Queries: Craig Pedersen –
During the course of an investigation into fraudulent Personal Protective Equipment websites, the TCG Digital Forensics team noted a commonality between a number of PPE scam websites. Using Open Source Intelligence techniques, the team was able to link in additional scam websites and has identified some 150 scam websites of which over 50 remain active at this time.These websites are created to resemble legitimate suppliers of specialist products. The product codes are then circulated via mass-emails to thousands of companies around South Africa as Requests for Proposals.
Hopeful business owners then research the required product online and land on the fraudulent website. The scammer behind the website interacts with the victim and provides them a quotation. In short order the victim is notified that he has been awarded the tender and receives a fake government order and payment guarantee within 7 days of delivery. The victim then orders the “stock” from the fraudulent website paying a deposit. Deposits can run from tens of thousands of Rands into Millions.
Once the deposit is paid, the scammers discontinue interacting with the victim and move on to their next target.
As a public service, the team at TCG Digital Forensics, aided by a handful of volunteers wanting to stretch and enhance their Open Source Intelligence skills participated in tracing and mapping the scammers. The company then took a decision to issue Take Down notices to the hosting companies on whose platforms the scammers were placing their websites.
“This is probably the largest single DMCA Takedown in on day in South Africa. We intend to issue takedowns on between 70 and 100 scam websites over a 24 hour period to ensure that victims no longer lose money to these scammers. Once this is done, all the data that we’ve acquired in the process will be handed to a specialized unit within SAPS for them to further the investigative trail. I’m optimistic that with the data available they will be able to move quickly to identify the scammers and secure arrests.” Said Craig Pedersen, Director of TCG Forensics and lead OsInt analyst.
The Internet Service Providers Association of South Africa has been key in assisting with the issuing of Take Down Notices. Take Down notices place the company hosting the website on notice that the content contravenes the Electronic Communications and Transactions Act 25 of 2002 and requires the decommissioning of the domain. “By decommissioning these domains, we are able to stop the scammers’ communications with the fraudsters and immediately prevent further financial loss.”
According to Craig Pedersen, he also stated “We’ve had terrific cooperation with SAPS and the different role-players as well as some dedicated volunteers on our team. Through teamwork and respecting each other’s roles we’ve been able to deal a serious blow to online PPE scammers and I’m confident that SAPS will pursue them aggressively to secure convictions”
The full list of sites will be published on the company’s website at www.tcgforensics.co.za and via social media to create awareness and reduce any potential financial losses by the public.