With the recent large-scale breaches affecting Target shoppers, it is no surprise to us that a new scam is now targeting business owners. Although this time, the scammers are going after the business’ merchant account instead of customer’s credit cards. This scam is widespread and business owners may be targeted regardless of their payment processing provider.
This phishing scam typically starts with an email and could possibly include a follow up phone call. The initial email states that the recipient’s merchant ID has been locked and you must call a toll-free number to get it unlocked. Here is an example of the email:
From: FirstData [mailto:[email protected]]
Sent: Monday, February 10, 2014 9:58 AM
To: XXXXXXXXXX
Subject: Notification
Dear customer, (Note: not personalized with merchant contact information)
We regret to inform you that your merchant account has been locked. (Note: no specific account number provided)
To continue using our services please call our toll free number +18664103984 and update your information. (Note: misspelling and no specific merchant services listed)
Please be ready with your Merchant ID and Terminal ID number. (Note: no description of process to unlock account)
If you received an email such as this, do not open any attachments, and do not call the toll-free number. You should immediately delete it from your inbox and deleted items folder. If you are a merchant who called the toll-free number and gave your merchant ID, please call the contact number listed on your monthly processing statement so that your account can be monitored for fraudulent activity.
If you receive emails in the future that you suspect are phishing, please forward to [email protected] for further review and attention. If you have concerns about this new phishing scam, please feel free to give us a call at (402) 206-2233. We are happy to answer any questions you may have.