Suspect the Unexpected 

November 8th, 2019

A key part of staying safe in business is being on-guard for scams, attacks, and financial losses, no matter where they come from. And they do come from just about everywhere, including disguised as seemingly harmless cold calls and emails.

All businesses need to keep the lights on, but unfortunately, some go about their sales in unexpected (and even misleading) ways. We’ve seen a flurry of sales and marketing tactics that we’re skeptical of lately—check out some examples below and learn how to help protect your company and educate your customers.

Business as (Un)Usual

There’s nothing unusual about sales emails: they’re necessary to every business and may just be how you find your next great vendor or service. But as with all unexpected emails, it’s important to keep your cybersecurity mindset before acting.

Repetitive, “spammy” sales emails are popular, and part and parcel to marketing and sales efforts for many. But we have to exercise cybersecurity best practices to avoid interacting with messages from unverified companies. Red flags include:

  • Emails sent from generic domains (i.e. or domains that don’t match the company
  • Typos, grammatical errors, or suspicious links
  • Emails that include attachments

If you do have a business need for the service, do some research to confirm legitimacy. It’s best to reach out directly via their website before clicking links or responding to the email. And don’t be afraid to pick up the phone and call the company that sent you the email to make sure what you’re seeing is what you’re getting.

Did you know...

According to a Pew Research Center study, 46% of internet users are not able to identify examples of phishing attacks.

The Presumptuous Invoice

Our finance team recently received an invoice from a company we have never worked with for an “Advertising Insertion Order.” As numerous online complaints indicate, it’s been identified as a scam. But it’s crafty: the invoice is personalized, printed on high-quality letterhead, and priced low enough where it might be paid without a second thought.

The fine print reveals some secrets: “…our standard policy is to automatically void any invoice that has not been paid within 30 days and release the reserved advertising space...”  Translation: if you don’t pay the invoice, you don’t owe it—the advertising (that you never ordered) is simply voided.

Here are a few tips to avoid falling victim:

  • Provide security training to all employees, and ask finance employees to be especially vigilant
  • Remind your customers that social engineering can come in all forms, not just via phishing emails
  • Keep careful records of projects with external vendors and build a process of payment confirmation


Why Verify?

Sales emails and invoices are nothing out of the ordinary in business, but in both examples, the difference between business-as-usual and a potentially unsafe situation is often verification.

You can help by reminding your customers to proceed with caution and always confirm before acting on unexpected requests, no matter the source of the request. Whether that means 5 minutes of research on a company that cold-called or double checking with the department next door before sending a check, the extra step could save them from a cyberattack or scam.


The more you and your customers think and know about unexpected techniques and requests, the better you can evaluate the good ones and avoid the bad ones.

Your cart