'Tis the season... for scammers of every shifty shape to double down on their efforts to rip someone--anyone--off.

Small businesses are no exception, and since we received a rather lame attempt this morning, it seemed a good time to reiterate some scam-avoidance tips with our business friends.

The email we received was full of easy-to-spot red flags. 

> Sent from a gmail account

Gmail in and of itself isn't fishy. We serve plenty of clients who don't host their own domains. But when I get a request (supposedly) from a company large enough to provide Purchase Orders and request 30-Day Net terms? There's no way they don't have organization-specific email.

> Sent to the same gmail account

Meaning we were BCC/blind copied on the message. Useful when you're trying to get to as many marks as possible with a single send. How many agencies like ours were they spamming with this scam?

 > From a company that isn't local

...and has no connection to us. While we serve quite a few clients who aren't precisely local, there is almost always a personal connection there.

> Addressed to "Sales" rather than a team member

Again, useful when you're going for quantity over quality. But our team is right here on our website. This would have been easy to remedy if the sender had bothered to do a simple web search.

> Sketchy content

If you've ever ordered promotional products in your life, you know that you'd have a lot more info about what you want than 10,000 "tumblers hot and cold." And you don't get to the job where you order 10,000 of something without knowing that.

> Immediately requesting to not pay us

New customers don't set our payment terms. We do that. If you're asking right out of the gate to put $0 money up for a job that will likely exceed $100k and we've never even heard of you? That's not just a no...

 After conferring (erm, laughing) a bit about all the red flags, let me tell you what we did.

1. Checked out the company

Facility Solutions Group - It's legit! (And has nothing whatsoever to do with our email scammer.)

2. Tried to verify the sender name

In this case, Gabriel Morris isn't on the company website or affiliated with it on LinkedIn. However, if there was actually an employee of the same name, I could call the corporate number to make sure I reached him through legitimate means, rather than relying on the number in the email. Then when I did get through and confirmed the email was phishing, I could at least give the real buyer a heads-up that they are being impersonated.

3. Verified the physical address

This one seemed to check out as a corporate office held by the company. Which might give a salesperson pause - how could the scammer scam if the physical product was going to end up at the rightful company? It's not uncommon for billing and shipping addresses to differ, and corporate warehouses aren't always easy to double-check.

4. Actually picked up the phone and called the number in the email

(We know, we know...) Someone picked up, but he buckled after one single solitary question. (Disappointing, really. We were hoping to have some fun.)

"What is the date of your event?" led to a couple of incoherent, mumbled responses. When asked to repeat, he just hung up.

Okay, then.

Even if he'd been a smooth talker, with all the right answers, we would not have agreed to his PO/Net terms requirement. There have been too many accounts of people in our business being scammed. Here are some horror stories where the criminals actually got away with ripping off tens of thousands in goods:

- Scammer posed as a buyer from an existing customer, with an email address only one letter different.

- Scammer paid up front with stolen credit card and used a stolen shipper number.

- After receiving tracking information, scammer intercepts shipment at the third-party distribution center (UPS/FedEx/etc.). 

They place orders for blank products or products with popular logos, get the product without putting down a penny based on the reputation of the organization they're posing as, and are never heard from again. Then they're selling those goods off, and the business they bought them from is stuck footing the bill.

 We know this scenario is specific to our business, but we serve businesses, and putting scammers MO out there can only help us all be a bit more informed about how they operate.

 Stay vigilant.