We want to alert you to a series of serious, nationwide Purchase Order (PO) scams that are targeting suppliers at universities across the country. This particular criminal activity involves PO’s and requests for quotations that purport to originate from the University of Edinburgh, but are in fact fraudulent.
Recently, The University of Edinburgh has experienced a number of serious cases of fraud in which the perpetrators are targeting existing and potential Suppliers of ours. These criminals are purporting to be employees of the University of Edinburgh and request a substantial order of goods or services, usually providing seemingly valid documents to support the request.
What are the characteristics of purchase order (PO) fraud?
- A supplier receives an email requesting a quote (usually for large quantities and of a high value)
- A purchase order is emailed to the supplier, usually bearing some resemblance to an authentic purchase order
- The purchase order instructs delivery of goods to an address not affiliated with The University of Edinburgh
- After shipping and delivery, the supplier won’t receive payment for the goods or services and will either receive no response from the perpetrator or will continue to receive communications intimating a delay in payment – more recently, Covid-19 is being used as an excuse alluding to banking delays.
What is the University doing to prevent these types of Fraud?
The University is committed to raising fraud awareness throughout the organisation, and regular training sessions are hosted by Finance and the Information Security teams. These are for Staff members and are bookable via MyEd.
In addition, our Counter Fraud Group meet regularly and membership of this group includes Finance staff from all over the University, including the Procurement and Estates departments. At these sessions, near misses are reported, fraud awareness ideas are discussed and future events planned.
We also work closely with the UK banks and other bodies to stay informed on the new and emerging threats, and trends that are being identified.
What to look out for
There are some red flags to look out for in relation to purchase orders:
- A non-University of Edinburgh email domain address – make sure to hover over the email address to ensure the originators email address is not being masked, you can also verify the validity of any email addresses on our website
- Poorly written and grammatically incorrect communications
- Emails and documents fraudulently signed off by names of genuine University of Edinburgh employees, usually at a senior management level AKA CEO impersonation Fraud
- Mobile numbers quoted on documents and correspondence – do not call these numbers as they could incur additional charges
- A rush to expedite orders, usually overnight
- Large quantities of goods and high value orders.
What should I do if I have been a victim of fraud?
If you, or a colleague, think you have been a victim of a scam of this nature then we would like to hear about it. We may anonymise and use your example in our future fraud awareness sessions and to help the authorities in the fight against fraud.
Please contact the Finance Helpline (Finance.Helpline@ed.ac.uk) for more guidance.
You should also report the matter to Action Fraud; they’ll be able to advise the best steps forward.
I think I have received a fraudulent purchase order, how do I know if it’s valid?
If you’re ever unsure about the authenticity of a purchase order, please raise this as a matter of immediate concern by contacting our Finance Helpline (Finance.Helpline@ed.ac.uk) and we’ll be happy to verify the validity of an order.
Another key consideration is around Customer due diligence. Make sure you know who you’re engaging with, and independently establish contact through the customer’s website or published details.