A Roanoke area business has been the target of a sophisticated phishing scam that attempted to take them for $47,000. BBB is warning other area businesses that they could be next.
According to the company, scammers used an email account connected with their old website domain to send an email to the director of accounting, pretending to be the business owner.
The email stated:
“I will need you to do a wire transfer as soon as possible. Please get back to me via email for the beneficiary details.”
Because the email came from an account the company used to operate, and looked very familiar, the Director responded back asking for the details. The scammer then requested a wire transfer in the amount of $47,000 to be sent to an account in Johannesburg, South Africa. Thankfully the Director of Accounting realized this was a very unlikely request and reached out to the company owner.
The scam is known as spear phishing, and it’s a scam that thrives on familiarity.
Make sure your company doesn’t fall victim to this scam by following this advice:
Establish a multi-person approval process for transactions above a certain dollar threshold.
Get the word out in your office. If your colleagues or employees know about the scam, they will be more likely to spot a suspicious email.
Maintain ownership of retired domains. Even if you are no longer using an old website address, maintain ownership of the domain. This will keep scammers from buying that url address and pretending to represent your company.
Be extra careful with wire transfers. Wire transfers and, increasingly, pre-paid debit cards are scammers’ preferred methods of payment. Always confirm that any request for a wire transfer is from an authorized source.
Double-check email addresses. Scammers may use emails that look very similar to those used by the actual business, such as [email protected] instead of [email protected]. They may even use a valid email address.
Update anti-virus software regularly. The regular reminders to update your browsers and software can be annoying, but are there for a good reason. Keep updated to prevent vulnerabilities.
Verify the message. If the message seems suspicious or out-of-character, contact the sender on the phone to verify they actually sent it.
Be suspicious of requests for secrecy. Speak to the executive on the phone or in person to confirm changes in payment information. If you still have doubts, speak to another senior executive.
Slow down. Scammers pressure you to take immediate action, so you don’t have time to think it through. Take time to verify any request – even an urgent one.
