FRAUD ALERT – ARE YOU SURE IT’S BOUYGUES?
Incidents of fraud are on the rise, in particular cases where fraudsters order goods to be supplied to sites purporting to be Bouygues premises in the UK.
Fraudsters disguise themselves using domain names which can be easily mistaken for true Bouygues domain names and using the identities of senior Bouygues employees.
If potential suppliers fail to carry out adequate due diligence, the first Bouygues may know about this sort of fraud is when we receive an invoice for goods delivered and we are unable to verify the invoice or purchase order.
WHAT TO DO TO PROTECT YOURSELF
If you receive an order enquiry or purchase order purporting to be from a Bouygues Construction in the UK entity then please carry out your due diligence, particularly if you have not previously supplied the entity, were not expecting the order or do not recognise the name or the job title of the person sending the enquiry or order.
You may find it helpful to take the following 3 steps:
1: VERIFY THAT THE REQUEST IS GENUINE. CHECK FOR PHISHING
If you have any doubt about the veracity of the email (or call) and you already have a contact within Bouygues Construction in the UK and make enquiries of your contact directly. Even if you have suspicions, do not call the numbers on the email, as these kinds of attacks can be very sophisticated.
If you think you have received a phishing email, ignore the email and do not respond to any requests for payment. Also, do not open any URLs or download any files sent within the suspicious email.
To help recognise a phishing email:
- Check the sender’s email address. With phishing emails, the sending address is often vague, it may have a misspelling of Bouygues, or come from an external account e.g. Gmail, which Bouygues do not use. Fraudulent domain names we are aware that currently in use are: firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com.
- Check the content of the email. There are often inconsistencies with phishing emails; e.g. asking you to update bank details at a bank you do not use, pay debts you have never heard of or the signature purports to be from a member of Bouygues staff whose name or job title doesn’t look accurate.
- There may be a sense of urgency. With phishing emails, the criminals will try to add pressure to ensure you act quickly, or may attempt to circumvent supplier’s payment conditions as the order is required urgently, or the email may request a change of bank account details that must happen immediately.
- Review links in the email. Always hover your mouse cursor over links to see which address appears, as URLs are often falsified in phishing emails. This applies to attachments, which should never be opened if you are unsure of the sender.
If it does look suspicious, send the email to us. This will help us monitor phishing emails currently in circulation. You can send this to: firstname.lastname@example.org
2: CHECK ANY PURCHASE ORDER FOR A QR CODE.
All Bouygues Construction Purchase Orders will have one and should take you toa verifiable Bouygues website. If you have any queries you can contact email@example.com
3: FILE A REPORT REGARDING CYBERCRIME WITH ACTION FRAUD.
Action Fraud is the UK’s national reporting centre for fraud and cyber-crime, where you should report fraud if you have been scammed, defrauded or experienced cyber-crime. Bouygues is unable to do this on a victim’s behalf.
Fraud within our industries is destructive to all participants in it. We thank you for your vigilance and assistance in reporting both to the relevant authorities and to Bouygues Construction in the UK. If you have any further queries or find an order request or purchase order which do not appear to be genuine, please contact our Ethics & Compliance team – firstname.lastname@example.org