The schemers are spoofing again.

This time, however, instead of trying to snare promotional products distributors by posing as real-world buyers for legitimate businesses, the would-be crooks are trying to trick industry pros into clicking malware-infested files by pretending to be industry suppliers.

Supplier executives, who wished to remain anonymous, have notified ASI Media to a recent example of the con.

In an email sent to a distributor, the criminal fronted as a top financial officer from a promo supplier. The scammer was requesting payment, saying it was overdue. The recipient was invited to click what the supplier said appears to be a malware-corrupted file to make the requested money exchange.

If launched, malware can cripple a company’s technology stack. Hackers can hold the system in lockdown until a ransom is met. Even after the fraudsters are paid and control is returned to the company, there may be problems with a system – everything from missing data to improper function.

In the email example from the supplier, there were several key tells the message was a con attempt.

An example of the scam-advancing email. Names of the person and company being spoofed have been redacted at their request.

The email address – romulo.soares@quality.com.br – clearly had no connection to the supplier from which the message was purported to be sent. The email also wasn’t addressed to a particular recipient or business. There was no space between the period of the first sentence and the start of the second sentence, and there were two periods after the final sentence of the first paragraph – sloppy work for a message allegedly from a high-ranking executive.

Speaking of the person whose identity was being used: It’s not exactly common for a top financial officer, as was the case here, to be the one sending collection notices to customers.

Broadly speaking, it’s good practice to be leery of “account overdue” emails – especially if they’re prompting you to click a file to make payment. If you receive such a message, it’s smart practice to not respond or click anything. Instead, reach out directly – preferably by phone – to your established contact at the company to see if there is really an issue.

“Unfortunately, these kinds of scams are out there,” said an executive at the supplier whose business identity was being used in this example. “We think this was pretty obviously a scam and that many would pick up on it, but we wanted to share about it because we think it’s an important reminder for everyone in the industry to be vigilant.”

Heads up #promoproducts distributors ~ Thanks to John Bagwell for sharing this story with me. Continued vigilance is important, even if you think you've seen it all.https://t.co/h4WPeysH87

— Chris Ruvo (@ChrisR_ASI) March 8, 2024

In another common scam aimed at promo companies, would-be thieves have been posing as actual buyers for real organizations, such as a university, company or even public utility. They then request, through email or website contact form, a quote on a large number of products, often drinkware or technology items like USBs, speakers or wireless noise-canceling headphones. If the crooks obtain the goods, they never pay for them and are believed to sell them on the illicit market.

In an effort to warn distributors, ASI Media has been documenting the phenomenon in an ongoing run of articles dating back years. Sadly, in certain instances, distributors have been conned out of as much as six figures’ worth of product. In other cases, distributors have spotted the trickery and spoke to ASI Media to help get word out, warning others.