Will Money Change Hands?
Ask yourself this question as a good gut check when reviewing an email. If the answer is yes, it’s a sure sign to hit the brakes before taking action. Anytime you receive a request through email and money will change hands as a result, check to see if you recognize the sender, and then, find a way to verify before you pay up.
- Paying an invoice
- Changing bank routing information for a vendor account
- Instructions to wire funds (ex. for a real estate purchase)
- Extortion over private info/photos
- Buying gift cards as a favor because the requester is indisposed
- RECEIVING payment/refund
All of these scenarios have been used in phishing scams. The scammer can impersonate someone you know by creating an email address that looks similar to your contact. For example, if your boss’s email address is firstname.lastname@example.org, the scammer can make an email address like email@example.com. When was the last time you paid attention to the email addresses anyway?
Second, the scammer can “hack” your boss, or trick her into revealing her password, which is another goal of phishing. Once the scammer has access to your boss’s inbox, he sends an email to you. It now really looks legit–it’s coming from firstname.lastname@example.org.
You can still defeat this scammer! Follow these steps.
- Do you recognize the sender’s address?
- Is this request expected or unexpected?
Money changes hands → Verify first
Unrecognized sender → Verify first
Recognized but unexpected → Verify first
Businesses small and large, as well as individual consumers, have been targets for Business Email Compromise (BEC). Just see the latest stats on the FBI’s Internet Crime Complaint Center.
Remember, if money will change hands…VERIFY before you supply!