Scam Alert: Phony Proposal Emails Target Small Business Owners

Small business owners beware of a new scam looking to interrupt your business.
May 12, 2017

If you are a small business owner, you always have an eye out for your next contract. An RFP (request for proposal) sent to your inbox can be a great chance to win new business. But watch out for scam emails that only look like RFPs.

How the Scam Works:

You get an email with the subject “RFP Proposal” or something similarly general. The message appears to be from a potential client asking you to bid on a new contract. You open the message and download the attached RFP file. In most cases, the attachment seems “real.” The RFP has details about the project and uses a company or government agency name.

The actual scam takes many forms. It may point you to another website to input personal information or request that you download a malware-infected file. Other versions request that you provide bank account information, under the guise of needing payment information. No matter what the con, be sure to delete it.

How to Spot an RFP Scam:

  • Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address. 
  • Call the contact information to confirm. If you aren’t sure if an RFP is real, reach out to the provided contact information. If this person doesn’t exist or refuses to speak with you, it’s a huge red flag.  Scammers often make excuses such as being “out of the country.”
  • Get outside confirmation. Scammers often pose as government agencies or use real company names. Check that the RFP is posted on the organization’s website. If the company doesn’t list RFPs online, call their office to confirm. But don’t use a link or phone number provided in the potentially phony message.
  • Be cautious of generic RFPs. Scammers try to cast a wide net by including little specific information in their fake emails. Always be wary of messages and project descriptions that are overly broad. 
  • In general, be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.


For More Information

Own a small business? Check out this new resource from the Federal Trade Commission on cyber security and protecting your company from scams.

To report a scam, go to BBB Scam Tracker.