Corporate Impersonation Scams
Does this sound familiar? Corporate impersonation scams have been on the rise recently. This kind of scam involves a scammer contacting, generally calling, your place of business. The scammer will, oftentimes, impersonate a member of your company’s management team, like Gary, or an employee from a shipping company. The intentions of this scammer are to get as much money as they can from the business as fast as they can. They make up a story that requires money from the business. This story has consequences for nonpayment and trying to force the employee’s hand. The scammer will demand the money in the form of cryptocurrency, most often bitcoin, and direct the employee to one of the 30,000+ BTMs (coinatmradar.com) available in the US.
Let’s take a deeper dive into how these scams work and how to prevent your company from falling victim to them!
Step One: Your Business/Place of Work is Contacted
Your business is contacted, generally via phone call. The scammer typically impersonates a manager or similar superior; this could be a member of management, ownership, corporate, or other decision-making personnel. This person may also impersonate a company/vendor your business/place of work uses in their normal day-to-day, such as a delivery company, vendor, or partner business. The scammer, having researched your business in some capacity, may give names associated with the business to give more validity to the call such as mentioning a member of management or corporate. The scammer typically calls during a busy hour or late at night to discourage the employee from contacting their superior to check on the situation. The phone number, which is often spoofed, appears to be from a partner business or a local employee. Targeted businesses range from chain businesses like hotels or currency exchanges to small businesses such as restaurants or gas stations. Businesses of all ranges, sizes, and industries are targeted with such a scheme.
Step Two: The Story Begins
The scammer, impersonating a member of the management team or a partnering vendor, will explain a story that requires money quickly. These stories typically involve shipping costs, vendor fees, product purchases, or fees that need to be paid in order for goods or services essential to your business. In attempts to make the situation seem more believable, the scammer may use real company names like FedEx or UPS. They may claim that a shipment needs to be made to the business, but the shipment has not been paid for yet. The scammer may indicate a fee needs to be paid because of non-payment for the alleged shipment, a bounced payment, or additional fees and costs.
Step Three: The Pull
The scammer demands this fee must be paid in the form of cryptocurrency, often bitcoin. The scammer instructs the employee to take funds directly from the register/safe/cash source to make this payment. In hopes of adding more credibility to the situation, the scammer may claim that the employee’s manager is on the other end of the line; this also serves as a method of deterring the employee from reaching out to any personnel they (the employee) report to for verification of this situation. The scammer sends the employee a bitcoin wallet address claiming this is a “company wallet”. They then instruct the employee to go to a bitcoin ATM. These ATMs can be in a variety of easily accessible locations (coinATMradar.com), ranging from pawn shops to gas stations.
Step Four: The Finish/Exchange
The scammer has the employee sign up with the bitcoin ATM provider, generally with their own information, and go through the process of sending the funds to the wallet they gave the employee. The scammer may also ask employees to use IDs left behind by patrons, depending on the nature of the business (gas stations, bars, hotels). Because of the way bitcoin operates – once sent, it’s irreversible – scammers like to use this as a main method of exchange for this type of scam.
Ways to Prevent CORPORATE IMPERSONATION
Basic training for employees during their hiring/on-boarding phase: establishing lines of communication and general chain of command (ie. a manager would never call an employee and ask for X); money handling practices and business delivery schedules (ie. who handles business deliveries and payments, who schedules deliveries, who discusses payment issues with deliveries); reference material for business deliveries is a plus. At an employee level, if the employee is not tasked with handling funds for deliveries or any like matter, this should also be stressed during onboard. Bitcoin is not used for things such as shipping fees and should be a major red flag to any employee.