As a business owner, how often in the course of business do you receive an email from one your suppliers or clients regarding either payments due to you or money you owe them. It’s part of every day life in business.

One day, you receive an email from one of those other businesses letting you know that they are now only accepting payments electronically. This is legitimately common these days as we’ve received information requests for both sending and receiving payments electronically from customers and suppliers. In most cases, with the known contact information, you might proceed to have a dialogue about the situation.

After a few emails back and forth, you send your banking information, or you set up to make a payment to their bank with the information that has been exchanged.

There’s one problem – the person you’ve been talking to isn’t who you think it is.

There is an active fraud scam going on right now where someone sets up a domain and creates email addresses that look just like the actual domain but may be missing or changing a letter so it’s hard to notice. They use the same email signature as the legitimate person and, because they own the fake domain, they can carry on a normal conversation over email building trust with every message. It’s not like phishing where they expect you to click a link.  They are actually fitting themselves right into your normal expected day to day business routine.

Before you ever send banking information or change where and how you are making payments electronically, call the other party to confirm that they are expecting that change. Don’t use information given to you in the request, contact them using a phone number you’ve used in the past. Don’t do it by email either. Chances are, if you’ve recently been going back and forth with the fake email address, it may auto populate your email app and you think you are sending to the right person. 

If emails come out of the blue asking for sensitive information, check the email address you are responding to make sure it IS the actual domain it should be.  Also check their email signature to see if something is out of place like a phone number that isn’t local that should be.

Finally, don’t EVER send banking information over clear text email. At the very least, it needs to be encrypted. If at all possible, use an app like Signal that encrypts information or Password Pusher [updated September 2023] to send sensitive information.

This scenario is going on with one of our clients and involves large companies and municipalities.  It’s VERY real.

 

 

 

PLEASE SHARE THIS TO MAKE MORE BUSINESS OWNERS AND THEIR STAFF AWARE.  AS OF THE WEEK OF NOVEMBER 4, 2019, THIS SCAM IS ACTIVELY HAPPENING AND GROWING!