‘Whaling’ Attacks Against Feds on the Rise Also Costing Contractors

By Gloria Larkin

There is a new term all senior executives, contracting officers and contractors providing products need to grasp and fully comprehend. It is about a new trend called ‘whaling,’ and yes, it does have a similar ring to phishing. However, this time it is on a different and much larger scale and costs businesses.

While phishing is a slipshod hack attempt to deceive the receiver into revealing sensitive information or into installing malware that can be directed toward thousands of people, whaling is more targeted and is normally aimed at a high-ranking government official or contracting officer who has access to large sums of money.

Here is the gist of what happens: a high-ranking official gets an email about a solicitation for a sizable amount of computer equipment from their department that has been delivered to another location.

Only they did not send out a request for proposal, or award that RFP or authorize the purchase, or request delivery.

But by the time that official gets the given agency/company security team on the issue to investigate, the contractor who answered the bogus RFP and was “awarded” the fake contract, and then delivered the equipment to a “remote office.” That contractor will then send an invoice for tens of thousands of dollars to the official who has no record of the award or RFP because they were all fake.

While scammers using the federal government as a cover is not new, the bad guys are certainly getting more brazen. Consider, for instance, the idea of getting fake calls from the IRS where the fraudster(s) pose as an executive of the agency.

So, senior executives and contractors need to be prepared to better protect themselves at all stages of the acquisition process. First, they can be more aware of their online presence, be it audio, video, or written communications. Next, they should work more closely with their security teams and heighten the employment of cyber threat reconnaissance tools.

Should an incident occur, targets of fraud should immediately call the FBI, then the agency in question’s inspector general. In the case of small businesses, it is also advisable to call the owner and confirm they were scammed and to check for any issues.

 

More SDB access

In a move that will advance President Biden’s goal to increase contract accessibility to small and disadvantaged businesses, the U.S. Small Business Administration and the U.S. General Services Administration have announced the 8(a) MAS Pool Initiative. The initiative was created to help SDBs participating in the 8(a) Business Development Program gain better access to federal contracts in GSA’s Multiple Award Schedule Program.

Once participants are accepted into the new pool, they will receive a designation that indicates to agency buyers that a business is eligible for 8(a) sole source awards and competitive set-asides. Simply put, this agreement will establish a pool of 8(a) firms to make it easier for procurement officials to leverage the size and scale of the GSA Schedule MAS marketplace to achieve their SDB contracting goals while they make purchasing decisions.

“We’re pleased to be taking this smart step in partnership with SBA to help ensure that the world’s largest buyer ― the U.S. government ― has better access to the valuable products and services offered by small, disadvantaged businesses,” said Exodie Roe, III, associate administrator of GSA’s Office of Small Disadvantaged Business Utilization. “By streamlining the acquisition process, we hope to make it easier than ever for agencies to do more business with 8(a) firms.”

 

TikTok ban update

The DoD, the GSA and NASA have published a new interim rule amending the Federal Acquisition Regulation to implement the No TikTok on Government Devices Act, along with implementing guidance under the OMB Memorandum No TikTok on Government Devices Implementation Guidance.

On that note, if you use a privately-owned device in your government work dealings, you will want to listen up about this new rule, which addresses the influence of one of the world’s most popular social media platforms and its alleged connection to the Chinese government.

This new interim rule revises the FAR to implement the prohibition on having or using the social networking service TikTok or any successor application or service developed (or provided by) ByteDance Limited, or an entity owned by ByteDance Limited. Even if you bought your own device and it is not the property of the U.S. government but use it for work purposes.

“This prohibition applies to devices regardless of whether the device is owned by the government, the contractor, or the contractor’s employees. A personally owned cell phone that is not used in the performance of the contract is not subject to prohibition,” the trio said in their update notice published in the Federal Register.

 

To find out more information, contact us today or call us directly at 866-579-1346. For future updates, follow us on FacebookTwitterLinkedIn and Google+.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *