Email compromise scams have cost victims millions of dollars and are becoming more common as consumers make the majority of their payments online. So what do these scams look like? And how can you avoid becoming a victim?
Let’s start with an example.
Picture this: You’ve paid your monthly rent by check for the past three years. But just before the end of the month, you receive an email from your landlord asking you to send future rent payments to them via wire transfer to an account they’ve specified in the email. Wanting to pay your rent on time, you quickly request a wire transfer to the account before the last day of the month.
Easy, right? Wrong.
A few days into the next month, you receive a call from your landlord asking for your rent payment. You explain that you sent it via wire transfer, just as they requested. After some conversation, you both realize you have been the victim of an email compromise scam, and you sent your rent payment to an unknown party. What’s even worse is that you still have to pay your rent – again!
So You’re the Victim of an Email Compromise Scam. What’s Next?
After working things out with your landlord, your next thought is to contact your bank. You’re hoping to get your money back, but all they can do is offer to recall the funds on your behalf. Why? Because you authorized the wire transfer, and the only way you’ll get reimbursed is if the receiving bank has funds to return to you. Turns out, sending a wire transfer is almost like sending cash.
How did this happen and how can you avoid it in the future? The answer is easy. Always verify new payment instructions with the payee. In the above scenario, a quick call to the landlord would have confirmed that the email didn’t come from them. You never would have sent the wire, and the landlord would be able to notify other tenants of the scam.
Variations of this scam include the “out-of-town” CEO requesting an urgent wire transfer, your closing agent sending a last-minute payment change, or your banker sending a new payment address for your monthly mortgage payment.
How do email addresses get compromised in the first place? Email addresses can be easy to replicate by a tech-savvy scammer; the most common way to gain access is via phishing emails.
The email address Landlord@mymonthlyrent.com, for example, could easily be changed to Landlord@mymonthyrent.com. If you’re not careful, you might miss that the L in monthly is missing from the domain name. Additionally, the scammers could simply make up an email, like email@example.com. If you’re not in regular communication by email, this might go unnoticed as well.
Any email can be compromised. A scammer could try to impersonate anyone, be it your bank, your landlord or a relative. By remaining vigilant – and keeping a discerning eye out for any suspicious communications — you can avoid becoming the victim of an email compromise scam and ensure your payments end up where they belong.