Business email compromise — also known as email account compromise — is an email scam that typically targets individuals who pay bills in organizations. These scams appear to come from a known source making a legitimate request. For example, the scammer may pose as a vendor or other trusted source, and send a spoofed email or an email from a hacked account to an accountant or chief financial officer of the company asking them to change where invoice payments go, or to send a wire or purchase gift cards for a plausible reason. When this type of scam happens, those funds are sent to an account controlled by the fraudster instead.

If you’re a victim of a business email compromise, contact your financial institution immediately and then file a complaint with the FBI’s Internet Crime Center.

Click here to learn more about business email compromises.

Businesses receive fake invoices demanding payment for products or services never ordered, received or that even exist. However, typically phony invoices are in reference to something used by all entities such as supplies.

To protect your business from this type of scam, double check your invoices prior to making any payments. Usually phony invoices are smaller dollar amounts. Always review the fine print as it may help to better identify the bill as a solicitation.  

Click here for more information about phony invoice scams.

Overpayment scams are when the person you are doing business with pays you for products or services associated with your business, but pays you more than what was requested. The scammer will instruct you to keep the amount owed and wire the balance back. Scammers may even tell you to keep a small stipend for yourself. In this type of scam, the funds will then bounce (i.e., check is invalid or fund transfer will be reported as unauthorized) and you/your business will be responsible for repayment of the funds that bounced.

To learn more about overpayment scams, visit the Better Business Bureau^® website here.

Directory scams target all types of businesses and organizations to trick them into paying for a listing or ad space in a non-existent directory, or in some cases a directory that exists but won’t be widely distributed and is of little to no value. The scammer will bill for the listing and not place the ad as agreed upon.

To avoid this type of scam, exercise caution when taking these types of calls. Train employees to ask questions as they handle phone inquiries.

For more insight on directory scams from the Better Business Bureau^®, click here.

Most businesses like to give back to the community and donate funds to charitable causes that they stand for as an organization. While many requests are legitimate, there are scammers that will try to use deceptive charitable solicitation schemes. Before making any donations, be sure to research charities.

For guidance and tips to help you make informed decisions before making charitable donations on behalf of your business, visit Give.org.

Phishing is a type of social engineering where a fraudster is attempting to steal information about individual people or your business. This type of scam often comes across as a valid email or text message. However, if someone clicks the link that’s being sent, it will likely download a virus that captures personal information.

To help avoid these types of scams, watch for unsolicited messages and do not click on links that come from unknown senders. Also, keep an eye out for spoofed senders. If you’re on a desktop computer, you can hover over the link in the email with your cursor to see the real website address and determine if where you’re being directed is a familiar website.

For more information on phishing scams from the Better Business Bureau^®, click here.