By Crystal Baldwin
Businesses get scammed by imposters, too. This notion was news to me when my office received our first business imposter email scam report about five years ago. A small law firm had transferred $30,000 as directed to do so in an email. In yet another scam involving a real estate law office, it was more than $100,000 of the seller’s money that had been unwittingly transferred to a scam account.
We’ve heard from a retailer, who was in the process of completing their annual supply order: a container of supplies for the holiday season, with their supplier in Hong Kong. The Hong Kong supplier’s email was hacked, and the Vermont small business responded to a valid email address of the supplier to provide updated account information—to a scammer. Charities and small membership organizations have been subjects of this scam as well.
Recently, we heard from a nurse, who, with kind intentions to appreciate fellow frontline workers purchased gift cards as suggested by their supervisor in an email, was responding to a business imposter email scam.
In each of these scams, the personnel involved were simply following standard operating procedure: you get an email from a figure of authority to complete a financial transaction, and you do. It is easy to assume that this kind of scam won’t happen to you or your business, but with ever-evolving technology and growing capability of scammers to deceive, it is becoming more important for businesses to be on the lookout for and arm against scams.
Whether an email system is hacked and the scammer takes control to send out the transfer request, or a scammer creates a fake account email with all the boss’ credentials, these emails appear as though they are coming from a legitimate source within the business.
- Often, when using mobile email services, only the email sender’s name is plainly visible, rather than the entire email address. So, if the email address is “firstname.lastname@example.org,” you don’t see the Yahoo account extension unless you click on the email.
- Another tactic scammers use is copying the signature block of the person of authority. Scammers can easily copy signature blocks used in external out-of-office autoreply messages by receiving a reply message that includes the signature block. All the scammer had to do was send an email to get the autoreply with the signature block.
There are countless ways in which scammers can infiltrate business systems. Businesses can never be too cautious in protecting themselves and their customers from scams. In an effort to help businesses prevent scams from derailing operations, we produced the Avoiding the Business Imposter Email Scam videos and toolkit, which includes scam warnings and actual steps that businesses can take to verify funds transfer requests.
Learn more at ago.vermont.gov/cap/business-imposter
Get more information for businesses from the Consumer Assistance Program.
If you or someone you know has encountered a scam in Vermont, report it. Use the Consumer Assistance Program’s online scam reporting form.
Help us stop these scams by sharing this information with your colleagues and business personnel.