You've just wrapped up a smooth transaction with a vendor. Services delivered, satisfaction achieved, and now it’s payment time—a standard step like any other in your bustling business.

But here’s where a typical business chore can spiral out of control.

How Does a Payment Diversion Scam Unfold?

Let's break down what can go wrong.

The culprit? An ordinary business email. Harmless, right? Wrong.

Here’s how scammers turn a simple email into a crafty con:

1. Infiltration: The attacker gains access to either your email or your vendor’s. You’re not reusing passwords on your email account are you? You have two-step phone authentication set up, don’t you?

2. Watching: They set up email rules to forward all emails to themselves, or maybe they authorize another mail application, or perhaps they simply directly log into your account.

3. The Waiting Game: Like a spider in a web, waiting for movement, the scammer waits patiently until you initiate a payment to your vendor.

4. The Impersonation: Just when you’re about to settle accounts, the fraudster strikes. They craft a new email address mirroring your vendor’s domain with uncanny precision, hijack the email conversation, and redirect it from their fake domain.

5. The Request: Posing as your trusted vendor, they urgently request a wire transfer or ACH payment, ditching the usual check method due to some fabricated issue.

6. The Deception: Everything looks perfect—the email thread, names, and even signatures. The only thing (left unseen) is the look-alike vendor domain, off by a letter. Unsuspecting, you follow through with the payment, not realizing you’ve just sent money straight into the scammer’s pocket.

The Aftermath

Fast forward a month or two and your genuine vendor contacts you, puzzled, about a missing payment.

That’s when the dreadful realization hits: the money went to a scammer. If not caught in time (think days), retrieving the lost funds may be impossible.

Can This Be Prevented? Absolutely!

Here’s the silver lining—these scams can often be stopped in their tracks. Immediate detection is key to prevention and fund recovery. Here are some golden rules to shield your business:

• Verify Financial Changes: Always double-check directly with your vendor if there’s an unexpected change in payment details. Out of band. Call them.
• Use Known Contacts: Don’t blindly trust contact details in an email. Instead, use verified numbers from your contact list or the company’s official website.
• Protect your Email: Use a unique password on your email and set up two-step phone authentication on the email account.
• Stay Alert: Educate your billing and admin teams about these scams! Awareness is your first line of defense.

Takeaways

Business moves as fast as a click. Taking a moment to verify can be the difference between safe banking and financial mishaps.

Stay vigilant and keep your transactions secure.