A prospective client contacts you via email or your website, seeking your services on a big, new job. He mentions that the job also involves a third party, so he wishes to pay you for the whole job, if you would then pay the other party involved.
Sounds a bit dubious, right? But this client has a good explanation: He’s seen your design portfolio online and wants to contract for your services to design his new business website if only you will pay his photographer so everything is on one consolidated invoice.
Or: He wishes to hire you to remove a tree from a property he just inherited, yet he also needs you to pay the gardener since he’s located overseas where it is difficult to make multiple international payments. He comes off as polished, presents a professional looking contract and has a real-deal bank account with a U.S. financial institution you believe you can trust. His offer is nothing like those scammy emails we all know are bogus.
What’s my advice here? Proceed at your own peril.
As vice president of risk at WePay, which processes payments for major online platforms, I work to help protect people and companies from costly fraud. And in instances like the two I’ve just mentioned, real people and businesses stand to lose real money. Experience tells me that the person seeking “help” is almost certainly a fraudster using a stolen credit card number.
And that advance fee he wants you to pay to a third-party subcontractor? It's money that will be long gone before you realize months later that you’ve been taken. You’ll be out all the money you received and hit with penalties from your bank.
Welcome to the modern, more sophisticated version of the decades old 419 scam -- a type of advance-fee fraud named for the criminal code where the scam first emerged. Today, the stakes have never been higher -- because new commerce platforms enable fraudsters to reach you in more ways, the dollar amounts involved keep rising and the liabilities have increasingly shifted to hit those who do business online hard.
To avoid being those fraudsters' next victim, here are my suggested best practices for platforms and merchants:
1. Rely on history.
No matter how appealing the job and its purported payoff, keep in mind that sending any form of payments to a third party you don’t know is a highly unusual practice. So, don’t give the benefit of the doubt when someone explains that this is necessary for one reason or another, oftentimes because he or she is located outside the country.
My experience is that, more often than not, that seemingly trustworthy third party is the fraudster or an accomplice. So, what to do? Never agree to send payments to a third party unless that party is related to a client whom you’ve done extensive business with in the past.
2. Talk to those involved.
If you’re still inclined to proceed, probe more deeply before you make the final decision. I recommend insisting on speaking directly with the client by phone. The same goes for that third-party player and anyone else who may be involved. Ideally, these conversations will give you the confidence to proceed.
More realistically, they will likely give you good indicators or hints of the fraudster’s actual intentions so you can cut off the discussions before you’ve lost anything more than a little bit of your time.
3. Mind this contact's location.
Be wary of anyone reaching out to you from afar without a personal connection or referral, even if “afar” is just a few hours' drive from you and this party is not referencing your glowing Yelp reviews as reason for engaging you in particular. What's more, if this person is reaching out from a foreign country that is particularly known for fraud -- you know which countries those are based on the emails you’ve received or heard of before -- be especially cautious.
4. Seek and sweat the details.
Fraudsters don’t tend to offer lots of critical details. So, push for them. And if every response you receive to a direct question is vague, sparse on the details you seek or otherwise written in a manner that’s less polished or professional than the initial outreach, know that these are telltale signs of fraudulent activity.
I also suggest comparing email responses to one another because fraudsters may reuse emails they’ve used with others or message you information that’s different from their previous correspondence with you.
5. Don’t bank the money yet.
Many a victimized business owner will say the same thing: “I was suspicious but the credit card payment cleared my bank so I thought I was good to go.” Of course, that was not true. The reality is that banks and payment processors do their best to stop fraudulent transactions from ever occurring, yet some slip through and are resolved only weeks or months later when the legitimate credit card holder sees and challenges a charge.
At that point, the bank will be recouping everything you took in and almost always levying a charge-back fee too. I tell people they shouldn’t assume the money’s good until six months down the road.
6. Maintain your control.
The end goal for the fraudster is to get your money. This accounts for some of the suspicious behaviors I’ve seen, including fraudsters who ask right away -- before you’ve gotten into the important particulars of the job itself -- if you accept credit card payments. You may experience them as being particularly eager to pay you and provide bank information for that third party.
Some will seek to convince you to pay out that advance fee quickly, while others will be savvier and demonstrate patience, to falsely put you at ease. To protect yourself, maintain your control and limit their control. Don’t succumb to the appeal of a quick credit card payment. And don’t ever accept funds beyond those related to the work that you or your company will perform.
Overall, always listen to your gut when it says, “This whole thing seems too good to be true.”