Fraud EDU: Stop, Call, Confirm

“It just didn’t sound right, but I went ahead and did it.”

“It was a fast-paced, busy day, so I sent the payment– but I should’ve trusted my gut.”

The scam is called business email compromise– and it can be all too easy to fall victim. It doesn’t just affect businesses – everyday consumers can be targeted, too.

Here’s how it works – and how you can stop it.

A fraudster may pose as an employee in your company and request a payment. Or, a criminal may pose as an employee of a legitimate business and request sensitive account information “to update direct deposit payments” or for some other reason.

“Business email compromise remains one of the most popular fraud trends because it continues to work,” says Jeff Taylor, head of Commercial Fraud Forensics for Regions Bank. “It works because the criminals do a good job of impersonating legitimate people and businesses. And it works because people are too often in a rush to complete tasks, even important ones like financial matters. That’s why we’re educating and informing our customers about the warning signs – and how to protect their accounts.”

These types of deceptions can take many forms, including:

  • Executive Impersonation. This tactic involves the impersonation of a trusted authority figure like a C-suite executive, attorney, or manager. The fraudster creates an email that appears to be originated by the trusted authority requesting a new payment or a change to an existing payment. The email is received by a fellow employee, thinking they’re just doing what they’re told if they follow the instructions. But in reality, that executive’s email was hacked, and they didn’t send the request.
  • Vendor Impersonation: A fraudster may impersonate a current or new vendor for the business, and in many cases, the fraudster has compromised the vendor’s email, “nesting” themselves in the platform to monitor activity. At some point, the fraudster will insert themselves into the conversation, request the change, then redirect email traffic to an external email account. 
  • Employee Impersonation: These cases typically involve the use of a compromised or counterfeit email account designed to impersonate an employee. Using email, the fraudster requests a change to, or initiation of, direct deposit or payroll to a new account number. Once the request is processed, the next payroll is credited to the new account controlled by the fraudster. 

The same principals can apply to emails sent to consumers – where the scammers are posing as a real company – but asking for information or payment changes that steer your money toward them, not the real company.

While there are a number of red flags that may indicate business email compromise, such as a typo or grammatical error, it can still be difficult to recognize a scam. However, there is an easy remediation technique to avoid becoming a victim. And it’s just three words:

STOP. CALL. CONFIRM.

“We encourage clients to create controls on their side of the payment transactions, and one of the best controls to have in place is stop, call, confirm,” explains Jeff Taylor. “This technique is an encouragement for them to pause their process, stop what they are doing, and when they get any kind of payment request, pick up the phone and call their requestor.”

Stop, call, and confirm truly is that simple:

  • Stop: pause your process and evaluate the request.
  • Call: pick up the phone and call the requestor at a number you know; don’t call the number in the email or respond directly to the email.
  • Confirm: validate that the request is legitimate.

These three steps can help prevent potential fraud in just a matter of minutes – and Jeff Taylor has seen the safeguard work again and again.

“It’s a five-minute phone call, but it may save you a lot of grief down the road.”

Additional Resources: 

Business Email Compromise: Stop, Call and Confirm

Imposter Text Scams: 6 Tips to Fight Back

Social Media Scams: 6 Common Schemes

Recent in Sponsored