The FTC cautions that scammers pose as legitimate parties to manipulate bill payments and steal money. The guidance focuses on practical steps businesses can use to reduce phishing and fake-billing risks.

The FTC’s consumer guidance addresses how scammers exploit trust and routine business processes by posing as legitimate parties—often through phishing or billing-related impersonation. The result can be direct financial losses as payments are redirected to fraudsters, along with downstream consequences like compromised accounts, disrupted operations, and cascading fraud if attackers gain additional access. In these schemes, scammers typically send messages designed to look like they come from a vendor, client, service provider, or internal contact. The communications may include urgent requests, invoice changes, or payment instructions that look legitimate at a glance. If a victim follows the instructions without verification, funds can be sent to accounts controlled by the criminals. The FTC emphasizes prevention through operational discipline: treat unexpected payment instructions as suspicious, verify billing changes via known, trusted contact methods, and harden workflows so no single message—especially an unsolicited one—can trigger payment without confirmation. Businesses are also encouraged to remain alert to phishing indicators and implement controls that reduce exposure, such as staff awareness and procedures for confirming invoice or bank-account updates. The overall lesson is to slow down payment decisions and verify independently when scammers attempt to leverage urgency and official-sounding billing language.