments gateways to facilitate transactions", "raises significant income over short periods", and "optimises use of online international banking facilities".

The business contact is listed as one Frank Abignale. Reg readers may remember that Steven Spielberg once immortalised a man of that same name in the film Catch Me If You Can, about a young cheque fraudster who went on the run from the FBI but ultimately joined its ranks to carve out a legit career as a security consultant. Obviously, this is the not the same person.

We called the number Fraud Consulting Ltd listed for Abignale but it was unavailable. Funny that. Fraud Consulting itself is not listed among the businesses starting with the letter F on the Digital Marketplace brochure.

Fraud Consulting said it does not provide quality assurance, testing services or ongoing support, but what about service scope? "We have no constraints. We can create bespoke fraudulent emails 24/7 using our network of content authors and technical specialist across the world."

In terms of user support, it is email or online ticketing-based with support times of "generally within six months". There is no web or phone support, but "we might reply to emails", the promotion added.

One supplier on the Digital Marketplace told us that Crown Commercial Services has some measures in place to vet companies but claimed they were not particularly stringent and that content on the platform can be changed without a problem.

The Reg contacted the Cabinet Office for comment on Friday afternoon and within 15 minutes the service was listed as being stopped. "Fraud Consulting Limited stopped offering this service on Friday 15 May 2020." But not to worry: "Any existing contracts for this service are still valid."

A Cabinet Office spokesperson said: "Applicants who have fraudulently gained a place on the Digital Marketplace are subsequently removed, as in this case."

We asked the Cabinet Office if it is tightening up processes to ensure this doesn't happen again. We also asked how the fraudsters/jokers bypassed any measures in place, if the culprits are known and if any public sector buyers bought this cloud (we assume not, but this is the public sector). ®

Sponsored: Webcast: Ransomware has gone nuclear

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020