Our most recent Fraud Fighter, Stephanie Albers, discovered an attempt to scam $28,500 from a local business customer. Check out how she paid attention to the clues and used one phone call to protect her customer.
What happened during this customer interaction?
Stephanie: I received an email from a familiar business partner requesting that I process a wire transfer for one of our business customers. This kind of request isn’t out of the ordinary for either the partner or the business, so I began to check the email thread for details and to see if everything was legitimate. The email thread included what appeared to be a message from the business owner instructing this partner to issue a check payment of $28,500 for professional services, with next-day delivery.
Did anything in the email raise a red flag for you?
Stephanie: Two things stood out. First, the email address that supposedly belonged to the business owner didn’t match any contact information we had on file. Second, the context and wording of the email just seemed off for this customer. We try to get to know our customers well and this just didn’t sound like the way the customer typically would communicate.
What did you do next?
Stephanie: I followed our procedure and called the business owner directly to verify the request. The owner confirmed that they had not sent the email and was completely unaware of the payment request. The owner was incredibly grateful that I caught the fraud attempt before any money left their account.
Why do you think this is an important story to tell?
Stephanie: It’s a powerful reminder that fraudsters are becoming increasingly sophisticated. They often impersonate trusted contacts and use real-looking email threads to trick people into sending money. But by staying alert, questioning inconsistencies, and verifying requests, we can protect our customers and their businesses.
What can others learn from this?
Stephanie: Always trust your instincts. If something feels off, it probably is. Double-check email addresses, question unusual requests, and don’t hesitate to pick up the phone. A quick call can prevent a costly mistake.
What are steps businesses can take to protect themselves from similar fraud attempts?
1. Use Strong Email Security Measures
- Enable Multi-Factor Authentication (MFA) on all email accounts.
- Use email filtering tools to detect phishing and spoofing attempts.
- Regularly update and patch email systems and software.
2. Train Employees Regularly
- Conduct security awareness training on how to spot phishing emails.
- Teach staff to verify unusual requests, especially those involving money or sensitive data.
- Encourage a “think before you click” culture.
3. Verify Financial Requests
- Always verify changes to payment instructions or bank details via a phone call or in-person confirmation.
- Establish a dual-approval process for large or unusual transactions.
4. Monitor and Audit
- Regularly review email logs and audit financial transactions.
- Set up alerts for suspicious login attempts or unusual email forwarding rules.
5. Limit Access and Use Role-Based Permissions
- Only give employees access to the systems and data they need.
- Use role-based access controls (RBAC) to minimize risk.
6. Use Secure Email Gateways and Encryption
- Implement email encryption for sensitive communications.
- Use secure portals for sharing financial or personal information.