“Company A” is a vendor to the victim organization. The email address for the owner of Company A was compromised. In late October 2021, while Company A’s owner was out of town, a hacker used the hacked email address to send new payment instructions to the victim. The change request included a new EFT form containing a phone number with the one digit changed, a fake voided check, and a fake W-9. Company A was a known vendor, the email address was legitimate, and the victim ultimately changed the company payment information on file.
Several days later, the victim issued payments totaling over $300,000 to the fraudulent account. The incident is currently under investigation by the U.S. Secret Service.
To Avoid a Scam, organizations should consider the following:
- Report the incident to authorities as soon as possible. An report may be needed for your bank to reverse a wire, and law enforcement can work with FinCEN to initiate the Financial Fraud Kill Chain.
- Consider a policy to verify payment change instructions via information on file
- Implement a two-signature requirement to issue checks or wire transfers
- Train buyers and accounts payable staff on a payment change verification policy and signs of a scam
- Talk to your bank ahead of time to confirm the process for freezing funds, cancelling checks, or reversing wire transfers – and have this written down so all staff is aware of the process
If you are the victim of a cyber attack or scam, please report it immediately. Contact information for agencies is below, or you can contact the SD-LECC to be connected to the appropriate agency.
Scammers don’t just target people with text, calls and emails, businesses can be scammed too. The Better Business Bureau shared common scams business owners and employees need to know about.
One popular tactic scammers like to use is the boss impersonation scam. They can look up who runs a company and spoof the email, claim to be your boss and try to trick you and your coworkers.
“This time of year, we see a lot where you’ll get an email from your boss saying, hey, please go buy XYZ gift cards for Christmas presents, staff gifts, vendor gifts, whatever it might be and then give me a call back. A lot of times, these email addresses look like they’re coming from your boss. You don’t get very suspicious. So if you start getting emails with your boss requesting you to purchase something and it’s not your normal job assignment, then definitely double check physically with your boss to make sure that’s something that they want you to do before you make any kind of purchases,” said Amie Mitchell, CEO of the Better Business Bureau of Eastern Oklahoma.
Mitchell says as artificial intelligence gains popularity in nearly every sector, businesses looking to incorporate AI into their own operations could also run into scammers.
“We are seeing an uptick in fake A.I. business proposals, companies that are stating ‘we can help you grow your business through our A.I. model’ and things like that. Be really cautious before you step off into a new contract or anything with A.I. right now,” said Mitchell.
Mitchell shared how to find someone who offers legitimate A.I. service to enhance a business or service.
“I would definitely check the BBB website, check our website, check out the complaints and the reviews form the business before you decide to do business with them, to see what kind of record we have. See if other consumers have complained about the business or reported it as a scam,” said Mitchell.
She says all of us need to be careful about charity scams as well, whether you’re a business or individual looking to make an end of year donation.
“We do see a lot of fake charity websites. They get taken down pretty quickly. But you know, it just takes a couple of clicks to get scammed. So make sure you’re checking the website address, that it is a valid and real website and real charity before you do any kind of donation. And of course, this time of year, if you are making purchases or donations, try to use a credit card when, if at all possible, it’s pretty much your only way to get your money back,” said Mitchell.
If your business is ever scammed, report it to the Better Business Bureau and your local law enforcement agency. That way others can be warned and hopefully the scammers can be caught.
