Return to the home page

Protect Yourself from Scams

Originally published: 05.01.18 by Ruth King

Protect Yourself from Scams

You receive a legitimate looking email from a manufacturer, a supplier, your insurance company, software provider or other company with which you do business.

It says that you need to update your user name and password and gives you a link to do that. When you click on the link, it takes you to a legitimate looking website so you change your password.

The scammers are in! They watch what you do. They watch who your customers are — and they watch whom you send checks or ACH payments to.

A few months later you get an email from a vendor asking you to change the rmittance address for your payments.

You don’t recognize the name on the email. But why would you? There are hundreds or thousands of employees at that company.

There is a phone number and email address if you have questions. You have a feeling this might not be real so you call the number on the email.

The person answering sounds legitimate, so you send the payments to the new address — the scammer’s address.

Or, you require a form to be filled out in order to change the remittance address. The scammer knows enough about your company and you that he can easily complete the form and send it to your customer.

The Truth Comes Out

A few months later you get a call from the accounts receivable department (the real accounts receivable department) saying that payments have not been received.

You disagree, saying you have been sending the payments, on time, to the new remittance address their company asked you to send them to. You send them copies of the checks to prove you had paid.

Suppose the payments are to Carrier, Lennox, Trane, Rheem, Ruud, American Standard, York, Johnstone Supply or another company who is a major vendor to you? You sent the checks in good faith. Can they make you pay the payments again?

The jury is still out on the answer to this question. There has not been enough case law to say who is at fault and whether customers are required to pay their bills twice.

There is case law with respect to payments to the IRS for payroll taxes. Even if you paid a payroll company and they didn’t pay the payroll taxes on your behalf, you are responsible for making sure the payroll taxes were paid.

The IRS will make you pay the payroll taxes again — directly to them.

This happened to a contractor I worked with several years ago. He ended up paying 18 months of payroll taxes twice, plus interest.

The IRS was gracious and didn’t charge penalties. As you can probably imagine, these payments caused a severe cash flow crunch.

Most of us think that data breaches only happen to large companies, however, it happens to all of us — except it isn’t large enough or sensational enough for the national news. And, it can hurt us worse than large companies.

Here are four ways to protect yourself and your company.

Call Someone You Know

If you get a seemingly legitimate email asking to change remittance address, call the company phone number you have and talk with someone you know, rather than a phone number on that email.

Monitor Your Accounts

Monitor your accounts receivable every month. If payments are due net 30, on that 31st day you must make a phone call. If the payment was made, the customer should have a copy of the cancelled check. Ask the customer to send it to you.

This is the best and fastest way to find out that someone is scamming your company. And it might be the way the scammers get caught.

Supplier Statements

Look at your supplier statements every month. If the statement says that payment is due and you have already paid the payment, call your supplier.

You might be the one who uncovers the scam.

Report Fraud

If you get an email asking you to change your password, call the company’s fraud line to make sure it is legitimate. It probably isn’t and they will ask you to forward that email.

I recently received an email asking me to change my passwords from a legitimately looking email from my insurance company. I called my insurance company and no, it was not legitimate.

They asked me to send the email to their fraud division, which I did.

Be careful — it’s your hard earned money and other assets you are protecting!


About Ruth King

Ruth King

Ruth King has over 25 years of experience in the hvacr industry and has worked with contractors, distributors, and manufacturers to help grow their companies and become more profitable. She is president of HVAC Channel TV and holds a Class II (unrestricted) contractors license in Georgia. Ruth has written two books: The Ugly Truth About Small Business and The Ugly Truth About Managing People. Contact Ruth at or 770.729.0258.

Articles by Ruth King

What Has to Happen for You to Pay Attention?

Accounting theft, the tale of two contractors who had employees embezzle thousands of dollars.
View article.

What is Your Moonlighting Policy?

I had a different employee fix the customer’s system and fired the employee for moonlighting.
View article.

One Easy Way Your Technicians Can Steal from You

Get a weekly cash flow report and the aged receivables and aged payables reports to back up the report. Look at the aging reports and see if things don’t look right.
View article.

How to Talk to Customers When it’s Hot

Your CSR’s job is to take care of each customer and make them feel you will do everything possible to get that customer’s problem taken care of quickly.
View article.

Keep Your Employees from Stealing this Summer

Don’t let policies you enforce during slow times get ignored when you’re busy.
View article.