This morning, our company narrowly avoided falling victim to a scam that nearly cost us $19,000.
Despite the precautions we have in place, scammers are finding new ways to deceive even the most vigilant businesses.
The scam started with an email that appeared to be from me, instructing our accounting team to pay an overdue invoice from Oracle. The email was crafted to look legitimate, complete with a fake signature line, a plausible email address, and language that mimicked typical business correspondence.
But upon closer inspection, there were several red flags:
- The email supposedly came from me, but the sender’s address wasn’t one I recognized or used. It was a spoofed email made to look convincing.
- The tone and wording of the email didn’t match my usual communication style, and it included a signature line that wasn’t mine.
- Oracle isn’t a vendor we work with, and the invoice was for a service we never purchased.
Here’s a snippet of the email thread that almost fooled us:
- From the Scammer: “What’s the update on Oracle’s invoice? Has it been paid? If not, make sure it is paid today.”
- From the Fake Oracle Collections: “I just got off the phone with Dennis Yu and was told to email you. We respectfully ask for ACH payment to be released today as the invoice is overdue.”
These emails were designed to create urgency and pressure our team into making a hasty payment without further verification. The scammers even went so far as to follow up with additional emails, reinforcing the demand for immediate payment.
Unfortunately, this is not the first time we’ve encountered such deceitful practices. Just as shocking is the experience I had with Tristan Parmley, who stole the company, I created and made it his “own”.
These scams not only affect our financial health but also erode trust within our industry. As seen in another troubling instance, where my former business partner betrayed our mutual interests for personal gain, the pattern of unethical behavior is disturbingly common.
How We Caught the Scam
Fortunately, we have a protocol for verifying large payments and checking the authenticity of any invoices from unfamiliar vendors. This process helped us quickly identify that something was off.
The Lessons We Learned
Scammers often create a sense of urgency to push you into making quick decisions. Always take a moment to verify before acting.
Look closely at email addresses, language, and other details that could indicate a phishing attempt.
Implement a strict verification process for approving payments, especially for unfamiliar vendors.
Ensure everyone in your company is aware of these tactics and knows how to handle suspicious emails.
What to Do If You’re Targeted
If you receive an email like this, take these steps:
- Engaging with scammers could lead to further attacks.
- Contact the vendor directly using known contact details, not those provided in the suspicious email.
- Notify your IT department and report the scam to relevant authorities, such as the FTC or your country’s fraud prevention agency.
Scams like this are becoming increasingly sophisticated, but with the right precautions, you can protect your business.
Stay vigilant, educate your team, and always verify before you pay.