Fake Supplier Email Quotation Scam

How Fake Supplier Email Quotation Scam Works

Overview: The fake supplier email quotation scam targets Indian businesses engaged in domestic or international procurement. Scammers present themselves as known suppliers, usually through email, and send fabricated quotations for machinery or goods. This poses significant financial risks, especially to medium-sized manufacturers and companies with international dealings. Why is it dangerous? These scams can lead to direct financial losses in lakhs or even crores of rupees, disrupt supply chains, and seriously damage business relationships and reputations if not identified early. How It Works: Criminals either hack email accounts of a company or its trusted suppliers, or create lookalike email address[ADDRESS_REDACTED]. A detailed quotation for equipment or goods is then drafted using genuine-seeming branding and technical specifications. Payment instructions are subtly changed, often to a foreign bank account. The scammer may create a sense of urgency, requesting prompt payment for 'locked-in prices' or 'last minute deals.' The business, believing the communication is authentic, transfers the requested amount. Only later does the real supplier inquire about missing payments or undelivered goods, revealing the fraud. India Angle: Indian SMEs and manufacturers, especially those dealing with foreign suppliers in sectors like machinery, chemicals, and electronics, are prime targets. Attacks often exploit Indian businesses' reliance on official-seeming e-mails and weaker verification processes. Email spoofing is prevalent in cities like Pune, Mumbai, Chennai, and Bengaluru, where international trade is common. The scam frequently involves payment via SWIFT transfers, making recovery very difficult once the transaction is authorized. Real Examples: - An accounts manager at a Pune industrial firm received a quotation for a packing machine from what appeared to be their existing German supplier. The email domain was off by a single letter. The manager, seeing a realistic quote and familiar branding, wired ₹73 lakh to a US-based bank account as instructed. Only when the machine never arrived and the actual supplier denied knowledge did the fraud become clear. Red Flags: - Email address [ADDRESS_REDACTED] - Payment is directed to a different or unfamiliar bank account, especially overseas - Pressure is applied to secure quick payment for limited offers - Requests are made to bypass standard procurement or approval channels - Sudden changes in tone or communication format Protective Measures: - Always double-check payment instructions with suppliers through a separate secure channel, such as a direct phone call - Verify all email address[ADDRESS_REDACTED] - Implement dual sign-off procedures for large payments - Regularly train accounts and procurement teams to spot social engineering tactics - Enable email authentication technologies like DMARC, SPF, and DKIM on company domains If Victimised: - Contact your bank immediately to attempt to freeze or recall the transaction - File a complaint with the cyber police via 1930 or cybercrime.gov.in - Notify RBI for cross-border payments and request assistance through the SWIFT network - Alert your internal IT and procurement departments to identify any additional compromise Related Scams: - Fake business invoice or bill payment fraud - Contractor or vendor email compromise - CEO fraud or Business Email Compromise (BEC)

How This Scam Works — Detailed Explanation

The Fake Supplier Email Quotation Scam typically begins with scammers researching potential Indian businesses engaged in procurements, particularly medium-sized manufacturers with exposure to overseas markets. They often browse official websites, industry-specific portals, and social media platforms such as LinkedIn to gather information about legitimate suppliers and companies. Once they have identified a target, they create an email address that closely mimics that of a trusted supplier. For instance, if the legitimate supplier’s email is 'supplier@abc.com', the scammer might use 'supplier@abcc.com'. By impersonating known entities, the scammers can bypass some scrutiny that legitimate communications usually face.

Using psychological tricks, these scammers create a sense of urgency, making the target feel a pressing need to respond quickly. They may craft emails that include fabricated quotations for machinery at competitive prices, often faking signatures and company logos to give their communications authenticity. Scammers might also bypass standard procurement procedures by persuading victims to use new or overseas bank accounts for payments, claiming that certain internal changes necessitate this adjustment. Poorly written emails, filled with grammatical errors or odd phrasing, often go unnoticed as victims are overly focused on the promised deals and the urgency conveyed in these messages.

Once a victim engages with a scammer under the impression that they are dealing with a trusted supplier, the steps unfold typically in the following manner: The victim receives a quotation and is then persuaded to make an immediate payment using a new bank account, often with the instruction to wire the funds through UPI methods known for their speed. For instance, a manufacturing unit in Pune lost ₹1.5 crore when they unwittingly transferred funds into a scammer’s account thinking they were completing a procurement order. Victims may later realize they have been tricked only after the goods never arrive, leaving them vulnerable to significant financial losses and disruptions in their supply chains.

In India, scams like these have resulted in substantial financial impact. Reports indicate that hundreds of businesses fall prey to these sophisticated tactics every year, leading to combined losses in crores of rupees. The Ministry of Home Affairs (MHA), Reserve Bank of India (RBI), and CERT-In frequently release advisories and alerts about this rising trend. For example, in 2022 alone, more than ₹120 crore was reported lost across various businesses due to such supplier scams. As awareness increases, so does the need for immediate reporting to help authorities tackle this issue more effectively.

To differentiate a legitimate communication from a scam, victims should look for familiar indicators. Emails from authentic suppliers typically match their contact details found on official websites, and any request to alter financial instructions should be regarded with suspicion. Providing an email address that is slightly altered or communicating in broken English are classic signs of a scam. Moreover, having a contact number to verify the supplier’s identity before making any payment is crucial. Taking these steps can help protect businesses from falling prey to the Fake Supplier Email Quotation Scam.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake Supplier Email Quotation Scam Target?

General public across India

Red Flags — How to Identify Fake Supplier Email Quotation Scam

• Slight change in supplier email address
• Request to use a new or overseas bank account
• Bypassing usual procurement procedures
• Urgency for payment without standard checks
• Poor English or odd communication timings

What To Do If You Encounter Fake Supplier Email Quotation Scam

1. Report the incident immediately to the cybercrime helpline at 1930 or register at cybercrime.gov.in.
2. Notify your bank right away if you suspect fraudulent activity — call SBI at 1800-11-1109 or HDFC at 1800-202-6161.
3. Collect and document all relevant communications, including emails and invoices, as evidence for your report.
4. Change your bank account passwords and enable additional security measures to protect your financial information.
5. Educate your procurement team about such scams to increase awareness and preventive measures.
6. Stay updated with advisories from the RBI and CERT-In to understand new tactics used by scammers.

How to Report Fake Supplier Email Quotation Scam in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my bank details after a Fake Supplier Email Quotation Scam?

Immediately report to your bank's customer service, such as SBI at 1800-11-1109. Also, contact 1930 for further assistance.

How can I identify a Fake Supplier Email Quotation Scam?

Look for altered email addresses, poor communication quality, and requests for urgent payments without standard checks.

How can I report a scam in India related to fake quotations?

You can report such scams at 1930 or visit cybercrime.gov.in, where you can file a complaint and receive guidance.

What steps can I take to recover my money after falling victim to a Fake Supplier Email Scam?

Contact your bank as soon as possible; they may be able to reverse the transaction or guide you on next steps. Additionally, file a report with the cybercrime helpline at 1930.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.