We're often warned not to click on things or open emails from companies or people we don't know. But what happens when you are familiar with the email sender and they request information? Unfortunately in this day and age company databases are hacked all the time and that information may be used to pose as someone you're familiar with in order to profit from you. Recently one of our customers experienced this.
An email was sent from one of their vendors who they normally do business with telling their accounts payable that they'd changed banks and requested their next invoice be paid to their new account number at their new bank. Having worked with this vendor for a while, the company went ahead and changed the billing information within the ACH payments system and sent the invoiced amount to the new bank. It wasn't until they received a call from the vendor wondering where the payment was that they realized the payment wasn't sent to the vendor, but to fraudsters. The vendor informed them they had experienced a data breach and stolen company email addresses were used to send fraudulent emails to customers. Unfortunately, none of this was realized within the 24-hour window that our bank could have legally reversed the ACH without issues. The company is now dealing with the receiving bank to determine if they can recover their lost funds.
Things to consider:
- When receiving any type of request for changes in payment for bank information, call and speak with that company to ensure they did indeed send the request.
- Look for any red flags in the email itself, such as misspelled words or URLs, or that it comes from someone you're not familiar with, which might indicate a spoofed email.
- Don't click directly on links within an email, especially those asking you to verify information. When in doubt, go directly to the website and navigate to the requested page from there.
- If anything seems off with your accounts, payments, or correspondence with a bank, call us immediately to research your question. In some cases, such as ACH payments, we only have a small window of time that we're able to reverse transactions without penalty.