Suspect the Unexpected 

A key part of staying safe in business is being on-guard for scams, attacks, and financial losses, no matter where they come from. And they do come from just about everywhere, including disguised as seemingly harmless cold calls and emails.

All businesses need to keep the lights on, but unfortunately, some go about their sales in unexpected (and even misleading) ways. We’ve seen a flurry of sales and marketing tactics that we’re skeptical of lately—check out some examples below and learn how to help protect your company and educate your customers.

Business as (Un)Usual

There’s nothing unusual about sales emails: they’re necessary to every business and may just be how you find your next great vendor or service. But as with all unexpected emails, it’s important to keep your cybersecurity mindset before acting.

Repetitive, “spammy” sales emails are popular, and part and parcel to marketing and sales efforts for many. But we have to exercise cybersecurity best practices to avoid interacting with messages from unverified companies. Red flags include:

  • Emails sent from generic domains (i.e. or domains that don’t match the company
  • Typos, grammatical errors, or suspicious links
  • Emails that include attachments

If you do have a business need for the service, do some research to confirm legitimacy. It’s best to reach out directly via their website before clicking links or responding to the email. And don’t be afraid to pick up the phone and call the company that sent you the email to make sure what you’re seeing is what you’re getting.

Did you know…

According to a Pew Research Center study, 46% of internet users are not able to identify examples of phishing attacks.

The Presumptuous Invoice

Our finance team recently received an invoice from a company we have never worked with for an “Advertising Insertion Order.” As numerous online complaints indicate, it’s been identified as a scam. But it’s crafty: the invoice is personalized, printed on high-quality letterhead, and priced low enough where it might be paid without a second thought.

The fine print reveals some secrets: “…our standard policy is to automatically void any invoice that has not been paid within 30 days and release the reserved advertising space…”  Translation: if you don’t pay the invoice, you don’t owe it—the advertising (that you never ordered) is simply voided.

Here are a few tips to avoid falling victim:

  • Provide security training to all employees, and ask finance employees to be especially vigilant
  • Remind your customers that social engineering can come in all forms, not just via phishing emails
  • Keep careful records of projects with external vendors and build a process of payment confirmation

Why Verify?

Sales emails and invoices are nothing out of the ordinary in business, but in both examples, the difference between business-as-usual and a potentially unsafe situation is often verification.

You can help by reminding your customers to proceed with caution and always confirm before acting on unexpected requests, no matter the source of the request. Whether that means 5 minutes of research on a company that cold-called or double checking with the department next door before sending a check, the extra step could save them from a cyberattack or scam.

The more you and your customers think and know about unexpected techniques and requests, the better you can evaluate the good ones and avoid the bad ones.

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.