Payment fraud alert: Renewal notices that look legit but are actually phishing scams

Because your A/P staff is so good at keeping important bills paid, it unfortunately makes them a prime target for payment fraud email campaigns.

Official-looking notices can arrive in their inboxes warning that you’re about to lose customers because your company domain name or trademark is expiring. The email goes on to offer help, with a link to a payment page to supposedly take care of the renewal fee. But it turns out to be payment fraud.

Similar scams are out there that involve notices of software license or service subscription renewals.

Staying away from phishing payment fraud

Before A/P takes any action on these domain renewal notices, the sender needs to be checked out. The domain renewal sender’s address should match the domain registrar company represented in the email, and not be a third party. When in doubt, search the database at Whois.com/whois or check with IT.

Even if the email appears to be on the level, stay away from any links and instead go directly to your registrar’s verified website to pay the renewal fee.

Also to avoid payment fraud, double check the senders of any emails asking for payment for trademark monitoring services, registration with U.S. Customs and Border Protection or a private registry, or renewal of trademark registration.

Unless these emails are from your company attorney or the U.S. Patent and Trademark Office (look for an @uspto.gov sender address), you should assume they’re fraudulent.

In addition, be skeptical of messages warning that a third party is about to register your trademark as a domain in another country (a “.cn” address in Canada, for example) and offering you the opportunity to buy the domain first. This is also an attempt at payment fraud.

And before deleting these phishy emails, don’t forget to bring them to IT’s attention.

Be suspicious of emails containing a QR code

Because QR code usage has skyrocketed in recent years, cybercriminals have been busy blasting out batches of image-based junk emails with embedded QR codes. They’re often able to successfully bypass security protections.

According to the security firm Inky, the emails instruct employees to resolve a security issue, such as a missing two-factor authentication enrollment, or to change a password. Using the tried-and-true tactic of fear, the crooks warn about the “consequences” if the person doesn’t act.

Those who click on the QR code go to a site that looks real, but captures the user’s passwords and sends them to the hackers.

Recipients of these emails get lulled into a false sense of authenticity because the messages are from someone in the company. But that’s because the co-worker’s email account has been accessed through a business email compromise attack.