The Fake Invoice That Almost Cost My Company $10,000: BEC Scam
Sarah, in accounts payable, received an email that looked identical to one from a regular supplier, “ABC Corp,” with an invoice for $9,850. The only difference was slightly changed bank details for payment. She almost processed it. This Business Email Compromise (BEC) scam involves fraudsters impersonating legitimate vendors and sending fake invoices with their own bank account information. Always verbally verify any changes to supplier payment details using a known contact number before sending funds.
My ‘CEO’ Emailed Asking for an Urgent Wire Transfer (It Was a Whaling Attack)
Liam, a finance manager, received an urgent email, seemingly from his CEO who was “in a meeting”: “Need you to process a wire transfer for $25,000 to new vendor for confidential acquisition. Details attached. Must be done today.” Liam almost complied due to the pressure. This is a “whaling” attack, a type of BEC targeting high-level employees. Scammers impersonate executives to trick staff into making unauthorized payments. Always verify such requests verbally, even if they seem legitimate.
The ‘Directory Listing’ Scam: Paying for a Useless Ad in a Fake Publication
Maria’s small business received an invoice for $299 for an “annual online directory listing” or a “Yellow Pages renewal” she didn’t recall authorizing. The publication was obscure or non-existent. These scams trick businesses into paying for worthless advertising in fake or very low-circulation trade directories. Always verify any invoice for advertising services, ensure you authorized it, and check the legitimacy of the publication.
How We Spotted a Vendor Impersonation Scam Before Paying the Wrong Account
Ben’s company received an email from a known supplier stating their bank details had changed and to use new ones for future payments. Before updating, their policy required a phone call to their trusted contact at the supplier (using a number from their existing records, not the email) to verbally confirm the change. The supplier knew nothing about it; their email had been hacked or spoofed. This verification step prevented a fraudulent payment.
The ‘Office Supplies’ Telemarketing Scam: Overpriced Junk We Didn’t Order
Chloe, an office manager, received a call from a “supplier” offering a “special deal” on toner cartridges or cleaning supplies. She vaguely agreed to a “trial.” Weeks later, a shipment of overpriced, poor-quality supplies arrived with an invoice for $500. Office supply scams involve telemarketers using deceptive tactics to ship and bill for unordered or grossly overpriced goods. Always confirm orders with authorized personnel and verify pricing.
Tech Support Scams Targeting Businesses: ‘Your Network is Compromised!’
David, an IT manager, received a call from someone claiming to be “Microsoft Network Security,” warning that his company’s network was “infected” and “sending malicious traffic.” They offered to “help” if he granted them remote access. This is a tech support scam targeting businesses. Scammers aim to gain access to company networks to install ransomware, steal data, or disrupt operations. Never grant remote access to unsolicited callers.
Ransomware Attack: How a Phishing Email Locked Up Our Company Files
An employee at Sarah’s company clicked on a link in a convincing phishing email that appeared to be an invoice. This downloaded ransomware, which encrypted all their shared files. The attackers then demanded a $50,000 Bitcoin payment for the decryption key. Ransomware attacks, often initiated via phishing, can cripple businesses by making critical data inaccessible until a ransom is paid (with no guarantee of recovery). Regular backups and employee training are crucial.
The ‘Government Compliance’ Notice That Was a Scam to Get Money or Data
Liam’s business received an official-looking letter demanding payment of a $150 “compliance fee” for a new (but vaguely described) federal regulation, or to visit a website to “update their business registration,” which then asked for sensitive company data. Scammers send fake government compliance notices (e.g., for OSHA, IRS, labor laws) to trick businesses into paying bogus fees or divulging confidential information. Verify any such notice with the actual government agency.
Fake SEO Services: Paid Thousands, Got No Results (And a Penalized Website)
Maria hired an “SEO expert” company that promised guaranteed first-page Google rankings for her business website for $2,000 a month. After six months, her rankings hadn’t improved, and she later discovered they used “black hat” techniques that got her site penalized by Google. Fake SEO services make unrealistic promises, use ineffective or harmful methods, and provide little to no actual value, wasting marketing budgets and potentially damaging a business’s online presence.
How Business Identity Theft Can Ruin Your Company’s Credit
Ben’s company started receiving bills for lines of credit and services they never opened. Scammers had stolen their business identity (using EIN, registration details) to fraudulently obtain credit, goods, or loans in the company’s name. This severely damaged their business credit rating, making it difficult to secure legitimate financing. Businesses should regularly monitor their credit reports and protect sensitive company information.
The ‘Urgent Domain Renewal’ Scam Email for a Domain We Didn’t Own (Or Was Fake)
Chloe received an email with an invoice for an “urgent domain name renewal” for a domain that was very similar to her company’s actual domain, or one they didn’t own at all, threatening service suspension if not paid immediately. Domain slamming or fake renewal scams trick businesses into paying unnecessary fees for domains they don’t need, or transferring their real domain to a scam registrar at inflated prices.
Protecting Your Business From Check Overpayment Scams (B2B Version)
David’s company received a large order from a “new client” who then sent a check for significantly more than the invoice amount. The “client” asked them to deposit the check and wire the overage to a “shipping partner.” This is a B2B version of the fake check overpayment scam. The initial check is fraudulent. Businesses should never accept overpayments and wire funds back.
The ‘Business Loan’ Offer That Was an Advance Fee Fraud Scheme
Sarah’s growing business was seeking funding. She found an online lender offering “guaranteed fast approval” for a business loan. After applying, she was “approved” but told she needed to pay a $1,000 upfront “insurance fee” or “processing charge” before funds could be disbursed. The loan was fake; this was an advance fee fraud designed to steal the fee. Legitimate lenders don’t typically demand such upfront payments.
How Scammers Use LinkedIn to Target Employees for B2B Scams
Liam, a mid-level manager, was contacted on LinkedIn by someone posing as a senior executive from a potential partner company, initiating a conversation that eventually led to a request for sensitive company information or an attempt to orchestrate a fraudulent payment. Scammers use LinkedIn to identify employees, understand company structures, and craft targeted spear-phishing or social engineering attacks for various B2B scams.
The ‘Exclusive Conference Invitation’ That Was a Data Harvesting Ploy
Maria received a very official-looking invitation to an “exclusive industry leadership summit.” The registration form asked for extensive personal and company details, including travel preferences and security question answers. The conference was either non-existent or very low-value, primarily designed as a data harvesting operation to gather intelligence for future targeted scams or corporate espionage.
My Company Almost Fell for a ‘Change of Bank Details’ Supplier Scam
Ben’s accounts payable department received an email, seemingly from a long-term supplier, announcing new bank account details for all future payments. Luckily, their internal procedure required voice verification with a known contact at the supplier before changing any payment information. The supplier confirmed their bank details had not changed; their email system had been compromised or spoofed. This due diligence prevented a significant fraudulent payment.
The ‘Patent and Trademark Renewal’ Scam With Inflated, Unnecessary Fees
Chloe’s company received an official-looking notice regarding the “renewal” of their trademark, demanding a fee of $800 payable to a private company. While trademarks need renewal through official government offices (like USPTO), scammers send misleading solicitations that look like official invoices but charge inflated fees for services that are unnecessary or could be done directly for much less. Always check with official IP offices.
How to Train Employees to Spot and Report B2B Phishing and Scams
David’s company implemented regular cybersecurity awareness training for all employees. The training covered how to spot phishing emails (suspicious links, urgent requests, poor grammar), verify unusual payment or data requests (especially those claiming to be from executives or vendors), and procedures for reporting suspected scam attempts to the IT/security department immediately. Employee education is a critical defense layer.
The ‘Charity Donation Request’ on Behalf of the Company (From a Scammer)
Sarah, a CEO, was informed by her finance department about an urgent email, seemingly from her, requesting a $5,000 company donation to a specific charity for disaster relief. She never sent the email. Scammers impersonate executives to solicit fraudulent corporate charitable donations, often to accounts they control. All such requests should be verified through internal channels.
Fake Franchise Opportunities: Big Promises, No Support, Lost Investment
Liam invested $50,000 into a new cleaning franchise that promised a proven business model, extensive training, and strong franchisor support. After paying, the training was minimal, the “support” non-existent, and the business model unviable. Fake franchise scams lure investors with exaggerated earnings claims and false promises, then provide little value, leaving franchisees with significant financial losses and failed businesses. Thorough due diligence is essential.
The ‘Energy Deregulation’ Scam Call Promising Lower Bills (But Higher Costs)
Maria’s business received a call from someone claiming to be from an “energy supplier” or “utility company,” offering significantly lower electricity or gas rates due to deregulation. They pressured her to switch providers immediately over the phone. Often, these are scams where businesses are locked into contracts with variable rates that end up being much higher, or they face hefty early termination fees. Verify claims and compare offers carefully.
Our Social Media Business Account Was Hacked and Used to Run Scam Ads
Ben’s company’s Facebook page was hacked. The scammers then used their ad account to run fraudulent advertisements (e.g., for fake products or crypto scams), charging thousands to the company’s linked credit card and damaging their brand reputation before they regained control. Protecting business social media accounts with strong passwords, 2FA, and limited admin access is crucial to prevent such takeovers.
The ‘Industry Award’ Scam: Pay a Fee to Receive a Non-Existent Honor
Chloe’s company received an email congratulating them on winning a prestigious “Industry Excellence Award.” To receive the trophy and be featured in their “publication,” they just needed to pay a “processing and feature fee” of $799. These “vanity award” scams flatter businesses into paying for non-existent or worthless awards. Legitimate awards rarely require payment from the winner.
How Data Breaches at One Company Can Lead to B2B Scams at Another
After a major vendor suffered a data breach exposing client lists and invoice details, David’s company started receiving highly targeted phishing emails and fake invoices that referenced specific past projects. Information stolen in one company’s data breach (e.g., customer/supplier relationships, contact details, project information) is often used by scammers to craft more convincing and targeted attacks against other businesses.
The ‘Emergency Repair’ Scam Targeting Small Businesses After Hours
Sarah, a restaurant owner, received a late-night call from someone claiming the restaurant’s alarm system was malfunctioning (or a pipe burst) and needed immediate emergency repair, demanding credit card payment upfront. The “emergency” was fake. Scammers target small businesses after hours, hoping to reach an employee who might panic and authorize payment for a non-existent urgent service. Verify any such claims.
What Happened When Our CFO Transferred Funds in a BEC Scam (And How We Recovered Some)
Liam’s company CFO fell for a sophisticated whaling attack and wired $100,000 to a fraudulent account. Once discovered (within hours), they immediately contacted their bank and law enforcement (including the FBI’s IC3 for a Financial Fraud Kill Chain request). Due to quick action, the bank was able to freeze and eventually recover a significant portion of the funds before the scammers could withdraw them. Swift reporting is critical.
The ‘Vanity Business Publication’ Scam: Pay to Be Profiled in a Low-Circulation Mag
Maria’s business was contacted by a “prestigious business magazine” offering to feature her CEO in an upcoming issue for a “sponsorship fee” of $3,000. The magazine had very low circulation and little prestige; it was a vanity publication whose business model is to charge subjects for profiles. These offers appeal to ego but provide little actual marketing value.
How Scammers Use AI to Craft Hyper-Realistic Phishing Emails for Businesses
Ben noticed phishing emails targeting his company were becoming much more sophisticated, with perfect grammar, relevant industry jargon, and personalized details that AI could help generate. AI tools can assist scammers in crafting highly convincing and customized spear-phishing emails at scale, making them harder for employees to detect. This necessitates enhanced vigilance and ongoing training.
The ‘Overdue Account’ Collection Call for a Debt We Didn’t Owe
Chloe’s accounting department received an aggressive call from a “collection agency” demanding immediate payment for an overdue invoice from a supplier they didn’t recognize. The “debt” was fake. Scammers run fake debt collection schemes targeting businesses, hoping to intimidate them into paying for non-existent obligations. Always verify any unexpected collection claim with your records and the supposed original creditor.
Implementing Multi-Factor Authentication (MFA) Saved Our Business From a Takeover
David’s company mandated Multi-Factor Authentication (MFA) for all critical systems, including email and financial platforms. Soon after, an employee’s password was compromised in a phishing attack, but the MFA prevented the hacker from gaining access to their account and company data. MFA provides a crucial extra layer of security, significantly reducing the risk of unauthorized access even if login credentials are stolen.
The ‘Commercial Real Estate’ Deal That Was Too Good to Be True (And Was)
Sarah’s company was looking for new office space. They found an online listing for a prime location at a surprisingly low lease rate. The “agent” asked for a large upfront deposit via wire transfer to secure it before they could even view it, claiming high demand. The deal was a scam; the property wasn’t actually available, or the agent was fake. Always verify commercial real estate listings and agents thoroughly.
How Internal Controls Can Prevent Employee Facilitated B2B Fraud
Liam’s company implemented strong internal controls, such as dual authorization for payments over a certain threshold, segregation of duties in accounting, and regular audits. These controls helped prevent situations where a single employee could be tricked (or might attempt) to make a fraudulent payment or manipulate records, significantly reducing vulnerability to both external BEC scams and internal fraud.
The ‘Secret Shopper’ Scam Targeting Business Owners to ‘Test’ Competitors
Maria, a small retail owner, was contacted to be a “secret shopper” to evaluate a competitor. The assignment involved cashing a large check (fake), making purchases, and wiring back funds. This is a variation of the fake check scam, adapted to target business owners by appealing to their interest in competitive intelligence, but the underlying mechanism is the same: trick them into cashing a bad check.
My Business Was Listed on a Fake ‘Better Business Bureau’ Type Site Demanding Fees
Ben found his business listed on a website that looked like an official consumer protection or business rating agency, but it was demanding a $199 fee to “maintain a positive rating” or “resolve a non-existent complaint.” Scammers create fake business accreditation or review sites, then try to extort fees from businesses. Check with legitimate bodies like the real Better Business Bureau (BBB.org).
The ‘Software Licensing Audit’ Scam Call Trying to Get Remote Access
Chloe’s IT department received a call from someone claiming to be from a major software vendor (like Microsoft or Adobe) conducting a “mandatory software licensing audit.” They demanded remote access to their servers to “verify licenses.” This is often a scam to gain unauthorized access to company systems, install malware, or steal data. Verify any audit request directly with the software vendor through official channels.
How Scammers Target New Businesses That May Be Less Savvy
David recently started his own business. He was soon inundated with official-looking invoices for directory listings he didn’t order, compliance notices for obscure regulations, and offers for “essential” business services at inflated prices. Scammers often target new businesses, knowing they may be less experienced with administrative requirements or more susceptible to misleading solicitations for services or compliance demands.
The ‘Tax ID Registration’ Scam: Paying for a Free EIN
Sarah was starting a new LLC and saw a website offering to register her for an Employer Identification Number (EIN) from the IRS for a fee of $150. She later discovered that applying for an EIN directly from the IRS website is completely free. Scammers charge fees for government services or registrations that are available at no cost from official government sources.
Our Experience Reporting a Sophisticated B2B Scam to Law Enforcement
Liam’s company lost a significant sum to a BEC scam. They immediately reported it to their local FBI field office, the Internet Crime Complaint Center (IC3), and their bank. While recovery was uncertain, providing detailed information about the scammer’s tactics, email addresses, and bank accounts used helped law enforcement in their broader investigations into these organized criminal groups.
The ‘Mandatory Workplace Poster’ Scam: Overpriced and Often Free Elsewhere
Maria’s business received a notice stating they were legally required to display certain updated workplace posters and could order them for $99 from the sender. While businesses do need to display specific labor law posters, these are often available for free or at a low cost directly from state or federal labor departments. Scammers sell these at grossly inflated prices.
Cyber Insurance: Did It Cover Our Losses From a B2B Scam?
After Ben’s company suffered a ransomware attack, they filed a claim with their cyber insurance provider. The policy covered some of the incident response costs and business interruption losses, but there were limitations and a deductible. Cyber insurance can be valuable, but businesses need to understand their policy’s specific coverages, exclusions, and requirements for preventing incidents (like MFA) to ensure it will pay out when needed.
The ‘Lead Generation’ Service That Provided Fake or Useless Leads
Chloe’s sales team signed up for a lead generation service that promised high-quality, targeted leads for $500/month. The leads they received were mostly outdated, incorrect, or for individuals not interested in their products. Some lead generation services overpromise and underdeliver, providing low-quality or entirely fake leads, wasting marketing spend and sales team effort. Vet lead providers carefully.
How Scammers Exploit Supply Chain Disruptions for B2B Fraud
During a period of supply chain issues, David’s company received urgent emails from new “suppliers” offering hard-to-find components at a premium, demanding large upfront payments. Some were scams. Scammers capitalize on supply chain disruptions by posing as alternative suppliers for in-demand goods, taking advance payments and then failing to deliver, or delivering counterfeit/substandard products. Heightened due diligence is needed.
The ‘Exclusive Government Contract’ Scam Promising Easy Wins
Sarah’s small tech company was approached by a “consultant” promising access to “exclusive, no-bid government contracts” for a hefty upfront fee of $5,000. The contracts never materialized. Scams involving promises of easy access to lucrative government contracts often target businesses looking to expand, charging large fees for connections or information that are either fake or publicly available.
Why Verifying Requests ‘Out of Band’ (e.g., by phone) is Crucial for B2B
Liam received an email from his CFO asking for an urgent change to payroll direct deposit details for an executive. Before acting, Liam called the CFO directly on her known office number (an “out-of-band” verification, meaning outside the email channel). The CFO knew nothing about it; her email was spoofed. This simple verification step is critical for preventing many B2B payment redirection scams.
The Emotional and Reputational Damage to a Business From a Scam
When Maria’s company fell victim to a significant data breach due to a phishing scam, the financial cost was high. However, the damage to their reputation with customers, the loss of trust, and the internal stress and morale issues were equally, if not more, impactful. B2B scams can have far-reaching consequences beyond just the monetary loss.
The ‘Business Coaching’ Guru Who Was All Hype and No Substance
Ben paid $3,000 for a “business breakthrough” coaching program from a self-proclaimed guru he saw online. The program consisted of generic advice, motivational platitudes, and constant upselling to more expensive “mastermind” groups, with little practical, actionable content. Many “business coaching” programs are run by individuals with little real expertise, selling hype and hope rather than valuable guidance.
How Scammers Use Dumpster Diving for Corporate Espionage and Scams
Chloe learned that a competitor might have obtained sensitive client information by “dumpster diving” – going through their improperly disposed trash. While less common now, physical security of documents is still important. Information gleaned from discarded papers (invoices, client lists, internal memos) can be used for corporate espionage or to craft targeted B2B scams. Shred all sensitive documents.
The ‘Investment Opportunity’ Pitched to Our Business That Was a Ponzi Scheme
David’s company was approached by a firm offering an “exclusive, high-yield investment opportunity” for their surplus cash. It turned out to be a sophisticated Ponzi scheme. Businesses, like individuals, can be targeted by investment frauds promising unrealistic returns. Due diligence by financial professionals within the company is essential before committing corporate funds to any external investment.
Building a Culture of Security Awareness in Your Company to Fight Scams
Sarah’s company invested in ongoing security awareness training, regular phishing simulations, and clear reporting procedures for suspicious activity. They fostered a culture where employees felt comfortable questioning unusual requests and reporting potential threats without fear of blame. A strong security culture, where every employee is vigilant, is one of the most effective defenses against B2B scams.
The Time We Outsmarted a B2B Scammer: A Case Study in Vigilance
Liam received a BEC email trying to redirect a large vendor payment. He followed protocol: didn’t reply, didn’t click links, and called the vendor’s AP contact directly using a trusted number. They confirmed it was fraud. He then reported it to IT and the authorities. By staying vigilant, following procedures, and verifying independently, his company outsmarted the scammer and avoided a significant loss, reinforcing the value of their security practices.