How to Recognize and Avoid EFT Scams

Welcome to 2022, where everything has gone digital. Along with ordering girl scout cookies, marketing your business, and writing elegant love letters, paying invoices by check now happens online. To avoid those credit card processing fees, many businesses now both accept and prefer to receive payments via bank transfer, also commonly known as an EFT (Electronic Funds Transfer).

Many invoice management programs such as QuickBooks make EFT payments extremely convenient for the payer as well as the recipient. The days of nervously loading the check into the printer and then sheepishly shredding it afterward, are gone. After entering just the Routing and Account number, bills can be paid with the click of a mouse.

Incredibly convenient? Yes. Perfect for scammers? A million times, yes.

The scam goes like this: you receive an email from the invoicing department at one of your trusted vendors. This may be someone you correspond with regularly, and with whom you have shared a delightful history of successful payments. This person, with their familiar email signature, the same set of contact information, links, and inspirational quotes, will have a simple request for you.

It may look like this:

“[Vendor Name] recently modified and upgraded its banking relationship. As part of this upgrade, we appreciate your assistance to direct your payments to a new banking information. We appreciate your cooperation in making this change to your records. Please advise so I can send you the new updated banking information. We would prefer ACH and wire payments in lieu of paper checks. (p.s.: There is an ongoing new year 10% discount on all outstanding payments made via EFT.)”

“No problem,” you think. Bank accounts change in the normal course of business, and since this change is now incredibly easy to make, we’ll just do it right now before our next meeting. We’ll also get those last few invoices paid so we can take advantage of that 10 percent discount! Easy, and done.

But there’s a catch.

As with all scams, catching it early is better than catching it late, but the only guaranteed way to keep your money is to catch it before it even happens.

It wasn’t your trusted vendor. If you look closely, that email address that usually ends in “.co” ended in “.com” this time. Or maybe the number that usually appears as a “1” was written as a “one.” But who has the details of every vendor’s email address memorized? Isn’t that what auto-complete is for?

Their tone was a little different, too. Not the obviously broken-English with the random capitalizations, missing punctuation, and exorbitant order requests that we’re accustomed to finding in our Spam folders. It was still conversational, but a little different, nonetheless.

A few weeks later, the real, trusted vendor reaches out regarding that unpaid invoice. The one that was, wait a minute, already paid … right? To that new bank account and routing number that you emailed to me, right? At least, I thought it was you? Ruh-roh.

By then, it’s too late.

As with all scams, catching it early is better than catching it late, but the only guaranteed way to keep your money is to catch it before it even happens. Prevention is key, and here are a few tips to avoid becoming another case study:

• Make it official. Businesses will rarely include this information in the body of the email. More likely, banking and routing information will be provided on the invoice itself, or as part of an official announcement, written in a professional tone on company letterhead.
• Call to confirm. Use the phone number on record to call your vendor directly and confirm the change. Ask them to read you the real numbers and make sure they match what was emailed.
• Ask clarifying questions. Can they confirm the number and date on the most recent invoice? How’s business? A scammer won’t know any detailed information and when engaged in a real conversation, the cracks will show very quickly.
• Never click links or open attachments! Curiosity killed the corporate bank account.
• Immediately inform your vendor. The company being impersonated should know as soon as possible in order to alert their contacts and prevent anyone else from being victimized. Also alert others in your organization who may receive these emails and can authorize banking transactions.
• That. Domain. Name. We’ve had some laughs in the past, but unfortunately these scams are not as obvious, or hilarious, as “[email protected]” or “[email protected]” anymore. You may have to look a little closer, but there will always be an inconsistency.

Most importantly, trust your instincts. Sometimes emails just don’t seem right. If you have any doubts at all, get out that magnifying glass, trench coat, and notepad, and start investigating!

To report a scam, or for more information visit: How to Report Fraud, by the Federal Trade Commission, at reportfraud.ftc.gov.

Sponsored content for this article provided by YellowDog.

Christine Mealy is a support services coordinator at YellowDog, Denver’s award-winning print and design studio. In her seven years of managing the general company inbox, she has seen it all. With a knack for recognizing spam, scams, and other nefarious emails, she especially enjoys crafting scathing replies and fooling them right back.