Advanced Fee Fraud

November 30, 2016 Risk & Fraud
John Canfield
By John Canfield, Vice President of Risk and Compliance Product
John Canfield
By John Canfield, Vice President of Risk and Compliance Product

Here’s something we continue to hear about from our platform partners and their users: a prospective client reaches out to a small business owner via email or a website contact form seeking help on a big, new job. This prospective client says he’s also working with another party whom he wants the business owner to pay from a single lump sum he’ll pay in advance.

Sounds sketchy, to be sure. But the payoff is attractive and the explanation for this unusual arrangement is plausible – perhaps he can only write a limited number of checks from a trust or estate account, or he’s overseas and constrained in the number of international payments he can make.

My advice, rooted in more than 10 years of work helping people and companies avoid costly fraud: Don’t do it.

Chances are, that prospective client is a fraudster with a trove of stolen credit card numbers. And that other party is either that same fraudster or an accomplice, not a legitimate third party subcontractor. So a business owner who proceeds will later find they’ve been victimized. They will be then be out all the money and likely charged with additional bank penalties.

This is the modern, sophisticated version of the decades old 419 scam – a type of Advance-fee fraud named for the criminal code where the scam was apparently first hatched. Today the stakes have never been higher – because commerce platforms enable fraudsters to reach you in more ways, the dollar amounts keep rising, and the liabilities have increasingly shifted to harder hit those who do business online.

Here are my top 5 common sense practices that every merchant should follow, and every platform should convey to their users:

  1. Don’t trust a new contact

It’s a highly unusual arrangement for a client to require one vendor to pay others. So if you haven’t already worked with the different players involved, don’t trust that it will all work out ok. In fact, I’d say a small business owner should NEVER agree to send payments to a third party unless it’s related to a client whom they’ve done extensive business with in the past.

  1. Get on the phone fast

Email is a great way to transact business. But when the opportunity is dubious, getting on the phone can go a very long way. I advise business owners to speak directly with the client and third party by phone. More often than not, such discussions will give further indicators or hints of the fraudster’s actual intentions before anything other than time has been lost.

  1. Press for more details

Most fraudsters like to gloss over details. Don’t let them. It will always serve well to seek more, to clarify details, and so on. And when sweating those details, it’s also good to pay attention to language – if the follow-on discussions are less polished or inconsistent with the initial outreach, that should be a giant red flag.

  1. Don’t think banked money is safe money

It’s sad how many times I’ve heard of someone saying “I thought it was ok when the credit card payment cleared my bank.” Banks and processors do their best to stop fraudulent transactions, yet some slip through and are only resolved later when the legitimate card holder discovers them. From there, it’s just a matter of days before the involved bank will claw back funds from the victimized merchant and levy a chargeback fee too. I tell people not to assume the money is safe until six months down the road.

  1. Trust your gut

At the end of the day, don’t succumb to the appeal of a quick credit card payment. Even when that fraudster comes off as polished, professional, even patient while working through details with you, know that too much of a good thing is often too much to be a good thing. If your gut tells you something’s not right, move on without ever looking back.

About the author

John Canfield

John Canfield, Vice President of Risk and Compliance Product

John Canfield is the Vice President of Risk and Compliance Product for WePay. Prior to WePay, he was the Senior Director of Risk at eBay. He holds degrees from MIT and Stanford University.

More blog posts by John Canfield