Introduction
The Spotit Security Operations Centre (SOC) is a professional, highly-skilled, and hard-working unit, dedicated to protecting its customers and all businesses under the Skyleaf (Spotit parent company) umbrella. The SOC conducts comprehensive analyses of all type of information security threats, from firewall traffic and user activities, to suspicious e-mails, documents, and websites.
Spotit SOC receives reports of suspected fraudulent invoices from customers every day. These attempts to conduct fraud are usually made by delivery of e-mail. SOC activities are accelerated by automated threat intelligence analysis, i.e. e-mail domains and senders, and any URL’s are checked for known malicious or suspicious activities.
It is rare in our experience that physical mail is used to conduct fraud against established businesses.
Invoice
An invoice was delivered by mail to the Spotit BV office in Merelbeke, Belgium. This invoice was immediately flagged as potentially fraudulent by the Spotit Finance Department as no such vendor is known to the company.
The invoice is for a software package from a business called OfficeBox.
The invoice has a ‘download’ URL for the supposed ‘DXC PRO ADV DATA CORPORATE PACKAGE ADVANCED PRO EDITION 5.2.1’ however the given PIN code does not download any files from the URL.
URL: https://officeboxonline.com/product-65024-01/ PIN: 12838965024
Domain Analysis
officeboxonline.com is behind CloudFlare as of 05/08/2024, current IP 162.159.134.42
The domain’s A record was previously pointed at UKDedicated LTD from 05/07/2024.
AWS DNS provides its nameservers.
Microsoft provides its e-mail services.
The domain registrar is Hostinger Operations, UAB
Threat Intelligence
The domain has 1 negative vendor analysis on virustotal.com
The website has a 1.7/10 rating on TrustPilot,
with many reviews stating that it is a scam website and at least one review about a fake invoice for the same amount quoted on the spotit invoice: EUR 895.
https://uk.trustpilot.com/review/officeboxonline.com
Website
The website hosts an e-commerce store purporting to sell hardware and software
It is not possible to actually order anything on the website as it claims no payment merchant is configured
Havtech Global Solutions
The invoice has bank account details for a company called Havtech Global Solutions at the Banco de Sabadell which is a Spanish bank.
Havtech Global Solution SL is registered in Barcelona, Spain. The company was registered on 01/03/2024.
Its registered address is Calle Ventallo, 23, P. 3, PTA. 2, 08025, Barcelona, Spain.
https://www.iberinform.es/empresa/10685316/havtech-global-solutions
Calla Ventallo, 23 in Barcelona is an apartment block in a residential area.
We identified that a single officer is registered at the company address and have included that information in our official report.
Reports on the suspected fraudulent activity surrounding this invoice, officeboxonline.com, and Havtech Global Solutions will be made to the Centre for Cybersecurity Belgium, Amazon AWS, UKDedicated LTD, Microsoft, Cloudflare, and Banco de Sabadell.
Threat intelligence sources will also be updated.
Key Takeaways
Scammers are getting more and more creative in how they try to make money off of unsuspecting companies. There are some important things you can consider to make sure you are not caught out of several hundreds or thousands or euros:
- Make sure all employees are well-trained through security awareness training. This allows them to identify suspicious activities and flag them to your security teams. Especially if these suspicious activities are impossible to be caught by your SOC.
- Invest in improving the relationship between your security team and the rest of your organisation. This ensures that departments know what they can expect from security and prevents them from making “the best decision” on their own.
- Ensure that your security team has the capacity to carry out ad hoc investigations on top of their standard work.
- Review your standard business processes to ensure that there are sufficient checks and validations, preventing that invalid invoices end up getting paid by accident.
Spotit Services
Spotit offers information security services to businesses of all maturity levels, ranging from fully managed security operations, to bespoke assessments. Get in touch today at [email protected] or take a look at our services portfolio on our website.