Ask yourself this question as a good gut check when reviewing an email. If the answer is yes, it’s a sure sign to hit the brakes before taking action. Anytime you receive a request through email and money will change hands as a result, check to see if you recognize the sender, and then, find a way to verify before you pay up.

Situations like:

• Paying an invoice
• Changing bank routing information for a vendor account
• Instructions to wire funds (ex. for a real estate purchase)
• Extortion over private info/photos
• Buying gift cards as a favor because the requester is indisposed
• RECEIVING payment/refund

All of these scenarios have been used in phishing scams. The scammer can impersonate someone you know by creating an email address that looks similar to your contact. For example, if your boss’s email address is marysmith@your.org, the scammer can make an email address like marysmith-yourorg@yahoo.com. When was the last time you paid attention to the email addresses anyway?

Second, the scammer can “hack” your boss, or trick her into revealing her password, which is another goal of phishing. Once the scammer has access to your boss’s inbox, he sends an email to you. It now really looks legit–it’s coming from marysmith@your.org.

You can still defeat this scammer! Follow these steps.

1. Do you recognize the sender’s address?
2. Is this request expected or unexpected?

Money changes hands → Verify first

Unrecognized sender → Verify first

Recognized but unexpected → Verify first

Businesses small and large, as well as individual consumers, have been targets for Business Email Compromise (BEC). Just see the latest stats on the FBI’s Internet Crime Complaint Center.

Remember, if money will change hands…VERIFY before you supply!