Hackers were able to steal $1.5 million worth of printer cartridges from the FBI, Environmental Protection Agency (EPA), and the General Services Administration (GSA) by placing fraudulent contract orders.
Federal News Radio reports:
The General Services Administration's schedules program has been victimized by spear phishing attacks, costing vendors more than $1.5 million. And law enforcement officials say it's increasing.
GSA alerted Schedule 70 and 75 vendors Wednesday that since July 2012 the FBI, the Environmental Protection Agency and GSA inspectors general have been investigating a series of fraudulent orders placed online to GSA vendors from criminals posing as federal contracting officials, according to an email to Schedule-70 and 75 vendors, which Federal News Radio obtained.
The hackers ordered HP printer toner cartridges using official federal employee credentials but fake email addresses, telephone numbers and stolen credit cards.
Law enforcement officials now say scammers are targeting orders for laptop computers, though it's unclear if these two cases are related. But GSA said "there are some significant similarities and we're following up on investigative leads to make further determinations."
Other agencies have also been targeted, including the Fish and Wildlife Service, the Census Bureau, and the Department of Health and Human Services. The list of affected agencies "grows each day," according to the email.
Some orders for printer ink were for as much as $20,000. Scott Orbach, president of EZGSA, a company that facilitates GSA contracts, said officials should be wary of "unusually large quantities or high value orders," and shipments to "unusual addresses."