Click here to listen to this story.
Most of us think that data breaches only happen to large companies. However, it happens to us too…except it isn’t large enough or sensational enough for the national news. And, it can hurt us worse than large companies. Here’s what happened:
An employee clicked on a legitimately looking link from one of the software companies that they use. Unfortunately it went to a scammer. The scammer now had access to all of their information and watched for a while.
Then they sent legitimate looking emails to this company’s customers asking them to change the remittance address for their payments. One company even wrote back that a form had to be filled out to change the remittance address…the scammer completed the form.
The phone number on the email was not the company phone number. It was the scammer’s phone number so if it was called, the person answering assured the caller that the change was legitimate.
The customers began sending checks to this scammer. The only way it was caught was one of the letters was sent to NOWAccounts who investigated – calling the real company phone number.
It was caught after tens of thousands of dollars were sent to the scammer.
The customers paid their invoices – but not to the right company. Who is at fault? Can they be forced to pay them to the right company? Watch for the legal battles that will ensue.
Here are three ways to protect yourself:
1. If you get a seemingly legitimate email asking to change remittance address – call the company phone number you have – talk with someone you know – rather than a phone number on that email.
2. Monitor you accounts receivable every month. If payments are due net 30, on that 31st day you must make a phone call. If the payment was made, the customer should have a copy of the cancelled check. Ask the customer to send it to you. This is the best and fastest way to find out that someone is scamming your company. And it might be the way the scammers get caught.
3. If you get an email asking you to change your password, call the company’s fraud line to make sure it is legitimate. It probably isn’t and they will ask you to forward that email.
Be careful – it’s your hard earned money and other assets you are protecting!