Business owners: one email saying "we've updated our banking details" can send your next five-figure payment straight to a criminal. It's called business email compromise, and it torches companies.
Not by replying to the email. Not at the number in the email signature, that's the scammer's number. Call your contact at the number already in your records before a single dollar moves to new banking details.
A vendor's (or your own) mailbox is quietly breached, often via phishing. The crook reads invoices and payment threads for weeks, learning names, amounts, and timing.
From the real vendor's real address, or one letter off: "Please note our updated banking information for the attached invoice." Same logo, same signature, expected amount.
It looks completely routine. The next payment, sometimes tens of thousands, goes to the criminal's account.
"Where's our payment?" By then the money's been moved through mule accounts. Recovery windows are measured in hours, not weeks.
Make it policy: no payment detail changes without a phone call to a known number. No exceptions, even for the boss.
Call the vendor using the number in your records or on their real website. Never the one in the email.
Turn on two-factor for company email. Most of these start with one phished mailbox.
Slow your payables down one beat. A 10-minute verification habit beats a $40,000 loss.
Tell your bookkeeper about this scam today. They're the target, and they can't dodge what they've never heard of.
KCCS installs, secures, and watches business systems all over Southern Colorado. Get a free assessment — a real engineer walks your site and hands you a written punch list.
Or call 719-530-4040 · Response within 2 business hours