Merger Scams and What to Know

Merger Scam Target Victims

A business merger can mean big changes for a wide range of folks related to the company. This gives scammers a host of potential victims to choose from. Here are some of the most common target groups and the types of scams they may be vulnerable to.

Customers

A common question a customer might have after hearing their bank is going through a merger is: "What does this merger mean for me?" Scammers are happy to supply fake answers. They may use the opportunity to send texts, emails, letters, or calls with the following ruses: 

• Offering to help with "online account maintenance" during the transition to gain access to account credentials.
  
  
• Asking customers to update their account payees, giving the scammer access to transfers.
  
  
• Requesting a payment due to a supposed overpayment tied to the transition, though the overpayment check will bounce after the customer pays.
  
  
• Requiring victims to open a new account before the merger but sending them to a malicious site.
  
  
• Charging customers fees related to the transition or asking for funds to release supposedly "frozen funds."

Employees

During a business transition, staff may have new things to navigate, from new bosses to meet to new processes and systems to learn. Scammers will exploit this complex time through business email compromise, one of the most common cybercrimes. BEC involves impersonating security or leadership to:

• Request urgent access to a building, device, or software system.
  
  
• Ask for updated vendor payment details.
  
  
• Create the appearance of leadership's approval of a money transfer or other financial transaction.

Vendors and other third parties

The many business partners connected to a merging company can be victims as well. Perpetrators can pretend to be employees from the new brand, asking for updated info, fees, or access. 

Merger Fraud Red Flags

When any business in your world announces a merger, it's time to start watching for the following merger fraud red flags: 

• Urgent or last-minute payment, account, or information requests. Companies generally try to make transitions as easy on customers as possible. Frantic demands are unlikely to be genuine.
  
  
• Sudden changes to payment instructions. Before making any payments to a new recipient, use a known and trusted contact method to speak with a trusted business representative to confirm the request is valid.
  
  
• Email typos or suspicious domains. Read emails, texts and websites carefully. If the website address, email address, or other text contains typos or unusual spellings, do not engage. Relatedly: A familiar phone number does not verify authenticity, as caller ID is relatively easy to manipulate.
  
  
• Avoiding verification calls or video meetings. Customers, employees and vendors alike should feel welcome to verify any request with an additional phone call or video call with a trusted representative. If the person communicating with you resists this request, they are likely a scammer.

How to Stay Safe from Merger Scams

To protect yourself during a business transition: 

• Verify every request using known contact info.
  
  
• Slow down. Do not comply with urgent demands.
  
  
• Train employees about BEC and communicate fraud risk to internal teams.
  
  
• Never share passcodes or credentials with anyone.
  
  
• Report suspicious activity immediately to the company.

A business merger can be an exciting time for the company and customers. There can also be complexity involved. By keeping an eye out for the signs of merger fraud, customers, employees, and vendors can keep themselves and their organizations safe from fraud.