NET RFQ: Request for Quote Scammers Casting Wide Net to Steal Real Goods

    Monday, July 28, 2025 In: Threat Research Print

    Date: 07/28/2025

    Severity: High

    Summary

    Our team analyzed a widespread Request for Quote (RFQ) scam exploiting Net 15/30/45 financing terms to steal high-value electronics and goods. These scams are a top social engineering tactic in B2B fraud. Threat actors use RFQ requests to craft convincing lures for phishing, malware, and BEC. They also use quotes to fraudulently open credit lines, obtain goods, and resell them for profit.

    Indicators of Compromise (IOC) List

    Domains\URLs: 

    novartispharmaceuticalscorp.com

    hbfullercompany.net

    magnetek-inc.com

    americaninstituteresearch.org

    abec-electricinc.com

    innovativemedicinejnj.com

    labchem-wako-fujifilm.com

    gwelecco.com

    lakeland-gov.net

    uk-novartis.com

    quad-graphics.org

    abecelectric.net

    thekrogerc.com

    abecelectrics.com

    louisvileedu.net

    twc-texas-gov.us

    novartispharmcorp.com

    novartisphamcorp.com

    omegaengineering-inc.com

    faureciausa.com

    claycorpe.com

    konannmedical.com

    omexom-nz.com

    thedotfunds.org

    volusiacountygov.org

    volusiagov.org

    creechlogistic.com

    bbtruckings.net

    marrten.net

    sheppardtruckings.com 

    icon-consturction.com

    honplumbing.com

    nterceptroofings.com

    smithppi.net

    portable-air1.net

    abecelectric.biz

    abecelectric.xyz

    abecelectrical.com

    abelectriceincs.com

    aceelectricalsinc.com

    advances-electricsinc.com

    atlanticsdda.com

    azdamiaan-be.com

    bcciconsts.com

    beauchampcos.com

    citicgroups-hk.com

    cityofchicago-gov.org

    cleanswatersteam.com

    cleanwatersteams.com

    clemsons-edu-school.com

    clemsons-edu-schools.com

    collinsmns.com

    cummingselecs.com

    delcoelectricsinc.com

    denttoni.com

    dgicomunication.com

    dgicomunications.com

    dropsausas.com

    dvnemail.com

    dvnenergycorp.net

    dvnenergycorp.org

    elllisdoninc.com

    energyelectricneinc.com

    enerveos.com

    fossmaritimes.com

    foxcorporations.net

    gsk-ch.com

    gskpharma.co.uk

    hammondelectrics.com

    hard1nge.com

    hardlnge.com

    hearingcomponent.com

    iciconstructionincs.com

    interceptroofiing.com 

    interceptrooofing.com

    johnsoncontr0ls.com

    keyeances.com

    lewiisupply.com

    magnetekgroup.com

    magnetekhm.com

    magnetekincs.com

    mexicanbarrier.com

    mgnetekinc.com

    mtindgovsg.com

    ngbaileys.com

    ourmexicanwall.com

    patmurphyelectrics.com

    sjdieselservices.com

    superiorcranesinc.com

    tudisinc.com

    turtlleinc.com

    vseaviations-inc.com

    weikart-ch.com

    willmengconstructions.com

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection 

    Domains\URLs 1 : 

    domainname like "sheppardtruckings.com" or url like "sheppardtruckings.com" or siteurl like "sheppardtruckings.com" or domainname like "clemsons-edu-school.com" or url like "clemsons-edu-school.com" or siteurl like "clemsons-edu-school.com" or domainname like "twc-texas-gov.us" or url like "twc-texas-gov.us" or siteurl like "twc-texas-gov.us" or domainname like "johnsoncontr0ls.com" or url like "johnsoncontr0ls.com" or siteurl like "johnsoncontr0ls.com" or domainname like "sjdieselservices.com" or url like "sjdieselservices.com" or siteurl like "sjdieselservices.com" or domainname like "abecelectric.xyz" or url like "abecelectric.xyz" or siteurl like "abecelectric.xyz" or domainname like "dvnenergycorp.org" or url like "dvnenergycorp.org" or siteurl like "dvnenergycorp.org" or domainname like "abec-electricinc.com" or url like "abec-electricinc.com" or siteurl like "abec-electricinc.com" or domainname like "azdamiaan-be.com" or url like "azdamiaan-be.com" or siteurl like "azdamiaan-be.com" or domainname like "hardlnge.com" or url like "hardlnge.com" or siteurl like "hardlnge.com" or domainname like "tudisinc.com" or url like "tudisinc.com" or siteurl like "tudisinc.com" or domainname like "volusiacountygov.org" or url like "volusiacountygov.org" or siteurl like "volusiacountygov.org" or domainname like "bcciconsts.com" or url like "bcciconsts.com" or siteurl like "bcciconsts.com" or domainname like "hard1nge.com" or url like "hard1nge.com" or siteurl like "hard1nge.com" or domainname like "patmurphyelectrics.com" or url like "patmurphyelectrics.com" or siteurl like "patmurphyelectrics.com" or domainname like "omegaengineering-inc.com" or url like "omegaengineering-inc.com" or siteurl like "omegaengineering-inc.com" or domainname like "cityofchicago-gov.org" or url like "cityofchicago-gov.org" or siteurl like "cityofchicago-gov.org" or domainname like "dvnenergycorp.net" or url like "dvnenergycorp.net" or siteurl like "dvnenergycorp.net" or domainname like "foxcorporations.net" or url like "foxcorporations.net" or siteurl like "foxcorporations.net" or domainname like "iciconstructionincs.com" or url like "iciconstructionincs.com" or siteurl like "iciconstructionincs.com" or domainname like "uk-novartis.com" or url like "uk-novartis.com" or siteurl like "uk-novartis.com" or domainname like "hearingcomponent.com" or url like "hearingcomponent.com" or siteurl like "hearingcomponent.com" or domainname like "weikart-ch.com" or url like "weikart-ch.com" or siteurl like "weikart-ch.com" or domainname like "nterceptroofings.com" or url like "nterceptroofings.com" or siteurl like "nterceptroofings.com" or domainname like "abelectriceincs.com" or url like "abelectriceincs.com" or siteurl like "abelectriceincs.com" or domainname like "keyeances.com" or url like "keyeances.com" or siteurl like "keyeances.com" or domainname like "thekrogerc.com" or url like "thekrogerc.com" or siteurl like "thekrogerc.com" or domainname like "lewiisupply.com" or url like "lewiisupply.com" or siteurl like "lewiisupply.com" 

    Domains\URLs 2 : 

    domainname like "claycorpe.com" or url like "claycorpe.com" or siteurl like "claycorpe.com" or domainname like "magnetekincs.com" or url like "magnetekincs.com" or siteurl like "magnetekincs.com" or domainname like "abecelectrical.com" or url like "abecelectrical.com" or siteurl like "abecelectrical.com" or domainname like "denttoni.com" or url like "denttoni.com" or siteurl like "denttoni.com" or domainname like "dgicomunication.com" or url like "dgicomunication.com" or siteurl like "dgicomunication.com" or domainname like "faureciausa.com" or url like "faureciausa.com" or siteurl like "faureciausa.com" or domainname like "dvnemail.com" or url like "dvnemail.com" or siteurl like "dvnemail.com" or domainname like "elllisdoninc.com" or url like "elllisdoninc.com" or siteurl like "elllisdoninc.com" or domainname like "mtindgovsg.com" or url like "mtindgovsg.com" or siteurl like "mtindgovsg.com" or domainname like "volusiagov.org" or url like "volusiagov.org" or siteurl like "volusiagov.org" or domainname like "americaninstituteresearch.org" or url like "americaninstituteresearch.org" or siteurl like "americaninstituteresearch.org" or domainname like "mgnetekinc.com" or url like "mgnetekinc.com" or siteurl like "mgnetekinc.com" or domainname like "magnetekgroup.com" or url like "magnetekgroup.com" or siteurl like "magnetekgroup.com" or domainname like "abecelectrics.com" or url like "abecelectrics.com" or siteurl like "abecelectrics.com" or domainname like "honplumbing.com" or url like "honplumbing.com" or siteurl like "honplumbing.com" or domainname like "willmengconstructions.com" or url like "willmengconstructions.com" or siteurl like "willmengconstructions.com" or domainname like "gsk-ch.com" or url like "gsk-ch.com" or siteurl like "gsk-ch.com" or domainname like "labchem-wako-fujifilm.com" or url like "labchem-wako-fujifilm.com" or siteurl like "labchem-wako-fujifilm.com" or domainname like "advances-electricsinc.com" or url like "advances-electricsinc.com" or siteurl like "advances-electricsinc.com" or domainname like "abecelectric.biz" or url like "abecelectric.biz" or siteurl like "abecelectric.biz" or domainname like "thedotfunds.org" or url like "thedotfunds.org" or siteurl like "thedotfunds.org" or domainname like "enerveos.com" or url like "enerveos.com" or siteurl like "enerveos.com" or domainname like "gwelecco.com" or url like "gwelecco.com" or siteurl like "gwelecco.com" or domainname like "atlanticsdda.com" or url like "atlanticsdda.com" or siteurl like "atlanticsdda.com" or domainname like "magnetek-inc.com" or url like "magnetek-inc.com" or siteurl like "magnetek-inc.com" or domainname like "louisvileedu.net" or url like "louisvileedu.net" or siteurl like "louisvileedu.net" or domainname like "cleanswatersteam.com" or url like "cleanswatersteam.com" or siteurl like "cleanswatersteam.com" or domainname like "creechlogistic.com" or url like "creechlogistic.com" or siteurl like "creechlogistic.com" or domainname like "cleanwatersteams.com" or url like "cleanwatersteams.com" or siteurl like "cleanwatersteams.com" or domainname like "cummingselecs.com" or url like "cummingselecs.com" or siteurl like "cummingselecs.com" or domainname like "konannmedical.com" or url like "konannmedical.com" or siteurl like "konannmedical.com" or domainname like "novartispharmaceuticalscorp.com" or url like "novartispharmaceuticalscorp.com" or siteurl like "novartispharmaceuticalscorp.com" or domainname like "mexicanbarrier.com" or url like "mexicanbarrier.com" or siteurl like "mexicanbarrier.com" or domainname like "hbfullercompany.net" or url like "hbfullercompany.net" or siteurl like "hbfullercompany.net" or domainname like "superiorcranesinc.com" or url like "superiorcranesinc.com" or siteurl like "superiorcranesinc.com" or domainname like "icon-consturction.com" or url like "icon-consturction.com" or siteurl like "icon-consturction.com" or domainname like "delcoelectricsinc.com" or url like "delcoelectricsinc.com" or siteurl like "delcoelectricsinc.com" or domainname like "lakeland-gov.net" or url like "lakeland-gov.net" or siteurl like "lakeland-gov.net"

    Domains\URLs 3: 

    domainname like "innovativemedicinejnj.com" or url like "innovativemedicinejnj.com" or siteurl like "innovativemedicinejnj.com" or domainname like "quad-graphics.org" or url like "quad-graphics.org" or siteurl like "quad-graphics.org" or domainname like "abecelectric.net" or url like "abecelectric.net" or siteurl like "abecelectric.net" or domainname like "novartispharmcorp.com" or url like "novartispharmcorp.com" or siteurl like "novartispharmcorp.com" or domainname like "novartisphamcorp.com" or url like "novartisphamcorp.com" or siteurl like "novartisphamcorp.com" or domainname like "omexom-nz.com" or url like "omexom-nz.com" or siteurl like "omexom-nz.com" or domainname like "bbtruckings.net" or url like "bbtruckings.net" or siteurl like "bbtruckings.net" or domainname like "marrten.net" or url like "marrten.net" or siteurl like "marrten.net" or domainname like "smithppi.net" or url like "smithppi.net" or siteurl like "smithppi.net" or domainname like "portable-air1.net" or url like "portable-air1.net" or siteurl like "portable-air1.net" or domainname like "aceelectricalsinc.com" or url like "aceelectricalsinc.com" or siteurl like "aceelectricalsinc.com" or domainname like "beauchampcos.com" or url like "beauchampcos.com" or siteurl like "beauchampcos.com" or domainname like "citicgroups-hk.com" or url like "citicgroups-hk.com" or siteurl like "citicgroups-hk.com" or domainname like "clemsons-edu-schools.com" or url like "clemsons-edu-schools.com" or siteurl like "clemsons-edu-schools.com" or domainname like "collinsmns.com" or url like "collinsmns.com" or siteurl like "collinsmns.com" or domainname like "dgicomunications.com" or url like "dgicomunications.com" or siteurl like "dgicomunications.com" or domainname like "dropsausas.com" or url like "dropsausas.com" or siteurl like "dropsausas.com" or domainname like "energyelectricneinc.com" or url like "energyelectricneinc.com" or siteurl like "energyelectricneinc.com" or domainname like "fossmaritimes.com" or url like "fossmaritimes.com" or siteurl like "fossmaritimes.com" or domainname like "gskpharma.co.uk" or url like "gskpharma.co.uk" or siteurl like "gskpharma.co.uk" or domainname like "hammondelectrics.com" or url like "hammondelectrics.com" or siteurl like "hammondelectrics.com" or domainname like "interceptroofiing.com" or url like "interceptroofiing.com" or siteurl like "interceptroofiing.com" or domainname like "interceptrooofing.com" or url like "interceptrooofing.com" or siteurl like "interceptrooofing.com" or domainname like "magnetekhm.com" or url like "magnetekhm.com" or siteurl like "magnetekhm.com" or domainname like "ngbaileys.com" or url like "ngbaileys.com" or siteurl like "ngbaileys.com" or domainname like "ourmexicanwall.com" or url like "ourmexicanwall.com" or siteurl like "ourmexicanwall.com" or domainname like "turtlleinc.com" or url like "turtlleinc.com" or siteurl like "turtlleinc.com" or domainname like "vseaviations-inc.com" or url like "vseaviations-inc.com" or siteurl like "vseaviations-inc.com" 

    Reference:    

    https://www.proofpoint.com/us/blog/threat-insight/net-rfq-request-quote-scammers-casting-wide-net-steal-real-goods 


    Tags

    MalwarePhishingQuote ScamExploitSocial Engineering

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.