Fake Procurement Scams
Bogus purchase orders, often impersonating large firms or institutions, that lead to unpaid goods.
Last reviewed: 1 June 2026
What this scam is
Fake procurement scams involve a fraudster impersonating a reputable organisation — a well-known company, a university, a hospital, or a government body — to place a large purchase order with a supplier on credit terms. The goods are shipped to a delivery address controlled by the fraudster; the invoice is never paid; and the supposed buyer organisation is entirely unaware of the order.
This fraud is particularly damaging for suppliers and wholesalers who extend credit as a normal part of their business model. The credibility of the buyer identity is the primary tool the scammer uses: the prestige of a major institution or well-known corporate name creates a willingness to extend generous credit terms, sometimes without the usual verification steps that would apply to a new, unknown customer.
The value of goods targeted tends to be high — specialist equipment, electronics, medical supplies, or branded consumer goods that can be quickly resold. The fraudster often has knowledge of the supplier's product range and typical order patterns, enabling them to make a plausible purchase request.
How it works
The fraud begins with the fraudster researching both their impersonation target (a large, credible institution) and their victim (a supplier whose products they want to steal). Using spoofed email addresses that closely resemble the institution's real domain, they contact the supplier's sales or account management team with a large purchase order.
The purchase order itself may be a professionally formatted document bearing the institution's logo, branding, and a purchase order number. Contact details on the order — buyer name, phone number, email — are controlled by the fraudster. The delivery address is described as a new or temporary facility, a regional depot, or a project site, to explain why it differs from the institution's known address.
Pressure is applied to expedite shipment, often framed around an urgent project, a grant-funded purchase deadline, or seasonal demand. Once goods are dispatched and delivered to the fraudster's controlled address, they disappear. When the genuine invoice arrives, the real institution confirms it placed no such order, and the supplier is left with no payment and no goods.
Why this scam works
Fake procurement scams exploit two biases inherent in B2B sales: the desire to win prestige accounts, and the assumption that institutional buyers are inherently creditworthy. When a purchase order arrives from what appears to be a well-known university or government department, the natural response is excitement rather than suspicion.
The fraud is also designed to exploit process gaps. Suppliers may apply rigorous checks to new unknown accounts but apply lighter scrutiny when the 'buyer' is a well-known institution they already deal with or aspire to deal with. The fraudster selects impersonation targets carefully to match this psychology.
Shipping pressure is used to compress the time available for verification. Once goods are physically in transit, reversing the transaction is much harder — psychologically and practically.
A typical pattern
A wholesale equipment supplier receives a large purchase order appearing to come from a well-known academic institution. The order references a specific research project, uses the institution's branding, and the contact is responsive and professional. The delivery address is described as a new campus annexe. Eager to win the account, the supplier dispatches the goods on 30-day terms. The institution's genuine procurement office is unaware of any such order. The goods are lost, and the invoice is never paid.
Common red flags
- Large first-time credit order from a prestigious institution you have no prior trading relationship with
- Delivery address that differs from the institution's known address without a credible explanation
- Sender email domain that closely resembles but does not exactly match the institution's real domain
- Pressure to ship quickly on credit before the order can be properly verified
- Contact details on the purchase order that cannot be verified through the institution's own directory
- Unusual urgency framed around a project deadline, grant funding, or seasonal event
- Buyer contact becomes harder to reach after goods are dispatched
- Purchase order number that cannot be verified through the institution's procurement system
- Delivery to a residential address or a storage unit described as a project site
- Request to split a large order across multiple smaller deliveries to different addresses
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
On behalf of [institution name], please supply [goods] on 30-day payment terms. Please ship to our [location] facility. PO number [reference] is attached.
Our department requires [goods] urgently for a research project commencing [date]. Please despatch on our standard account terms and invoice to the address below.
We are placing an initial order for [quantity] of [item] for our facilities team. Credit terms as agreed. Please confirm despatch date and ship to [address].
As purchasing manager for [institution], I'd like to open a credit account and place an order for [goods]. I've attached our official PO. Please can you confirm delivery lead time?
This order is grant-funded and must be received by [date] to comply with funding conditions. Please process on 60-day terms and deliver to [address].
We'd like to extend our existing relationship to include [product line]. Please dispatch [quantity] to our new site at [address] and invoice as normal.
Common variations
- University or academic institution impersonation for research equipment
- Government department or NHS impersonation for medical or IT supplies
- Large corporate impersonation for branded goods or electronics
- New 'regional depot' delivery address used to explain an unrecognised delivery location
- Follow-on order fraud: a genuine small order is placed, then a large fraudulent one follows
- Stolen legitimate employee identity used within a real institution to authorise a fraudulent order
How to verify before you act
Before shipping any order on credit terms to a new or unfamiliar buyer contact — regardless of how prestigious the buyer name appears:
- Verify through official channels: find the genuine procurement or purchasing department contact for the organisation using details from their official website. Call them using that number to confirm the order was placed. - Do not use contact details from the purchase order: all details on the fraudulent document are controlled by the scammer. - Confirm the delivery address: check whether the delivery address matches the organisation's known locations. For any address that differs, request written confirmation from a verified procurement contact at the organisation. - Apply a credit process: treat first-time institutional orders the same as any new account — run a credit check and require a verified purchase order reference that the institution's own system can confirm. - Verify the email domain: check the sender's email address character by character against the institution's real domain. A single transposed letter is a major warning sign. - When in doubt, hold shipment: the cost of a brief delay is far lower than the cost of lost goods.
Payment methods used
- Goods obtained on credit (never paid)
Who is usually targeted
- Suppliers and wholesalers
- Equipment vendors
What to do immediately
- Hold shipment immediately if any verification step raises concerns
- Contact the institution's real procurement department using contact details from their official website
- Do not use any contact number or email address provided in the suspicious order
- If goods have already been dispatched, contact the courier or logistics provider to attempt interception
- Report the fraud to police and your national business fraud authority
- Notify the impersonated institution so they can alert other potential supplier victims
- Preserve all purchase order documents, emails, and delivery records
How to prevent it
- Apply the same new-account verification process to all first-time orders regardless of how prestigious the buyer appears
- Verify any large credit order by contacting the organisation's official procurement team using details from their public website
- Never rely solely on contact details provided in the purchase order for verification
- Confirm delivery addresses against known locations for the institution before dispatching goods
- Implement a credit limit approval process requiring sign-off before shipping large first-time orders on credit
- Train sales and account staff to recognise urgency framing around institutional orders as a risk signal
- Routinely check sender email domains character by character against the known institutional domain
Evidence to preserve
- The purchase order document and all associated emails with full headers
- Contact details, phone numbers, and email addresses used by the fraudster
- Delivery address records and any logistics or courier documentation
- Records of what goods were dispatched, including value and quantities
- Any credit account application documents submitted by the fraudster
- Comparison of the sender's email domain against the institution's real domain
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do we verify a large purchase order?
Contact the buying organisation through its official procurement department using contact details from their public website — not from the purchase order. Confirm the authoriser's identity, verify the delivery address against known locations, and apply credit checks before shipping on terms.
The institution is one we have dealt with before. Do we still need to verify?
Yes, particularly if the order arrives from a different contact name, email address, or is being shipped to an unfamiliar address. Fraudsters specifically target suppliers with existing institutional relationships because they expect lighter scrutiny.
Can we recover goods once dispatched?
Potentially, if you act quickly. Contact the courier or logistics provider immediately to attempt interception before delivery. Report the fraud to police to give law enforcement a chance to intercept the delivery address.
What is a typical target product for this fraud?
High-value, easily resalable items: electronics, medical equipment, specialist tools, branded goods, and IT hardware. Fraudsters favour goods with strong secondary market value that can be quickly liquidated.
How do fraudsters know which products we sell?
Your product catalogue is likely on your website or readily available. Fraudsters research both the impersonation target and the supplier victim before making contact, ensuring the order request is plausible.
Should we run a credit check on institutional buyers?
For large first-time orders, yes. Apply the same credit process you would for any new account. The prestige of a buyer name is not a substitute for a verified purchase order reference and a confirmed procurement contact.