Before You Ring The Sales Bell On A Sales Order, Make Sure You’re Not Really Sounding A Fraud Alarm
December 16, 2025 by Dave Haynes
Suppose you handled inside sales for a pro display manufacturer and a purchase order from a major university’s procurement team showed up in your email inbox for a six figure deal involving a couple of all-in-one LED displays.
Happy days! Time to ring the sales bell and a round of high fives.
But there may be a problem. The order could be fraudulent, using a scam that’s been around for many years and has evidently resurfaced in the U.S.
Active criminal gangs pose as post-secondary institution purchasing departments, using compromised or spoofed emails. They contact vendors with these faked-out emails and ask for a quote on big ticket gear, like LED or large-format flat panels that would seem to be the sorts of things higher-ed would use.
Purchase orders get generated and then as the order goes into the fulfilment side the buyer reaches out and asks that the gear get shipped to a “special receiving warehouse” that’s off campus, away from the university or college.
So the gear never goes to the university, which never ordered it. And the recipients put it up for sale on E Bay, or they find other ways to move the gear for cash.
One industry contact tells me his team got sightly burned on an order – processing it, but stopping shipment because of the discrepancy between the campus address and the shipping destination.
“They are starting to hit anyone and everyone they can,” says my contact, a CEO of one of the larger companies in this industry.
In looking around for more reporting, I pretty easily came up with four examples from the past year:
- The University of Massachusetts system published a 2025 “Scam Alert – Fraudulent University Purchase Orders,” warning vendors about emails that look like they come from UMass. The scammers request quotes, then send very realistic but fake POs, usually with net 30 terms and delivery to non‑university addresses. After shipment, no payment is made.;
- UC Davis issued a 2025 “Notice to Suppliers: Fraudulent Purchase Order Email Activity,” describing an active email scam using UC Davis branding to request quotes and issue bogus POs, again with delivery to addresses not affiliated with campus.;
- Western University of Health Sciences (California) sent an October 2025 “Notice of Purchase Order Fraud” describing scammers impersonating the university in RFQs and POs, leading vendors to ship product to fraudulent companies and then bill the real university;
- Columbia University Procurement posted a “Fraud Alert” to suppliers noting how spammers are emailing vendors while posing as “Columbia Procurement,” attempting to order goods using deceptive email domains and documents that appear to be legitimate POs from the university.
This is not a new thing, with the exception perhaps that big ticket displays have supplanted other items as the main target. An FBI cybercrime post from 2014 lays out a purchase order scheme run by Nigerian fraudsters:
Our investigators have found more than 85 companies and universities nationwide whose identities were used to perpetrate the scheme. Approximately 400 actual or attempted incidents have targeted some 250 vendors, and nearly $5 million has been lost so far.
The scam has several variations, but basically it works like this:
- The criminals set up fake websites with domain names almost identical to those of real businesses or universities. They do the same for e-mail accounts and also use telephone spoofing techniques to make calls appear to be from the right area codes.
- Next, the fraudsters—posing as school or business officials—contact a retailer’s customer service center and use social engineering tactics to gather information about the organization’s purchasing account.
- The criminals then contact the target business and request a quote for products. They use forged documents, complete with letterhead and sometimes even the name of the organization’s actual product manager. They request that the shipments be made on a 30-day credit—and since the real institution often has good credit, vendors usually agree.
- The criminals provide a U.S. shipping address that might be a warehouse, self-storage facility, or the residence of a victim of an online romance or work-from-home scam.
I assume the liability is with the vendor and not the falsified buyer, though maybe there’s an argument if cyber-security was really lax and the university IT Team made it very easy for fraudsters. But PLEASE don’t take legal guidance from a doofus like me!
What I can advise, if this is not screamingly obvious, is for vendors to put safeguards in place that offer protection, such as background checks and risk management tools.
I don’t want to wade into the swamp of Trump-era US politics, but will note reports that the current administration has dismantled key parts of law enforcement infrastructure, creating what experts say is the ripest environment for corruption in a generation. So these are the best of times for fraudsters.
Stating the screamingly obvious, if a big order drops into the sales inbox, don’t ring the sales bell until you know the buy is 100% legit.
We are also seeing a few instances of scammers intercepting client emails and setting up slightly different email addresses with fake invoices altering the real invoices and having different bank wiring information. For instance they will take one of our employee names and then put @snadispleys.com. Keep an eye out for any time a customer sees a new bank wire email.
Thanks for the addition. In the same way, they also set up whole websites sometimes to make the ordering process look like it is legit.
Happened to us last year Dave – luckily our ever-alert Financial Controller checked out the delivery address in Paris at the last minute and found it to be a car park in one of the housing projects there.