By John Canfield, VP of Risk for WePay
A prospective client contacts you via email or your website, seeking your services on a big, new job. He mentions that the job also involves a third party, so he wishes to pay you for the whole job if you can then pay that other party involved.
Sounds a bit dubious. But he’s got a good explanation. He’s seen your design portfolio online and wants to contract for your services to design his new business website if only you can pay his photographer so it’s all on one consolidated invoice. Or he wishes to hire you to remove a tree from a property he just inherited yet he also needs you to pay the gardener since he’s located overseas where it is difficult to make multiple international payments. He comes off as polished, presents a professional looking contract, and has a real-deal bank account with an US financial institution you believe you can trust – it’s nothing like those scammy emails we all know are bogus.
What’s my advice here? Proceed at your own peril.
As Vice President of Risk at WePay, which processes payments for online platforms including Constant Contact, FreshBooks, and Zoho, it’s my job to help protect people and companies from costly fraud. And in instances like these I’ve just mentioned, real people and businesses stand to lose real money. Experience tells me that the person seeking “help” is almost certainly a fraudster using a stolen credit card number, and that Advance Fee they want you to pay to a third party subcontractor is money that will be long gone before you realize months later that you’ve been taken. You’ll be out all the money you received and hit with penalties from your bank.
This is the modern, more sophisticated version of the decades old 419 scam – a type of Advance-fee fraud named for the criminal code where the scam first emerged. Today the stakes have never been higher – because new commerce platforms enable fraudsters to reach you in more ways, the dollar amounts keep rising, and the liabilities have increasingly shifted to harder hit those who do business online.
To avoid being that next victim, here are my suggested best practices for platforms and merchants:
1. Rely on History.
No matter how appealing the job and its purported payoff, keep in mind that sending any form of payments to a third party you don’t know is a highly unusual practice. So don’t give the benefit of the doubt when someone explains that this is necessary for one reason or another, oftentimes because they are located outside the country. My experience is that, more often than not, that seemingly trustworthy third party is the fraudster or an accomplice. So what to do? Never agree to send payments to a third party unless it’s related to a client whom you’ve done extensive business with in the past.
2. Talk to Those Involved.
If you’re still inclined to proceed, probe deeper before you make the final decision. I recommend insisting that you speak directly with the client by phone. The same goes for that third party player and anyone else who may be involved. Ideally, these conversations will give you the confidence to proceed. More realistically, they will likely give you good indicators or hints of the fraudster’s actual intentions so you can cut off the discussions before you’ve lost anything more than a little bit of your time.
3. Mind the Location.
Be wary of anyone reaching out to you from afar without a personal connection or referral, even if “afar” is just a few hours drive from you and they’re not referencing your glowing Yelp reviews as reason for engaging you in particular. And if they are reaching out from a foreign country that is particularly known for fraud – you know which countries those are based on the emails you’ve received or heard of before – this should make you especially cautious.
4. Seek and Sweat Details.
Fraudsters don’t tend to offer lots of critical details. So push for them. And if every response you receive to a direct question is vague, sparse on details you sought, or otherwise written in a manner that’s less polished or professional than the initial outreach, know that these are telltale signs of fraudulent activity. I also suggest comparing email responses to one another because fraudsters may reuse emails that they’ve used with others or message you information that’s different from their previous correspondence with you.
5. Don’t bank the money yet.
Many a victimized business owner will say the same thing: “I was suspicious but the credit card payment cleared my bank so I thought I was good to go.” Of course, they were not. The reality is that banks and payment processors do their best to stop fraudulent transactions from ever occurring, yet some slip through and are only resolved weeks or months later when the legitimate credit card holder sees and challenges a charge… at which time the bank will be recouping everything you took in and almost always levying a chargeback fee too. I tell people they shouldn’t assume the money’s good until six months down the road.
6. Maintain Your Control.
The end goal for the fraudster is to get your money. Thus some of the suspicious behaviors I’ve seen include fraudsters asking right away – before you’ve gotten into the important particulars of the job itself – if you accept credit card payments. You may experience them as being particularly eager to pay you and provide bank info for that third party. Some will seek you to pay out that Advance Fee quickly, while others have gotten savvier and will demonstrate patience to falsely put you at ease. To protect yourself, maintain your control and limit their control. Don’t succumb to the appeal of a quick credit card payment. Don’t ever accept funds beyond those related to work you or your company will perform. And always listen to your gut when it says “this whole thing seems too good to be true.”
John Canfield is Vice President of Risk for WePay, the payments partner for online platforms including Constant Contact, FreshBooks, GoFundMe, Meetup, and Zoho. WePay protects its partners from risk and regulatory exposure while supporting seamless payments experiences for their end-users. Prior to WePay, he was Senior Director of Risk at eBay. He holds degrees from MIT and Stanford University.