WASHINGTON, April 26, 2018 (GLOBE NEWSWIRE) -- On March 22, 2018, the GSA made an announcement of fraudulent activity taking place in the System of Award Management (SAM). The investigation is still ongoing. What is known is that hackers used a technique called “spear phishing” to alter bank account information.
Spear phishing is a type of cyber-attack directed towards a specific person or organization. The defining characteristic is the email that seemingly comes from a trusted source. The message will sometimes contain a link that requires the victim to enter their password or other private information. Other times, the email could be used to install malware on the receiver’s computer. It is important to look closely at the sender’s email address. If it does not end with .gov or .mil, it is not from the government.
Payments being made to government contractors were ending up in other bank accounts. Vendors affected by this fraudulent activity have already been notified. However, the GSA will be instating regulations that will affect all government contractors.
A new requirement went into effect on the day of the announcement. All entities registering on SAM are now required to provide an original, signed notarized letter. The purpose of this letter is to identify the authorized entity administrator with the entity associated with the Data Universal Numbering System (DUNS) number provided before registration. Vendors who have made switches to their banking account information within the last year have also been required to send in this letter.
Starting on April 27, 2018, entities renewing or updating their SAM registration will be required to provide a notarized letter. Directions for completing this letter can be found on the GSA’s website.
The problems, however, do not end with these new regulations. In fact, it’s just the beginning. Contractors will have to get notarized letters to continue working with the federal government. Thousands of letters have already reached the Federal Service Desk. All of them need to get sorted out one-at-a-time by hand. Several US Federal Contractor Registration clients have already faced delays from this process with no time-frame in sight.
USFCR recognizes that these new regulations are just a band-aid solution. It is uncertain how these letters will prevent future cyber-attacks. What is certain, is that contractors who rely on government work to stay in business will be hurt by these regulations.
Right now, we’re working towards getting this problem onto the desks of senators and representatives. We thank you for working with US Federal Contractor Registration and we will keep you updated on this issue.