Help protect your business from email scams

The 5 most common tactics scammers use, plus tips to spot them and ideas to help protect your business provided by Wells Fargo Bank. 

We’re spending more time online and doing more business via email than ever before. That has government agencies warning both consumers and businesses to be aware of potential email scams. In particular, business owners should be alert to business email compromise (BEC) scams, especially if you or your employees are working remotely, which can make it harder to get in touch with colleagues to verify certain details.

To help you and your employees spot and avoid these emails, we’ve listed the most common scams designed to harm your business.

1. The invoice scam

In this scenario, someone at your business receives an email that appears to be from a supplier requesting payment. However, the email is actually from a scammer. When you send payment, the money goes to a scam account instead of the supplier’s account.

What to look for
Double check the email addresses from anyone requesting a payment. The sender’s email address might be off by a single letter or come from a “.net” site instead of “.com”, for example. If the sender is providing a new bank account to send the payment to, this may be a red flag as well.

Help avoid it
Instruct your employees to call and verify payment requests, using the trusted phone numbers you have on file instead of anything provided in the email. You can also automate your vendor payments. For instance, after confirmation of the correct payment information you might set up recurring payments via Wells Fargo Business Bill Pay. If you do this, you can trust payments are being sent each month to the right suppliers and vendors, and it may be easier to spot a suspicious invoice.

2. Executive imposter scam

Restaurants see this scam more than others. With this type of fraud, someone emails your accountant (internal or external) or another employee at your company impersonating you or another high-level executive at your company, such as a co-founder or president. In reality, the sender is an imposter. Usually, these emails request a money transfer to a specified account or a large purchase of e-gift cards. 

What to look for
As with invoice scams, it’s important to double check the details of the sender’s email address. In addition, if the sender is providing a new bank account or address that differs from what you have on record, this may be a red flag.

Help avoid it
Institute a verification process at your company. For instance, inform employees you will never send an email about a payment without copying a fellow employee. That way, if an employee receives an email claiming to be from you without another employee copied, they’ll immediately be alerted that something suspicious may be going on.

Additionally, create a system for how to report this type of suspicious activity. If an employee thinks the request might really be from you, they may not want to question it. A preset process may empower them to speak up.

3. Email contacts scam

With these types of scams, your email or the email of one of your employees is hacked to gain access to your contact list. The scammers then email your contacts pretending to be you requesting payment. These payments then go to the criminals’ accounts, rather than yours.

What to look for
Suspicious signs that should make you question if your email has been hacked include strange messages from anyone in your contact list or if customers who normally pay on time are late.

Help avoid it
Consider using accounting software like Xero^®1 or QuickBooks^® Online² to set up automated invoices. This can make it easier for customers to spot a fake invoice since it will look different.
You can also automate payment receipt; if your partners have your (real) account information saved, they may ignore the account details in a fraudulent email and send payment to you directly instead. This may help you spot and fix a compromised account.

4. Attorney impersonation

If you get an email that looks like it’s from your lawyer requesting personal details or a transfer of funds, particularly if it includes bank account details or is marked urgent, it may be from an imposter.

What to look for
These emails are often sent at the end of the day, which, when paired with an “urgent” label, may tempt some employees into transferring the funds without taking time to verify the request is legitimate. Look for spelling errors or any change in tone from how your lawyer normally writes to you.

Help avoid it
When in doubt, don’t send funds until you can verify the request with your attorney. It is always better to confirm the request and details of payment separately from an urgent email requesting payment.

5. Data theft

Finally, hackers can use email as a way to steal data — like Social Security numbers, passwords, or credit card information — which can then be used in a variety of ways by criminals.

What to look for
Advise your employees not to click on any suspicious-looking links, as they may contain malware.

Help avoid it
Establish company best practices around cybersecurity, including what employees should do if they receive a suspicious email or start noticing suspicious charges.

It can take time to change your habits to diligently search for, and help protect yourself and your company against, potential scams. The scams and tips provided here are a good place to start.