I know it is exhausting to be constantly viligant about emails, but sometimes you can fall victim to a scam or virus even from trusted senders.
Unfortunately, it is becoming all too common that you or your business might be sent an invoice, letter or invitation via email – possibly to be listed in a bogus directory, pay an invoice, or to renew your website domain name – that is really a phishing scam.These scams take advantage of the fact the person handling the administrative duties for the business may not know whether any vendor purchases, advertising or promotional activities may have actually been requested.
Many email-based ransomware scams use fake invoices as attachments to infect your computer. As an example, if you receive an unexpected bill from a utility provider, do not open the attachment.
Using information they have obtained by hacking your computer systems, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding to convince you they are legitimate.
They will provide you with a new bank account number and ask that all future payments are processed accordingly. The scam is often only detected when your regular supplier asks why they have not been paid.Fake invitations will often include a form to be filled out, and ask for your business contact details with an approval signature. You might be led to believe that you are responding to an offer for a free entry, but the form you are asked to complete is a disguised invoice or contract with the amount owed hidden in tiny print.
Some things you can do to protect yourself and your business:
- Always check that goods or services were both ordered and delivered before paying an invoice, and always read the fine print carefully.
- Try to limit the number of people in your business who are authorised to make orders or pay invoices. Make sure the business billing you is the one you normally deal with.
- If you notice a supplier’s usual bank account details have changed, call them to confirm.
- If you receive a telephone call or ‘invoice’ that comes from a publication you have never heard of, do not pay or give out your details until you have looked into the matter further.
- Keep written records of your authorisations for advertising or directory entries. If you receive an invoice or a telephone call, you can go back to your records to check it.
- If you are happy with your current domain name registration provider, simply ignore any other ‘renewal’ or ‘registration’ letters that you may receive from a different company. If you do want to switch domain name registration providers—make sure you know the full costs, terms and conditions of the offer before agreeing.
Recently, one of my clients was forced to format and rebuild their entire infrastructure of 2 servers and 20 laptops from the ground up. They were down for 2 full days, and it took weeks to get back to normal. Don’t get caught, get prepared!