NSW Procurement warns of scam targeting suppliers
NSW Procurement has warned of a scam email that aims to capture suppliers’ confidential login details to the NSW eTendering website.
An image posted to the NSW Procurement website reveals the scam email’s subject line to be ‘Confirm Your Details as Published – Prequalification Scheme for General Construction Works up to $1Million’.
The scam email purports to come from ‘NSW Procurement Service’ and incorporates a plausible (but fake) sender email address.
The email claims to include an ‘up to date’ list of contractors ‘listed and qualified by the NSW Standard’ for general works up to $1 million in value.
The message directs readers to a link that claims to include ‘information about qualified contractors, as well as links to procurement systems for sourcing and purchasing goods and services online with confidence.’
However, a spokesperson for the NSW Department of Finance, Services and Innovation says suppliers that clicked on the link were asked for their confidential login details for the NSW eTendering website.
'NSW Procurement recommends that recipients of these emails do not click the link, in order to ensure the safety of their login details,' the spokesperson says. Any suppliers that wanted to reset their passwords could do so at the NSW eTendering website.
'This is the first email phishing campaign that has been reported to NSW Procurement,' he says.
NSW Procurement advises users to delete the email and to report it to the Australian Competition and Consumer Commission’s Scamwatch website.
Stay Smart Online recommends any users who are unsure about whether an email is legitimate should contact the organisation, department or individual that the message purports to come from, using a number independently located on a website, phonebook or bill.
Information for this Alert was provided by the NSW Department of Finance, Services and Innovation.
Stay Smart Online has information about protecting your email.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.