Column: Don’t Take the Bait - Beware of Misleading SAM Marketing, Imposters and Phishing Attacks

By Kenneth Goldman, GSA communications specialist

      From time to time, the General Service Administration (GSA) shares information about common fraud schemes that target vendors registered in the System for Award Management (SAM).

      These scams attempt to use public information to defraud those interested in doing business with the federal government.

      Just like users of any public online system, SAM.gov users with registered entities should always take caution to avoid getting caught up in a scam. Users might receive misleading marketing messages, fraudulent attempts to trick you out of money or attempts to obtain your private information.

Third Party Companies and Misleading Marketing Practices

      There are some third-party companies that will offer to help register your entity in SAM for fee. Registration in SAM is always FREE.

      While some users may find these third-party services to be beneficial, please note that the GSA security policy strictly prohibits using another person's email address and password to access SAM.gov.

      If you choose to pay for a service to register or renew your entity you should be aware that any email or website that asks for money, no matter how official it looks, is not a government message or site. A source that leads you to believe that you must pay money to register in SAM could be a fraudulent site. The government will never ask you to pay to register, update your registration or renew.

Attempts to Trick You Out of Money

      SAM users should always be on the lookout for fraudulent sources trying to get you to give them money without providing any service.

      While it’s true that some companies provide registration services, scammers may offer a service they have no intention of providing.

      They also may pretend to be from a government agency requiring you to “pay a fee” by gift card, cryptocurrency or wire transfer. The government will not ask you to pay fees using those methods. Again, you never need to pay to register, renew your registration or “fix registration errors.”

Phishing for Private Information

      Watch for attempts to get you to reveal personal information such as your SAM.gov password (phishing).

      Links in email messages can lead to look-alike pages that collect your login and go on to install malware or ransomware; have you “verify” more private data; or try to obtain access to your computer or network.

      Remember that your data in SAM.gov includes your bank account number; your Social Security Number or your Employer Identification Number; and employee names, email addresses and phone numbers. Always be aware of bad actors trying to obtain this information.

How to be SAM.gov Smart

      Here are some ways to tell if an email or other source is trying to mislead you, defraud you or get your private data:

• Check the sender’s email address or the source’s URL link. If they don't end with .gov, it’s not from the government.
• Watch out for “tricky” links, especially ones that might end with gov.com or something else close to .gov.
• Don’t answer requests to provide your information by phone or email. The government won’t ever ask you to do that.
• Go to the website of the government agency the sender or caller says they represent. Look at the agency’s practices and, if needed, contact the agency to verify the call or email.
• Verify any claims about registration errors or other problems by going to SAM.gov (not via an email link), signing in and checking your registration yourself.

      If you do want to use a service provider to manage your registration, it’s a good idea to check the Better Business Bureau, independent references or a search engine to confirm that you’re working with a legitimate company before you pay anyone.

SAM.gov will never do this:

• Ask for personal information anywhere except within the SAM.gov system itself.
• Ask for money or threaten legal action or liability.
• Ask you to call or text anybody.
• Send a link that does not end in “.gov”.
• Advertise on social media.

      SAM.gov will send you several email reminders before your registration expires. They may also update you on the status of your registration or SAM.gov security issues. All those emails will come from a .gov email address.

      If you think you’ve received a fraudulent email or been the victim of fraud, ransomware, or another cyber crime, you can file a complaint with the Internet Crime Complaint Center (IC3). View the IC3 FAQs for more information about cyber crime and what’s involved in filing a complaint.

      You can report scams, fraud, and bad business practices to the Federal Trade Commission. Their FAQs have more information on what to include in your report.

      What can you do if you think you responded to a phishing email and attackers might have your personal information? Find GSA’s answer at https://tinyurl.com/2p9awz67

(Reprinted from GSA Interact)

Debt default averted: Bipartisan bill cuts fed’l spending by 1%

SBA, GSA to boost 8(a)s on Schedules

More VA awards, fewer vendors

New HUBZone map on July 1

Fed’l agencies begin enforcing TikTok removal

HSBC OKs 6 small biz bills

SAM lapse costs vendor

Column: Don’t Take the Bait

Washington Insider:

Clarification on GOP Soc Sec, Medicare plans