Recently a client received an email asking that future ACH payments go to a new bank and account. It was a really ’good’ email and in many ways, looked legit; it wasn’t!
All the names, spellings, and other details looked just right. When you got to the bottom of the email, the domain name was one letter off, just one letter!
Rather than try to be a detective, we recommend you have an internal policy with absolutely no exceptions; all requests to change bank information— employees, vendors, clients—must involve a phone call that you initiate with a primary contact, no exceptions! If you experience fraud, contact the bank, ask that the FBI get involved, and escalate to the appropriate law enforcement agencies. Then go sooth your team member; no one wants to have been tricked and I’m sure they feel just awful. Provide some encouragement, then re-train the team! –CMW