Protect Yourself from Scams
Originally published: 05.01.18 by Ruth King
You receive a legitimate looking email from a manufacturer, a supplier, your insurance company, software provider or other company with which you do business.
It says that you need to update your user name and password and gives you a link to do that. When you click on the link, it takes you to a legitimate looking website so you change your password.
The scammers are in! They watch what you do. They watch who your customers are — and they watch whom you send checks or ACH payments to.
A few months later you get an email from a vendor asking you to change the rmittance address for your payments.
You don’t recognize the name on the email. But why would you? There are hundreds or thousands of employees at that company.
There is a phone number and email address if you have questions. You have a feeling this might not be real so you call the number on the email.
The person answering sounds legitimate, so you send the payments to the new address — the scammer’s address.
Or, you require a form to be filled out in order to change the remittance address. The scammer knows enough about your company and you that he can easily complete the form and send it to your customer.
The Truth Comes Out
A few months later you get a call from the accounts receivable department (the real accounts receivable department) saying that payments have not been received.
You disagree, saying you have been sending the payments, on time, to the new remittance address their company asked you to send them to. You send them copies of the checks to prove you had paid.
Suppose the payments are to Carrier, Lennox, Trane, Rheem, Ruud, American Standard, York, Johnstone Supply or another company who is a major vendor to you? You sent the checks in good faith. Can they make you pay the payments again?
The jury is still out on the answer to this question. There has not been enough case law to say who is at fault and whether customers are required to pay their bills twice.
There is case law with respect to payments to the IRS for payroll taxes. Even if you paid a payroll company and they didn’t pay the payroll taxes on your behalf, you are responsible for making sure the payroll taxes were paid.
The IRS will make you pay the payroll taxes again — directly to them.
This happened to a contractor I worked with several years ago. He ended up paying 18 months of payroll taxes twice, plus interest.
The IRS was gracious and didn’t charge penalties. As you can probably imagine, these payments caused a severe cash flow crunch.
Most of us think that data breaches only happen to large companies, however, it happens to all of us — except it isn’t large enough or sensational enough for the national news. And, it can hurt us worse than large companies.
Here are four ways to protect yourself and your company.
Call Someone You Know
If you get a seemingly legitimate email asking to change remittance address, call the company phone number you have and talk with someone you know, rather than a phone number on that email.
Monitor Your Accounts
Monitor your accounts receivable every month. If payments are due net 30, on that 31st day you must make a phone call. If the payment was made, the customer should have a copy of the cancelled check. Ask the customer to send it to you.
This is the best and fastest way to find out that someone is scamming your company. And it might be the way the scammers get caught.
Look at your supplier statements every month. If the statement says that payment is due and you have already paid the payment, call your supplier.
You might be the one who uncovers the scam.
If you get an email asking you to change your password, call the company’s fraud line to make sure it is legitimate. It probably isn’t and they will ask you to forward that email.
I recently received an email asking me to change my passwords from a legitimately looking email from my insurance company. I called my insurance company and no, it was not legitimate.
They asked me to send the email to their fraud division, which I did.
Be careful — it’s your hard earned money and other assets you are protecting!