Avoiding the ‘please make this urgent payment’ scam
Many of you would have seen this over the last year or so, some would have almost been caught by it and some unfortunately have
This scam has been around for some time, but is becoming increasingly difficult to detect. Here’s a sure fire way to avoid being hit by this scam.
The email – what to look out for
Your finance team receive an email, masked from one of the Directors requesting an urgent payment be made to a new partner/supplier/consultant (and any others that you can think of).
The request is usually for several thousand pounds and on the surface, the email looks perfectly legitimate. If you reply to the email, you’ll get a response within minutes providing further details (such as bank account numbers) and urging you to make the payment as it’s holding up some business.
Thankfully, most people in receipt of these emails spot a few fundamental flaws:
1) When you hit reply, the actual email address is not a legitimate company address
2) The language and tone of the email doesn’t reflect the language and tone used by the Director who supposedly sent it
3) You’re not expecting a request of this nature, prompting you to call and check before making the payment – process takes over.
The developing challenge
Whilst this scam has been around for several years now, the scammers are becoming wiser to the above flaws.
We’re now seeing the language and tone change, making it more difficult to instantly spot a scammer.
The underlying fake email addresses used by the scammers are now almost identical to your business domain name. For example an email sent to our email@example.com address, would now be sent to firstname.lastname@example.org (spot the extra L?).
After discussing this with several customers, one came up with a great solution which we thought we’d share.
The sure fire solution
It’s quite simple, but very effective.
Create a simple code between your finance team and the authorised people in your business that may request payments to be made.
Agree that whenever a payment request is made via email, the code must be added to the bottom of the email and unless the code is present, the finance team reject the request.
Voila. Problem solved.