Common Business Fraud Schemes – Email (Part 1)

Written By Dean Fittz

Phishing Scams

Phishing emails are crafted to appear as if they come from a trusted source, such as a bank or vendor. These deceptive messages aim to steal sensitive information, including bank account details, usernames, passwords, or your organization’s security data.

 

Business Email Compromise (BEC)

In a Business Email Compromise scam, fraudsters create an email address that closely mimics a legitimate company email, often altering it subtly with a single letter or number, such as using a Cyrillic character. For example, invoicing@ɑbccompɑny.com may look nearly identical to invoicing@abccompany.com, but they are distinct addresses. 

 

Using these fake emails, scammers may request wire transfers to a fraudulent account or ask for proprietary information to gain access to company accounts or sensitive systems.

 

Red Flags of BEC and Phishing Emails

Be cautious if you receive an email with these warning signs: 

·      An urgent request from an owner or manager to process an invoice, change payment details, or share sensitive documents quickly. 

·      A brief, urgent message that pressures you to bypass standard policies. 

·      A signature indicating the email was sent from a mobile device. 

·      A sender claiming they’re traveling and unable to access a computer. 

·      An email originating from a personal account (e.g., Gmail, iCloud, Yahoo, AOL) instead of an organizational domain.

 

Prevention Tips

To safeguard your organization against these scams: 

·      Train employees to verify urgent financial or sensitive information requests before taking action. 

·      Raise awareness by sharing examples of scams across your organization. 

·      Carefully review invoices to confirm that invoiced goods or services were actually delivered. 

·      Always verify email requests by calling the sender directly using a known, trusted phone number. 

·      Confirm all financial institution requests by contacting the bank directly, even if it means calling back. 

·      Avoid clicking links or opening attachments in emails unless the sender’s identity is verified (refer to BEC examples above).

 

By staying vigilant and following these best practices, you can significantly reduce the risk of falling victim to email-based fraud. Contact Fittz & Associates for a comprehensive fraud examination today.

Dean Fittz
Next

Swiping $900K on the Front Nine