We’ve all seen them—email quote requests that come out of nowhere from a contact you have never met, representing a company you’ve never heard of from a location where you don’t even have a presence.
Until recently these requests were easy to identify because of their improper use of English and frequent misspellings, but in the past six months scammers have located the spell-check button and are adding features to their emails designed to lower your defenses and create a basic level of trust. If fooled, the result isn’t just the loss of data, but the potential loss of your entire business.
While email scams have been going on for many years now, it wasn’t until several months ago that scammers began to make significant changes to the methods being used. The way they are requesting products is changing and scam emails aren’t always easy to identify. For example, scammers have added email signatures with U.S.-based phone numbers and addresses and have even built legitimate-looking websites to fool you.
If the scammers get a distributor on the hook, they will even go so far as to give you pre-payment for their order via a credit card. After all, who’s going to suspect they are being hustled when thousands of dollars have just been deposited into their bank account?
Exploiting The Supplier/Distributor Relationship
While scammers have started making significant adjustments to their emails, there’s also an even bigger concern. Scammers have learned about our industry’s supplier/distributor relationship and are looking to exploit that by spoofing email addresses to make them look like they are coming from suppliers.
A recent round of emails also included attachments they claim are proofs or invoices. The attachments are PDF or Word files and when you open them, a message says the document was created in a newer software version and you need to click a button to enable the content. If you click that button, it will load a virus or ransomware onto your system.
Now more than ever, the entire industry must remain on high alert as this threat isn’t going away anytime soon. And the more they learn about how this industry works, the craftier scammers will become with their approaches.
There many different types of email scams affecting the industry, so it is hard to cover all the specifics, but here are the key ones to watch out for on the most common scam: the email quote request. If you get an email that is unanticipated and looks a little suspect, look for these red flags:
- Email is from an unknown person or company that isn’t local to you.
- Email address doesn’t match up with the contact’s name or company.
- Email is addressed to multiple recipients or says, “undisclosed recipients.”
- Subject line is vague.
- Body of email contains poor English and/or a fair number of misspellings.
- Remember, the signature of an email doesn’t verify anything. Scammers can put any signature and contact information there.
What Happens If You Respond To A Scam
- The scammers will pounce. If you open the window, you can count on hearing from them quickly.
- They may call you. When I decided to test them out and responded to an email that looked like a scam, they called me within minutes and were very assertive in getting the process going.
- They will pay up front by trying to get you to accept a wire transfer. If that doesn’t work, they will offer a credit card. Don’t take the bait.
What To Do If You Fall Victim
The solution depends on where you are in the process, but the first step is to hit the brakes. Immediately stop communicating with the scammers. If the order you accepted is in production, call the supplier and put it on hold so you can sort through the issue. If you’ve processed payment already, call your bank and ask to be connected to their fraud department. Let them know that you think you have fallen victim to a scam and be prepared to provide all the details to them. Make sure you keep good records and have copies of everything you provide to the bank. Hopefully you come out OK, but in case you suffer a financial loss, you want to have everything well documented. If the bank isn’t doing this already, you will need to file a police report. If nothing else, this report will help prove that you were in fact scammed and suffered a financial loss.
Advice For Suppliers
There are a lot of suppliers whose employees send legitimate emails that look very sketchy because they don’t provide important details. Here are ways to improve this immediately.
- Enforce email etiquette. All company employees who are communicating with distributors need to have a full signature with their name, title and phone number. Don’t show direct phone numbers. Give the company’s main number along with their extension. The reason is that scammers can spoof phone numbers from your area code to create emails that look like they are coming from your company. If the distributor calls that number, the chances of something bad happening are high. If emails show your main number, distributors can easily verify it using industry software.
- Include the P.O. number in the subject line. It should be included in the subject line on every email that pertains to an order, including invoices. Most distributors will instantly recognize whether it is their P.O. number or not.
- Include an item number. If the email is not order-specific add details that will help the distributor confirm it is from you. An example would be “Virtual Proof – Item #45232 – (name of logo).”
- Add security to emails. Distributors and suppliers alike should talk with their domain IT pros about adding SPF, DKIM and DMARC dns records to their domain. These steps can help provide a security level that will prevent email impersonation spoofing.
Make no mistake, the promotional products industry is under attack and the enemy doesn’t care about you, your family or your business. They want your money and will stop at nothing to get it. Protect yourself and stay informed. Don’t allow yourself to fall victim because you’re not paying attention.
Share this article and the videos with your team members. Remember, just because you are aware and vigilant doesn’t mean your team will be. The more employees working in your company, the larger your exposure. Every employee who has access to receive emails should be trained in what to look for to avoid becoming a victim and putting the entire company at risk.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Chris Morrissey is the third-generation owner of Proforma Big Dog Branding in Ft. Collins, Colorado. Prior to joining the family business in 1998, he spent eight years in corporate theft and fraud investigations where he built and prosecuted more than 2,000 cases.