Crooks set up stall on UK govt's IT marketplace to peddle email fraud services targeting 'gullible' punters

Who would have thought the G in G Cloud stood for Gangster?

Exclusive The Cabinet Office has confirmed that scammers and/or jokers broke into the UK government's Digital Marketplace to promote a round-the-clock "bespoke" fraudulent email service that preys on "gullible consumers".

The Reg was last week alerted by a source to a "Fraud Consultancy Service" listed for sale on the G Cloud portal by a business calling itself Fraud Consulting Ltd.

"We develop bespoke Cloud-based online fraud solutions to target gullible consumers into parting with their cash, using payment gateways in Russia rotating funds through the Cayman Island to facilitate payment to public sector customers through UK-based institutions untraceable to the fraudulent activities," the notice reads.

Fraud consultancy service on G-cloud

Click to enlarge

Just as a word of warning: we've not clicked on the various links on the marketplace listing (which at the time of publication was still online).

Fraud consultancy service on G-cloud

Click to enlarge

The features of the service, which is sold at £10,000 per transaction, are that it "significantly increases cash generation opportunities"; "eliminates restrictions on genuine revenue raising"; "increases the quality of online fraud solutions"; and "uses the cloud in the way it was always intended".

Among the benefits, Fraud Consulting Ltd promises "total discretion to reduce risk of legal and compliance issues", saying that it utilises online "secure payments gateways to facilitate transactions", "raises significant income over short periods", and "optimises use of online international banking facilities".

The business contact is listed as one Frank Abignale. Reg readers may remember that Steven Spielberg once immortalised a man of that same name in the film Catch Me If You Can, about a young cheque fraudster who went on the run from the FBI but ultimately joined its ranks to carve out a legit career as a security consultant. Obviously, this is the not the same person.

We called the number Fraud Consulting Ltd listed for Abignale but it was unavailable. Funny that. Fraud Consulting itself is not listed among the businesses starting with the letter F on the Digital Marketplace brochure.

Fraud Consulting said it does not provide quality assurance, testing services or ongoing support, but what about service scope? "We have no constraints. We can create bespoke fraudulent emails 24/7 using our network of content authors and technical specialist across the world."

In terms of user support, it is email or online ticketing-based with support times of "generally within six months". There is no web or phone support, but "we might reply to emails", the promotion added.

One supplier on the Digital Marketplace told us that Crown Commercial Services has some measures in place to vet companies but claimed they were not particularly stringent and that content on the platform can be changed without a problem.

The Reg contacted the Cabinet Office for comment on Friday afternoon and within 15 minutes the service was listed as being stopped. "Fraud Consulting Limited stopped offering this service on Friday 15 May 2020." But not to worry: "Any existing contracts for this service are still valid."

A Cabinet Office spokesperson said: "Applicants who have fraudulently gained a place on the Digital Marketplace are subsequently removed, as in this case."

We asked the Cabinet Office if it is tightening up processes to ensure this doesn't happen again. We also asked how the fraudsters/jokers bypassed any measures in place, if the culprits are known and if any public sector buyers bought this cloud (we assume not, but this is the public sector). ®

Similar topics

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022