NewsLocal NewsGrand Rapids

Actions

Spear phishing attack: BBB staffer targeted by scammers trying to impersonate him

bbb web video.jpeg
Posted
and last updated

GRAND RAPIDS, Mich. — We've all become accustomed to spotting the classic spam emails promising millions from a foreign princes if we can only lend them a few hundred dollars to cover processing fees, or whatever. But scammers are getting craftier, and businesses are becoming prime targets.

Spear phishing attack: BBB staffer targeted by scammers trying to impersonate him

Troy Baker, Vice President of Community Relations at the Better Business Bureau (BBB) in West Michigan, recently encountered a "spear-phishing" attack — a targeted email scam designed to steal money.

“If it worked, I wouldn't get a paycheck by the next pay day. I'm not a big fan of that,” Baker told FOX 17 Friday.

“There was no risk that we were falling for it, but it was funny that it was impersonating me, the guy who spends his time out in the community warning people about scams.”

The would-be scammers sent an email to the BBB of West Michigan's Vice President of Operations.

"Good morning, I want my new bank to be operational for the forthcoming payroll. Let me know what you need to make the change. Warm Regards, Troy Baker," is all the email said.

Unlike traditional phishing emails sent to a wide audience, spear phishing emails target specific people. Scammers gather information about their victims and their organizations to craft a more believable message.

In this case, the scammers found an email address for the BBB's VP of Operations and impersonated Baker.

The email requested a change to Baker's bank account information, so they could siphon off his next paycheck.

The attempted scam highlights the growing risk of spear phishing attacks on businesses.

“They may not have gotten money from me, but they are getting money from other people,” Baker said.

Here are some red flags to watch out for:

  • Unfamiliar email address: Look closely at the sender's email address, not just the displayed name. Does it match the sender's usual address?
  • Misspellings and grammatical errors: Are the typos or grammatical mistakes typical of what you would expect from the sender
  • Unusual requests: Be wary of emails requesting urgent action, especially regarding financial information
  • Vague or generic language: Legitimate business emails will usually be specific and provide context

It is also important to be wary of hyperlinks inside the body of an email. Never click a link if you are uncertain of where it will take you.
“If there are links within that email, hover your cursor over top of that link... down in the bottom corner of your browser, a little pop-up comes up, and it shows you where that website's gonna take you,” Baker explained.

“It's so important for businesses to be on top of this, and to train their employees that work in these areas, that there are steps that you need to take before you change somebody's payroll, before you change an account, before you send money to an account that you haven't sent to before.”

For more resources on how to protect yourself and your business from spear phishing attacks, visit the BBB's website HERE.

Follow FOX 17: Facebook - X (formerly Twitter) - Instagram - YouTube