Scammers Hack Business Email, Redirect Payments

Businesses beware! Scammers are hacking into company email accounts and fooling employees into sending vendor payments to con artists.

How the Scam Works:

As part of your job, you pay invoices for several of your business’s vendors. One day, you receive an urgent email from an executive in your company telling you to change how you pay invoices from a vendor. Instead of sending a check, you now need to wire the money straight to a bank account.

The request seems strange, but it comes straight from the boss. You follow his/her directions and wire the funds.  Of course, the money ends up going to the scammer, not the vendor.  This scam is particularly tough to catch because the scammers use the names and emails of actual vendors and company executives.

As usual, this scam has plenty of variations. In a different version, scammers hack into the vendor’s email account and send messages to their contacts.  The instructions are the same: instead of paying as normal, respond to future invoices with a wire transfer into the scammer’s bank account.  In other versions, the email account is not actually hacked. The scammers either use software to disguise their email address or create a new address that looks nearly identical.

Tips to Avoid Falling for This Scam:

Make sure your company doesn’t fall victim to this scam by following this advice:

  1. Establish a multi-person approval process for transactions above a certain dollar threshold.
  2. Get the word out in your office. If your colleagues or employees know about the scam, they will be more likely to spot a suspicious email.
  3. Be extra careful with wire transfers. Wire transfers and, increasingly, pre-paid debit cards are scammers’ preferred methods of payment. Always confirm that any request for a wire transfer is from an authorized source.
  4. Double-check email addresses. Scammers may use emails that look very similar to those used by the actual business, such as jsmith@xyzbusiness.com instead of jsmith@zyxbusiness.com.
  5. Be suspicious of requests for secrecy. Speak to the executive on the phone or in person to confirm changes in payment information. If you still have doubts, speak to another senior executive.
  6. Slow down. Scammers pressure you to take immediate action, so you don’t have time to think it through. Take time to verify any request – even an urgent one.

For More Information

Read the alert from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.

To find out more about other scams, check out BBB Scam Stopper.

Related Posts:

avatar

About Emily Patterson