Back to BlogOTHER ARTICLES
The Email Scam Targeting Suppliers and How You Can Stop It What Is the Net-RFQ Scam — and How Does It Work?
A fast-moving scam is quietly targeting suppliers and distributors, costing businesses tens of thousands in products, shipping, and staff time in a single hit. It’s called the Net-RFQ scam, and it’s designed to look exactly like a normal order until it’s too late.
The risk is growing. In recent threat intelligence reporting, cybersecurity firm Proofpoint found an increase in sophisticated RFQ scams aimed at industries supplying high-value goods. The attackers are professional, patient, and convincing, and if they succeed, your products and money are gone, with little chance of recovery.
How the Scam Works
The Net-RFQ scam starts with an impersonation. Criminals gather real company information from public sources. Everything from websites and LinkedIn profiles to business registries, industry directories, and even U.S. government databases. They may copy actual employee names, phone numbers, and corporate branding.
Using that data, they create a lookalike email domain—just one or two characters off from the real one—and set up an inbox to send convincing messages.
The attack follows a predictable but dangerous sequence:
1. Request for Quote (RFQ)
The attacker sends a professional-looking email asking for a quote on high-value products. These could be electronics, medical devices, industrial equipment, construction supplies, or other goods with strong resale value.
2. Payment terms request
They specifically ask for “Net” payment terms, such as Net 15, Net 30, or Net 45. These terms mean the goods will be shipped before payment is due.
3. Order approval and shipping
Once approved, the order ships (often to a freight forwarder, warehouse, or private address, rather than the company’s official location.)
4. Disappearing act
The payment never arrives. The contact stops responding. Tracing the trail leads only to fake domains, stolen identities, and international reshipping hubs.
Why This Scam is So Convincing
This isn’t your typical sloppy phishing attempt. These emails are clean, grammatically correct, and use accurate industry language. The branding looks authentic. The sender might reference real employees and even sign off with legitimate job titles.
The orders themselves seem reasonable, or, in some cases, are made to feel urgent enough to push teams into skipping extra checks. And because the request is for a normal business process (quoting and fulfilling an order), many email security tools won’t flag it as suspicious.
Why You Need to Care (Even If You Think You’re Not a Target)
If your business offers payment terms, you’re a potential target.
Industries seeing increased activity include:
- Technology and electronics suppliers
- Medical equipment distributors
- Construction and industrial tool vendors
- Specialty manufacturing
But even outside these sectors, the scam works anywhere high-value goods can be resold.
The impact isn’t just financial. Yes, there’s the cost of lost goods and shipping. But you also face:
- Operational disruption: staff hours spent chasing payment, managing replacements, and dealing with insurers.
- Supply chain strain: diverted inventory impacts legitimate customer orders.
- Reputational risk: if scammers impersonate your company, you could be seen as untrustworthy.
Common Red Flags to Watch For
While each scam is unique, many share the same warning signs:
- Urgent or unusually large orders from new customers.
- Delivery addresses that don’t match a company’s official locations, especially freight forwarders or private residences.
- Email domains that are slightly off from the real company’s (yourcompany.co instead of yourcompany.com).
- Requests for Net payment terms from customers with no established credit history.
- Contact details (phone, address, employee name) that don’t match public company records.
Even if just one of these appears, it’s worth slowing down and checking before you ship.
How to Protect Your Business
Stopping RFQ scams isn’t about slowing down your business. It’s about building smart, quick verification steps into your sales process so they happen automatically.
Here’s what works:
1. Always verify new customers before shipping.
Call a trusted number you find independently—not the one in the email. Confirm both the order and the person placing it.
2. Scrutinize domains closely.
Look for minor changes like swapped letters, added hyphens, or different extensions (.co instead of .com).
3. Flag extended payment term requests in your CRM.
Any first-time customer asking for Net 15/30/45 should go through extra review.
4. Train your team.
Sales, finance, and fulfillment staff should know what a freight-forwarding address looks like and understand they have full permission to pause a shipment if something feels off.
5. Document and share incidents.
If you detect an attempted scam, share it internally so your team knows what to look out for.
Staying One Step Ahead
Prevention is always less costly than cleanup. A short verification call is cheaper than losing a shipment. Clear, consistent training prevents costly mistakes. And working with a partner who monitors emerging threats means you don’t have to track every scam trend yourself.
At Alliance Technologies, we help companies protect both their technology and their business processes. That means:
Industries seeing increased activity include:
- Staying plugged into threat intelligence from sources like Proofpoint.
- Translating technical findings into practical, everyday defenses.
- Building team awareness so scams are spotted before they cause damage.
Cybersecurity isn’t just about keeping hackers out of your network. It’s about making sure your daily operations can’t be exploited (and that your reputation stays as strong as your business results). Alliance can help protect your business from scams like this.
