SCAM ALERT! How our customer ALMOST lost thousands!

April 01, 2025•3 min read

The Almost-Scam: How a Tiny Domain Difference Almost Cost Our Customer Big

In the digital age, vigilance is paramount. We've seen a disturbing surge in sophisticated scams targeting businesses, and a recent incident involving one of our customers serves as a stark reminder of the ever-evolving tactics employed by cybercriminals.

Imagine this: your accounts team receives an email from a supplier you've worked with for years. It's a routine notification, right? Not this time.

The email, with the subject line "Due to a recent system upgrade, our bank account details have been updated," informs them of a necessary change in payment information. It provides new account numbers and sort codes, seemingly legitimate.

What made this scam so insidious?

Professional Presentation: The email was impeccably written, devoid of the grammatical errors and awkward phrasing often associated with phishing attempts. It exuded an air of legitimacy.
Official-Looking Documentation: A PDF attachment accompanied the email, complete with the supplier's logo, signature, and meticulously detailed bank change information. It looked utterly authentic.
Deceptive Domain: The email address appeared to be from the supplier's domain. However, a closer look revealed a subtle but critical difference: the domain ended in ".org" instead of the correct ".com."

This seemingly minor discrepancy was the red flag that almost went unnoticed. These scammers are masters of impersonation, leveraging the familiarity of established supplier relationships to their advantage. They exploit the trust businesses place in their partners, sending emails that appear entirely credible.

The potential consequences were significant. Had our customer proceeded with the payment, the funds would have been transferred directly into the scammers' accounts, leaving them with substantial financial losses and potential disruptions to their operations.

Fortunately, a timely phone call from a known contact at the supplier averted disaster. The contact confirmed that these fraudulent emails were circulating and that several organizations had already fallen victim to the scam.

Lessons Learned: How to Protect Your Business

This incident highlights the critical need for robust cybersecurity practices. Here are some key takeaways:

Verify, Verify, Verify: Never take email communications at face value, especially those involving payment changes. Always verify the legitimacy of such requests through alternative channels, such as a phone call to a known contact.
Pay Attention to Details: Scrutinize email addresses and domain names carefully. Even a seemingly insignificant difference can be a telltale sign of a scam.
Educate Your Team: Provide comprehensive cybersecurity training to your employees, equipping them with the knowledge and skills to recognize and respond to potential threats.
Implement Strong Security Measures: Invest in robust security solutions, including email filtering, antivirus software, and firewalls, to protect your systems from cyberattacks.
Establish Clear Protocols: Create and enforce clear protocols for handling payment changes and other sensitive transactions.

Investing in Cybersecurity Training

We understand the challenges businesses face in safeguarding their operations against evolving cyber threats. That's why we offer a comprehensive business cybersecurity course designed to equip your team with the knowledge and tools they need to stay safe.

In today's digital landscape, cybersecurity is not an option; it's a necessity. By investing in cybersecurity training, you can empower your employees to become your first line of defense against cybercriminals.

Don't wait until it's too late. Take proactive steps to protect your business from scams and other cyber threats. Click HERE to learn more about our cybersecurity course and how it can help you safeguard your business.