3 Fraud Tactics Email Scammers Use to Victimize Companies
We all know that the internet is lurking with scammers — truckloads of them.
Interestingly enough, a lot of them turn to email as the primary way to execute their scams.
After all, as businesses, we all use email constantly, so it’s no surprise that the scammers are trying to exploit this communication channel to gain access to corporate data.
To give you an idea of how crafty these cyber attacks can be, we’ll share with you three fraud tactics that online scammers are using that work all too well.
Hopefully, as you learn about the convincing fraud tactics that scammers are using, you’ll gain awareness of how terrifying and devious these attacks can be, prompting you to be more vigilant when it comes to strengthening your cyber vulnerabilities.
Table of Contents
Resetting Payment Account Details
In this scheme, the scammer contacts team members at the business he or she wants to target, pretending to be one of their suppliers.
For example, a shift manager at a convenience store will get an email from the scammer posing as the supplier of their dairy products or their cash register’s ink cartridges.
The scammer’s stated reason for contacting management is merely to request a change in payment or banking details.
They often do this with an excuse along the lines of them updating their internal finance system.
When it’s time for the target business to make orders (the convenience store, in our example’s case), they end up processing a payment to the scammer’s bank account, since the scammer had previously requested for the change.
The brilliance of this tactic is the scammer merely asks for an update in payment details — but doesn’t request for money or payments.
Should the scammer request a payment, it might cause the targeted business’s rep to get suspicious.
Of course, the scammer is most likely aware of this, which is exactly why they employ a somewhat passive-aggressive approach of scamming.
As we can all imagine, since the scammer doesn’t ask for payments, it becomes far less glaring to the victim that the request for the change in payment details is made by a scammer.
The Fake Login Screen
Despite how widespread email phishing scams have become, some are still unaware of how the most common form of this fraud tactic works. Allow me to explain this method of scamming a bit more.
You may get an email from a stranger pretending to be a person or a company you trust (PayPal, for example).
The phisher usually asks you to click a link and enter some of your personal details (login information, credit card details, etc.) on their website.
Of course, that’s a fake website they use to capture the information you provide them with, so they can then use it against you.
They often use an excuse, such as,
“We noticed some unusual login activity with your PayPal account. Please check that no one has logged in to your account without your permission.”
to get you to click the link in the email and enter your details on the fake website they take you to.
Sometimes, these phishing attempts are easy to spot, but other times it’s extremely hard to notice them.
Regardless of how hard to spot the phishing attempt is, as soon as you give the hacker your information, they can pretty much do whatever they want with your account.
That’s why, as a business owner (or employee), you have to be very careful with your email communications.
Two-Step Legal Payments
Here’s how the two-step scam works.
Initially, the scammer contacts a law firm pretending to be interested in their services.
A common backstory scenario here is that the scammer is buying a house and wants to learn more about the conveyancing services that the law firm offers.
The hacker then continues with some back-and-forth communication and make it seem like they’ve decided to hire the law firm.
The attacker then sends the law firm a link to a document that they need to fill. However, in order to access the document, the law firm employee needs to enter their firm’s email address and password.
Once this is done, the scammer receives their email username and password and is ready to move to the second step of their plan.
At this phase, the scammer simply observes all client communications of the law firm and looks for settlements and payments that need to be made.
When it’s time for a client to pay the law firm, the scammer emails this client, pretending to be someone from the law firm, and reminds them about the upcoming payment.
However, the attacker removes the law firm’s bank account details, attached to the email, and swaps in bank account details of his own.
Once the transaction is made, the scammer simply takes the money and leaves the law firm and their client trying to figure out what exactly happened.
It’s not only a ruthless plan, but it’s also extremely hard to spot before it’s too late.
The sad part is, because the scammer now has access to the law firm’s email, the scammer can even send emails proactively to the law firm’s previous clients asking for payments, or worse, resort to blackmail.
In the end, we all need to be cautious when someone starts asking for our login details. Had the law firm not shared their email logins, they would not have fallen prey to the cyber attack.
Then again, since the scammer did ample amount of groundwork by establishing a somewhat warm relationship with the law firm by sending back-and-forth emails with them, the law firm most likely dropped their guards because of how seemingly legit the scammer is.
The fraud tactics shared above are quite terrifying, aren’t they?
The method of deception that the scammers are using nowadays have become so intricate and carefully-crafted, that it’s almost becoming impossible to spot them.
Such scams are becoming more prevalent these days. Any business with internet access can be targeted by such fraudulent attacks.
It’s because of this that you need to be educated on how the cyber-attacks work, so you’ll have a means of protecting yourself.
If you know of any other fraud tactics similar to the ones you just read, don’t hesitate to tell us about them in the comments below.