You Have the Power to Protect your Business from Email Scammers

You’ve probably heard the horror stories: businesses and organizations big and small are getting scammed and losing huge amounts of money simply by engaging with an email from an unfamiliar source—or responding to a seemingly-common request.

Fraudsters are getting more sophisticated—and they know that business owners use email every day to set up payment arrangements, negotiate terms, and coordinate other business transactions. Armed with this knowledge, they’ve perfected the art of using email to attack your business and steal your money. It’s called “business email compromise” (BEC), and no organization is immune to the risk.

Since these digital impersonators are constantly trying new ways to separate you from your hard-earned money, it’s vital that you stay current on how they’re doing it—so it doesn’t happen to you. Because once you give criminals a direct line to your money, it’s nearly impossible to get it back.

The two most common scams that lead to big losses

Scammers take advantage of how busy you are and how quickly you work. They use sophisticated methods to pretend to be someone you trust, then leverage that trust to steal from you when you least expect it.  

Here are two big scams you definitely want to avoid:

• Payment requests. Fraudsters will pose as one of your vendors and ask you to make a payment, often on an invoice you're expecting. If you knew they were a criminal, you wouldn't pay. Buy they customize their attacks to make their email seem exactly like messages you get every day from people you trust.
• Payment account change requests. The fraudster will pose as someone you regularly work with in emails that ask you to make a payment account detail change, such as an update to payroll information or wire transfer instructions. Then, they request payment via the updated information.

Complicating this scenario further, fraudsters often make their way into a business’ computer systems, including email accounts. Once they’re in, they can access your contacts list and make fake accounts, so they appear to be trusted vendors and suppliers. They can also use this approach to hijack an existing email thread in your inbox so it appears legitimate.

How to stay one step ahead

You’ve heard the phrase “Act fast.” In this case, the rule of thumb is to “Act slow.” As crafty as these threats have become, the absolute best thing you can do to reduce your risk is to always verify the authenticity of a payment or account change request before you take action. Here are some specific recommendations:

If you receive an email, text or voice message requesting you take any action that’s related to a payment or vendor/supplier payment detail:

1. Do not reply, click any links or call phone numbers included in the communication. Instead, use known links (e.g. web browser bookmarks) and phone numbers to communicate with your vendors. 
2. Don’t make changes without first verifying them directly with your point of contact. Use known contact information to verbally confirm the authenticity of any requests. 
3. Never update transaction details from an email. In today’s busy world this may seem counterintuitive, but it’s worth it. 
4. Don’t let security updates slide. Take time to regularly update your company’s email program and financial software and malware security software installed on your computers and servers.

It goes without saying there’s no amount of money you’d be happy to lose. We’re here to help you protect yourself and your business with the knowledge to avoid being scammed. The good news is that you and your team are the first line of defense. Remember: Act slow and verify. Every time.

Don’t hesitate to reach out to us to learn more or ask additional questions. Our fraud strategy and prevention team is committed to providing the best guidance to help your business avoid risk and reach your goals.