Business Impersonation Fraud

Business Impersonation Fraud occurs when criminals pose as legitimate businesses to exploit their reputations. Through fraudulent transactions, they obtain sensitive information, money, or other valuable assets. The fraudsters use various tactics, such as emails, phone calls, and fake websites, to create the illusion of authenticity and deceive consumers and other businesses.  Business Email Compromise is the most extreme (and lucrative) form of this scam. This fraud is a version of Imposter Scam but from the victimized firm's perspective. 

A customer receives a call, email, text, or social media message that appears to be from a company you recognize. The message offers an attractive bargain or prize and instructs your customer to call a number or click a link. However, this phishing email is from a scammer pretending to be that business. If your customer responds, the fraudster will ask them to make a payment or provide personal information. In reality, your company is never contacted, but your reputation is damaged in the minds of your customers because there is no product or prize.

• Unexpected and unsolicited emails or calls from supposed business contacts.
• Pressure to act quickly, often involving urgent financial transactions or sharing sensitive information.
• Fraudsters often ask for payment through unconventional methods such as wire transfers, gift cards, or cryptocurrency. Cards and Other Untraceable Payment Methods. Genuine businesses and government agencies never ask for payment via gift card. Any such request is a sure sign of fraud.
• Email addresses and phone numbers that are similar but slightly different from the legitimate ones.
• Suspicious emails containing links or attachments that ask for login credentials or other personal information.

• Don’t click any links or call phone numbers they give you. Always verify the sender's email address and phone number using reliable sources independent from the incoming message. Caller IDs can be spoofed using electronic tools. Contact the business directly using known contact details, not the information possibly from a scammer. 
• Train staff to recognize the signs of fraud and to follow verification procedures.
• Install and regularly update antivirus and anti-phishing software.
• Implement multi-factor authentication for financial transactions and other sensitive operations.
• Report any suspicious communications to the proper authorities immediately. See How to Report Fraud.
• Keep up-to-date with common scam tactics and remain vigilant.
• Safeguard personal data and share it sparingly, especially when unsolicited requests are made.

• Notify your bank or financial institution to stop unauthorized transactions.
• Report the fraud to your local police department and file a complaint with the Federal Trade Commission (FTC). See  How to Report Fraud.
• Regularly check bank and credit card statements for unauthorized activity.
• Inform any affected business partners or clients about the incident to prevent further spread.
• Notify customers who may have been victimized and advise them to scan for malware, change passwords, monitor accounts, and consider credit monitoring. If they revealed personal information, refer them to the recovery steps for  identity theft.
• Document Everything: Keep records of all communications, payments, and documents related to the scam.

References:

• Federal Trade Commission. (n.d.). Business Impersonation Scams. Retrieved from  https://consumer.ftc.gov/features/pass-it-on/impersonator-scams/business-impersonator-scams
• Better Business Bureau. (2023 April 13). Top 10 scams targeting businesses. Retrieved from https://www.bbb.org/article/news-releases/19932-bbb-warning-businesses-dont-fall-for-that-scam
• Hume, M. (12 February 2024). That friendly airline 'rep' on X might be scamming you. The Washington Post. Retrieved from https://www.washingtonpost.com/travel/2024/02/12/airline-customer-service-scam-x