FREDERICKSBURG, LEBANON CO., Pa. (WHTM) — You get an email from your boss: Send this payment as soon as possible.
You’re a payroll clerk and you get an email from an employee: They’ve changed banks; here are the new routing and account numbers for direct payroll deposits.
“Stop it,” said Jami Theiller, cash management sales manager with First Citizens Community Bank (FCCB). “Pick up the phone. Call the person you think sent you that email.”
Get traffic alerts from the abc27 mobile app for the latest local delays and road closures
And don’t call a number listed in the email, Theiller said, because that could be part of the scam.
“Get the phone number from your files,” she said, or if the email is from a business, “also Google the business name and pull it off their website so you can make sure you’re calling the right place. “
FCCB is a 31-branch bank based in Mansfield, Pa., in Tioga County. Theiller spoke with abc27 at a branch in Fredericksburg, Lebanon County. She said banks across the U.S. have noticed more people falling victim to “business email compromise scams,” or increasingly sophisticated scams.
Deception is not new. But it’s one thing to get an email from a bank you don’t have an account with or a company you’ve never done business with. It’s another thing to get an email that looks trustworthy from your bank – or boss or co-worker.
It starts with an attack on your email – but really, it starts before that.
“People who can use Facebook, who can search the web and who are clicking on the wrong links – that’s really what gives your computer a virus, is clicking on things you shouldn’t be,” said Theiller.
This opens the door to a hacker, who is basically a researcher with bad intentions.
“The research they do is they can tell who your office manager is, who your accountant is, who your banker is,” Theiller said. Then “they create fraudulent email addresses that are made to look exactly like the email addresses you normally send email to.”
Get severe weather alerts with bulletins and push alerts from the abc27 weather team!
For example?
“They can take an ‘m’ and use an ‘r’ and an ‘n’ to replace the ‘m,'” Theiller said. “They can take two ‘v’s’ and replace them with a ‘w’. They can take the number one and replace it with a capital ‘i.’
In other words, imagine quickly looking at a seemingly reliable email from an @arnazon.com (see how the “r” and “n” look like an “m”) or @vvalmart.com (two “v”‘ look like a “w” email address).
These are dead giveaways. And no one should ask for banking information by email anyway.
Call your bank the moment you suspect you may have fallen victim.
“We will at that point contact the network of banks that should be involved and discuss where the money went and how to get it back,” she said. “Banks have become very good at working together to try to recover money as quickly as possible. However, timing is key. You must ensure that you notify the bank immediately.”
Stay up to date with the latest news with the free abc27 News app for iPhone and Android
However, Theiller said, “it’s very difficult to get those funds back,” hence the emphasis on prevention. She said the FCCB and other banks have online and in-person resources to help consumers and businesses protect themselves.