Hacked Email Accounts Open Businesses to Fraud Warns Better Business Bureau -

Share with:

CHICAGO, IL – Scammers are hacking into company email accounts and are fooling employees into sending vendor payments to con artists. Urgent emails are sent that appear to come from a company executive telling the recipient to change invoice payment procedures for a vendor instructing them to wire money straight to a bank account specified in the email. The Better Business Bureau (BBB) is warning managers and employees not to fall for these fraudulent emails because the money wired will end up in the hands of a scammer.

“This scam is particularly hard to catch because scammers use names and emails of actual vendors and company executives,” says Steve J. Bernas, president & CEO of Better Business Bureau serving Chicago and Northern Illinois, Inc. “However, whenever someone wants a wire transfer to be done, it’s important to respond to these emails cautiously. Employees should double check the authenticity of the email before making such a transfer.”

There are a number of different ways that this scam operates. In a different version, scammers hack into the vendor’s email account and send messages to their contacts.Â The instructions are the same: instead of paying as normal, they are instructed to respond to future invoices with a wire transfer into the scammer’s bank account. Â In other versions, the email account is not actually hacked. The scammers either use software to disguise their email address or create a new address that looks nearly identical.

Here are ways to avoid this scam:

Establish a multi-person approval process for transactions above a certain dollar threshold.
Get the word out in your office. If your colleagues or employees know about the scam, they will be more likely to spot a suspicious email.
Be extra careful with wire transfers. Wire transfers and increasingly pre-paid debit cards are scammers’ preferred methods of payment. Always confirm that any request for a wire transfer is from an authorized source.
Double-check email addresses. Scammers may use email addresses that look very similar to those used by the actual business, such asÂ jsmith@xyzbusiness.com instead ofjsmith@zyxbusiness.com.
Be suspicious of requests for secrecy. Speak to the executive on the phone or in person to confirm changes in payment information. If you still have doubts, speak to another senior executive.
Slow down. Scammers pressure you to take immediate action so you don’t have time to think it through. Take time to verify any request, even an urgent one.