Fake tractor fraudsters plague online transactions

The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks occurred throughout both 2021 and 2022, including outbreaks of ransomware at multi-state grain companies. Conti, Suncrypt, BlackByte, and more also put in appearances at several grain cooperatives.

And now another issue for the agricultute sector: Sophisticated scams involving fake tractors and sale portals have cost certain businesses $1.2 million in the space of a month. Worryingly, the Australian Competition and Consumer Commission claims this is an increase of 20% versus the same period of time a year earlier.

From fake ad to fake tractor

As with so many internet scams, it begins with fake online adverts. These take the form of both fake websites and bogus ads placed on genuine advertising platforms. This Age article highlights some of the techniques used to reinforce the legitimacy of the ads, which includes:

  • Mock sale contracts. Fake documentation and identification is often the stomping ground for 419 and social engineering scams, so it makes sense it would put in an appearance here.
  • Listing ABNs on bogus websites. This is a way of making things look legitimate. An ABN entry is how you confirm a business is genuine, or at least exists. A valid record will display as active, next to the business name, type, and location. You can also click through and see additional data regarding trading names, active status, goods and services, and more. Scammers are likely including genuine business names in their ads without the actual owner knowing about it. This is going to cause reputational damage down the line.
  • Free trials after deposits are made. Making an offer sound better than it really is works where most scams are concerned. As the article notes, excuses will be made as to why in-person inspections can’t be arranged and any upfront payment should be treated with suspicion.

Don’t trade in your cash for a non-existent model

While these attacks are being flagged in Australia, the reality is that this kind of thing can happen anywhere. If you’re involved in agriculture, here are some of the ways you can avoid this from happening to you:

  • Inspect your purchase via video call or in person. If this isn’t possible, ask why.

  • Don’t pay anything upfront, especially if the seller claims it’s being done through an “escrow” service of some kind. Most likely it’s just something being operated by the scammer. Worth noting that they’re typically asking for 10-20% deposits, which could be a lot of money considering tractors are involved.

  • If the machinery you’re buying is below the market price in a way which makes you think it’s too good to be true, then it probably is.

  • Check with businesses supposedly close to the seller’s location and see if any of them know about the individual or business wanting to sell you something.

  • Counties often have a list or business register similar to Australia’s ABN. The UK has Companies House, where you can see businesses registered for tax purposes. There are several routes to go down if you’re in the US. None of this is a guarantee of legitimacy with regard to the entity you’re dealing with. It’s possible they may be misusing the name of a genuine business, so use publicly available information to contact that business directly and see if everything is on the level.

Stay safe out there!

https://blog.malwarebytes.com/feed/