Advice + Tax + Accounts for smart business owners.
August 13th 2018

The fight against phishing

Make sure you keep safe with emailed invoices & payment requests – even when it’s from your boss.

Online Invoicing, BACS Payments, Direct Debits & Digital banking – with the world at our fingertips, and everything going digital; so are the thieves.

One of the most common (and successful) methods of digital fraud is Phishing, which simply put, is a fraudulent method of gaining sensitive information by pretending to be someone else, using “bait” in the form of emails & letters designed to look as though it is from a legitimate source.

Now, you might be thinking that it’s easy to spot a fraudster – or that you’re not silly enough to reply to an email from a Saudi Prince promising you money, but it’s far more complex than that in this day and age.

Check out this “BT Bill” that a few of us here at Scholes received last year:

Looks legitimate, right?

Hover over most of the links, and right enough - it takes you to the BT website.

But just on the part to view your bill, it redirects to somewhere phishy…

These fraudsters aren’t dim, they’re incredibly devious, and know how to make things look just authentic enough to trick you into putting in your card information and making off with untold thousands.

So, we have a few simple steps that should help you identify potentially phishy emails.

1 – Make sure it’s from the right email address

The primary thing to look for.

Check for subtle differences - “” versus “”, or even a single letter – vs, or a different ending “.com” rather than “”

Don’t just check the name that appears with an email. With a little change in my options, I can be like the Crown Prince of Denmark if I feel like it!

Check “On behalf of” – While some of these could be genuine, if an email address is compromised, it could be fraudulent.

Tip – A lot of email providers & programs let you set custom names & pictures. Use them! It makes it immediately identifiable as someone you usually correspond with.

2 – Make sure the payment request is genuine

Always check you have evidence to back up the request on your system. If not - get a copy of the invoice, receipt or statement from your usual source, with your usual method.

3 – Make sure it’s the correct bank info

If they’re sending bank information, make sure it’s the same as usual. If not…

4 – Double Check with the expected source!

If you are unsure – even if it’s just a feeling, double check with a different communication method. Message a different sales rep, pick up the phone, ask your boss, go knock on their door if they’re across town – because if it saves you money, or saves a genuine company reputation – then it’s more than worth the ten minute check.

Contact our tech team today for further advice and assistance.


Let's talk

Book your free consultation now:

Preferred Method of Contact