News

Share:

Share via email - The $40K fake invoice scam we were too smart to fall for Share on Facebook - The $40K fake invoice scam we were too smart to fall for Share on LinkedIn - The $40K fake invoice scam we were too smart to fall for Share on X - The $40K fake invoice scam we were too smart to fall for

The $40K fake invoice scam we were too smart to fall for

The $40K fake invoice scam we were too smart to fall for
© Kiosea39 | Dreamstime.com

Scams come with the territory when you own a business. Last week, we got one here at the Komando HQ that even I haven’t spotted before. Let’s just say I was equal parts impressed and annoyed. That’s why if you own a business or do anything with money at a company, you need to know this.

‘Fwd: Past due Inv 324476’

That was the subject line. What followed was an email chain between me (using my private company email address) and someone named “Paul Delcroix.” According to his email, we were overdue for paying his invoice, and he wanted that money, like, now.

Reading the email chain, it really looked like “Paul” and I were doing business together. In one email, I told him we needed to have a follow-up call. In another, I asked “Paul” to email our finance director, Amber, because she’d send over the money.

As it turns out, “Paul” had created the entire thread and used that to trick Amber into thinking I’d already approved the invoice.

Now, this scammer knew a lot about us, like my personal email address, Amber’s role at the company and Amber’s email address. They even knew our company’s industry; “Paul” was attempting to charge us for using his “Ethics in Broadcasting” legal materials and representatives.

Luckily, Amber is smart

She’s too smart to just pay an unexpected invoice, even if there seems to be evidence I OK’d it. She forwarded me the email and asked if the bill for $39,540 was legit.

Spot the signs

This is a tricky scam, but it’s far from perfect.

  • The bill was for a large, unexpected expense. When we’re planning to spend a lot of money, Amber is almost always part of that conversation. If she’s not, I inform her later since she’s the one who pays the bills day to day.
  • The emails from “Kim” sounded nothing like me. Scammers can find your contact info, photos and other details online, but most of them are really bad at sounding like you. One note started with, “We will prioritize the processing of this invoice today.” I’d never say it that way.
  • There was an urgent tone. This is a big part of most scams. Would-be thieves try to convince you you’re behind on payments or you’ve done something wrong and you need to fix it ASAP.
  • The invoice and emails are a mess. A closer look shows all kinds of strange formatting. The invoice looks bogus for sure.

One simple rule of thumb

Now, if you own a business, you’re going to be surprised to hear this: I approve every expense myself. Yes, I’m busy recording my national radio shows, writing this newsletter and running the business — but I’m the closest one to what we spend. I can spot these tricks a mile away.

▶️ The final approval doesn’t always have to come from the business owner, but I recommend you have multiple folks involved in payment processes. No bill should be paid without someone else confirming, “Yes, this is a service we pay for. This bill is real.”

This is more important than ever in the age of deepfakes, when it’s easy for someone to pretend to be a contractor or an employee to take advantage of the person who signs off on payments.

This story, for example, turns my stomach: A scammer pretended to be an engineering firm’s CFO and “wore” that face during a video meeting using deepfake tech. He tricked the employee on the other end into wiring $25 million.

We’re adding a step

What if Amber had taken that email chain as fact and paid the nearly $40,000 bill? We’d never get that money back. I bet a lot of folks would’ve paid it.

▶️ That’s why I think every company should have a payment password, a safe word, a confirmation — call it what you want. Say our word is “tangerines.” The idea is that the person approving the payment and the coworker or company officer asking for the payment both must say this word.

In our engineering firm example, the deepfake worked flawlessly. The employee truly thought they were talking to the CFO. But what if he or she asked for the confirmation step and the guy stared at him blankly? It would’ve all fallen apart.

🤑 Folks, scammers are getting more creative, and I want you to be careful out there. If you own a business or work at a small biz, send this to your staff. It could save you a massive headache.

Don’t get left behind – Stay tech ahead

Award-winning host Kim Komando is your secret weapon for navigating tech.

Tags: Deepfake, photos, scam, scams, tech, video

Share:

Share via email - The $40K fake invoice scam we were too smart to fall for Share on Facebook - The $40K fake invoice scam we were too smart to fall for Share on LinkedIn - The $40K fake invoice scam we were too smart to fall for Share on X - The $40K fake invoice scam we were too smart to fall for