It’s starting to seem like every week, there’s a new scammer calling or emailing us with increasingly sophisticated schemes. Each time it happens, I can’t help but wonder if someone I know in the industry could be at risk. The need for robust protective measures has never been more apparent, as illustrated by a recent incident at our dealership, Ernie Williamson Music, which prompted me to share our insights and policies on defending against scammers.
The Sneaky Setup
In a seemingly routine exchange with a manufacturer, we received an email inquiry about an unpaid invoice. Following up with a detailed account statement, the vendor mirrored our records flawlessly. The scam took a cunning turn a few days later when the same vendor proposed a shift to ACH payments within the same email thread. What made this scam stand out? The scammer had authentic invoice details — a result of starting the ploy with the manufacturer, requesting our statement. With well-crafted fake domains and duplicated signature lines, the scammer had enough genuine data to make their attempt almost indistinguishable.
Our resilience against this scam lied in the company policies we have meticulously put in place. Here, I’ll share these policies with you to help you fortify your business against similar threats.
Policy No. 1: Recognize the “Red Flags.”
Teach your team to spot potential scams. Beware of vendors lacking accurate information — the vendors we communicate with regularly already know how to get ahold of our accounts payable department. Sending emails through our website or calling the main line without knowing who to ask for rings an alarm bell for us.
Be cautious of emails that seem overly formal and those riddled with grammar mistakes. We’ve all made typos before, but use caution if an email’s tone seems “off” — especially when compared to other communications you’ve received from the same company.
Don’t be fooled by unusual urgency. Scammers will often push you to act fast and rush you to make a change or decision without thinking it through
Trust your instincts. If an offer seems too good to be true, it probably is.
Policy No. 2: Verify Changes with the Source.
Never modify existing information without confirmation. Beware of scammers pretending to be employees or vendors seeking alterations in critical data.
Authenticate changes directly with the source using the contact details on file. This means that no employee will ever change the email address, mailing address or payment info for a vendor without first reaching out to a known contact within the organization.
Be cautious about sending account details — make sure that the request for invoices, statements or other information is coming from a known contact. Better yet, generate the requested data and email directly out of your system using information on file when possible.
Policy No. 3: Exercise Caution with Payments from Unusual Sources.
Be vigilant about payment methods: If you have an e-commerce website, ensure that you’ve got fraud protection in place to avoid chargebacks from fraudulent purchases. Scrutinize payments from unconventional channels.
Watch out for scams involving money orders, third-party checks and customers avoiding standard online payment procedures.
I’ll be honest: this is one that got us a few years back. It turns out that the nice, out-of-state grandma who wants to buy a guitar for her grandchild but “couldn’t figure out the internet” actually used a stolen credit card and now has a very nice instrument on our dime. We’re not perfect — and we also no longer accept payments over the phone.
My Recommendation: While we’ve successfully fended off most scam attempts, it’s crucial to acknowledge that the threat landscape is ever-changing. Staying vigilant, continually updating security measures and fostering a culture of awareness are ongoing commitments. By sharing our experiences and policies, we hope to help others stay protected. MI
Amanda Rueter is the vice president of finance and operations at Ernie Williamson Music, a six-location dealer headquartered in Springfield, Missouri.