Crooks set up stall on UK govt's IT marketplace to peddle email fraud services targeting 'gullible' punters

Who would have thought the G in G Cloud stood for Gangster?

Exclusive The Cabinet Office has confirmed that scammers and/or jokers broke into the UK government's Digital Marketplace to promote a round-the-clock "bespoke" fraudulent email service that preys on "gullible consumers".

The Reg was last week alerted by a source to a "Fraud Consultancy Service" listed for sale on the G Cloud portal by a business calling itself Fraud Consulting Ltd.

"We develop bespoke Cloud-based online fraud solutions to target gullible consumers into parting with their cash, using payment gateways in Russia rotating funds through the Cayman Island to facilitate payment to public sector customers through UK-based institutions untraceable to the fraudulent activities," the notice reads.

Fraud consultancy service on G-cloud

Click to enlarge

Just as a word of warning: we've not clicked on the various links on the marketplace listing (which at the time of publication was still online).

Fraud consultancy service on G-cloud

Click to enlarge

The features of the service, which is sold at £10,000 per transaction, are that it "significantly increases cash generation opportunities"; "eliminates restrictions on genuine revenue raising"; "increases the quality of online fraud solutions"; and "uses the cloud in the way it was always intended".

Among the benefits, Fraud Consulting Ltd promises "total discretion to reduce risk of legal and compliance issues", saying that it utilises online "secure payments gateways to facilitate transactions", "raises significant income over short periods", and "optimises use of online international banking facilities".

The business contact is listed as one Frank Abignale. Reg readers may remember that Steven Spielberg once immortalised a man of that same name in the film Catch Me If You Can, about a young cheque fraudster who went on the run from the FBI but ultimately joined its ranks to carve out a legit career as a security consultant. Obviously, this is the not the same person.

We called the number Fraud Consulting Ltd listed for Abignale but it was unavailable. Funny that. Fraud Consulting itself is not listed among the businesses starting with the letter F on the Digital Marketplace brochure.

Fraud Consulting said it does not provide quality assurance, testing services or ongoing support, but what about service scope? "We have no constraints. We can create bespoke fraudulent emails 24/7 using our network of content authors and technical specialist across the world."

In terms of user support, it is email or online ticketing-based with support times of "generally within six months". There is no web or phone support, but "we might reply to emails", the promotion added.

One supplier on the Digital Marketplace told us that Crown Commercial Services has some measures in place to vet companies but claimed they were not particularly stringent and that content on the platform can be changed without a problem.

The Reg contacted the Cabinet Office for comment on Friday afternoon and within 15 minutes the service was listed as being stopped. "Fraud Consulting Limited stopped offering this service on Friday 15 May 2020." But not to worry: "Any existing contracts for this service are still valid."

A Cabinet Office spokesperson said: "Applicants who have fraudulently gained a place on the Digital Marketplace are subsequently removed, as in this case."

We asked the Cabinet Office if it is tightening up processes to ensure this doesn't happen again. We also asked how the fraudsters/jokers bypassed any measures in place, if the culprits are known and if any public sector buyers bought this cloud (we assume not, but this is the public sector). ®

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021