Technology
Preventing this insidious email forwarding scam that will drain your bank account
With our lives so intertwined with digital communication these days, the threat of email fraud is something we all need to take seriously. Recently, Teresa W. shared a scary experience that underscores the dangers of business email compromise (BEC).
“I almost lost many thousands of dollars through an internet fraud scam. I got a call from our personal banker who said she saw nearly all the money in our business account being withdrawn. She said she got an email from me along with the money wiring directions. I told her I didn’t send that and she said my email came from me directly to her. I said to stop everything and I will get to the bottom of it.
“Apparently the thieves got hold of a wiring instruction paper from my email, which they hacked into. They created a rule in Outlook to bypass me if anything came from them and go straight to the banker. They changed the wiring instructions to go into their account but thank goodness our banker alerted me so I could get to the bottom of it. Too close for comfort!”
This incident highlights a sophisticated scam where cybercriminals gain access to legitimate email accounts and use them to deceive others into transferring funds. Teresa’s quick action, combined with her banker’s vigilance, prevented a significant financial loss, but it serves as a wake-up call for many businesses.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
“You’ve been hacked!” written on laptop home screen (Kurt “CyberGuy” Knutsson)
What is business email compromise (BEC)?
Business email compromise (BEC) is a form of cybercrime that targets companies engaged in wire transfer payments and other financial transactions. The FBI reports that BEC scams have caused billions in losses globally. These scams exploit human psychology rather than technical vulnerabilities, making them particularly insidious.
A hacker at work (Kurt “CyberGuy” Knutsson)
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
How the scam works
Email hacking: Scammers often gain access to email accounts through phishing attacks, where they trick users into revealing their login credentials or by deploying malware that captures sensitive information.
Email rule creation: Once inside the account, scammers can create rules in email clients like Outlook that redirect or hide specific emails. This means that any communication related to fraudulent activities may go unnoticed by the victim.
Impersonation: The scammer impersonates the victim and sends emails to contacts, such as banks or vendors, requesting urgent wire transfers or sensitive information.
Execution: The scammer provides convincing details and urgency in their requests, making it appear as though the email is genuinely from the victim. They may use specific language or references only known to the victim and their contacts.
A hacker at work (Kurt “CyberGuy” Knutsson)
BEWARE OF ENCRYPTED PDFs AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
Real-life implications
The consequences of BEC scams can be devastating for businesses. In addition to direct financial losses, companies may face reputational damage, loss of customer trust and potential legal ramifications. For small businesses like Teresa’s, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.
Illustration of security on a computer (Kurt “CyberGuy” Knutsson)
WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
Proactive steps to avoid being a victim of BEC scams
To combat BEC and similar scams, businesses must adopt a proactive approach to cybersecurity.
1) Have strong antivirus software: Use reputable, up-to-date, strong antivirus software to check your system. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Use strong passwords: Ensure passwords are complex (a mix of letters, numbers and symbols) and unique for each account. Make sure to create strong, unique passwords. Consider using a password manager to generate and store complex passwords.
3) Enable two-factor authentication: Where possible, enable multifactor authentication. This adds an extra layer of security to your accounts.
4) Monitor your accounts: Keep an eye on your financial accounts, email accounts and social media for any unusual activity. If you think scammers have stolen your identity, consider identity theft protection here.
Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
5) Invest in personal data removal services: Using a data removal service can be an effective additional step to protect your personal information after a potential BEC scam. These services locate and remove your information from various online platforms, databases and data brokers. By eliminating unnecessary or outdated information, data removal services minimize your online presence, making it harder for scammers to find and exploit your data.
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
6) Regularly update security questions: Change security questions and answers periodically to enhance protection.
7) Regularly review email rules: Check for unauthorized changes in email settings that could indicate compromise.
8) Disable auto-forwarding: Unless absolutely necessary, turn off auto-forwarding features to prevent sensitive information from being sent elsewhere without your knowledge.
9) Verify requests: Always verify any financial requests through a secondary communication method (e.g., a phone call) before proceeding with transactions.
10) Limit access: Restrict access to financial information and transactions only to those who need it within your organization.
11) Contact professionals: If you’re unsure about any steps or if the situation seems severe, consider reaching out to a professional IT service.
12) Report the incident: Report the scam to your local authorities and the Federal Trade Commission in the U.S.
13) Create alias email addresses: My top recommendation to avoid being inundated with spam emails is to use an alias email address. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address.
In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications.
Sometimes, it’s best to create various email aliases so that you don’t have to worry about getting tons of spam mail and having your email eventually stolen in a data breach. An alias email address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address. See my review of the best secure and private email services here.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
The story shared by Teresa W. serves as a crucial reminder of the vulnerabilities inherent in our digital communications. The rise of BEC scams not only threatens financial security but also erodes trust in electronic transactions. By implementing robust security measures and maintaining vigilance at all levels of an organization, individuals and businesses can protect themselves from these insidious attacks. What additional measures do you think businesses and government agencies should implement to effectively combat the rising threat of email scams? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions: New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Kurt’s key takeaways
OpenAI announced yet another reorganization Friday, consolidating certain areas and making company president Greg Brockman the official lead of all things product.
In a memo viewed by The Verge, Brockman wrote that since OpenAI’s product strategy for this year is to go all-in on AI agents, the company is combining its products to “invest in a single agentic platform and to merge ChatGPT and Codex into one unified agentic experience for all.”
To do this, the company is making a suite of org chart changes, although it’s still operating under some of the same ones from last month. That’s when AGI boss Fidji Simo went on medical leave and OpenAI announced that Brockman would be in charge of product strategy and CSO Jason Kwon, CFO Sarah Friar, and CRO Denise Dresser would take control of business operations.
It’s all part of OpenAI’s recent strategic shift to focus on key revenue drivers like coding and enterprise and stop pouring resources into “side quests” ahead of its potential IPO later this year and amid investor pressure to turn a profit.
In Simo’s continued absence, Brockman’s role leading product strategy is now official, as well as the company’s “scaling” arm. Under Brockman will be four different pillars. The first is core product and platform, led by Thibault Sottiaux, who has been OpenAI’s engineering lead for Codex, and the second is critical enterprise industries, led by ChatGPT head Nick Turley. Third is the consumer pillar, such as health, commerce, and personal finance, which will be led by Ashley Alexander, who has been its healthcare products VP. The fourth pillar — core infrastructure, ads, data science, and growth — will be led by Vijaye Raji, who has been OpenAI’s CTO of applications.
Brockman wrote in the memo that OpenAI’s goal is now to “bring agents to ChatGPT scale, in order to give individuals and organizations significantly more value and utility from our products.”
NEWYou can now listen to Fox News articles!
You’re going about your day when your phone buzzes. A text hits your phone. It looks official. It sounds urgent. And suddenly, you are being told you owe money for a traffic violation. That is exactly what Todd from Texas experienced. He emailed us and said:
“I received this text message today. It was so baffling because I haven’t lived in California for nearly a decade. I didn’t click on anything or respond. How can I tell if this is for real or if this is a scam?”
If you’ve gotten a message like this, you are not alone. This type of scam is spreading fast, and it is designed to pressure you into acting before you think. Let’s break down what is really going on.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FAKE AGENT PHONE SCAMS ARE SPREADING FAST ACROSS THE US
This message may look official, but several red flags show it is likely a scam designed to pressure you into paying quickly. (Kurt “CyberGuy” Knutsson)
What the traffic ticket scam text looks like
At first, the message seems convincing. It claims to be a “final reminder” from the California DMV, and it warns of penalties like license suspension and added fees. It even includes a link that appears somewhat official. However, once you slow down and take a closer look, the red flags quickly start to pile up.
The biggest red flags in this message
Here are the key warning signs to watch for in messages like this.
9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU
1) The phone number makes no sense
The message comes from a number with a +63 country code. That is the Philippines, not California. Government agencies in the U.S. do not send official legal notices from international numbers. That alone is a major warning sign.
2) No name, just “Dear Driver”
Legitimate notices from a DMV or court almost always include your full name or at least some identifying information. “Dear Driver” is vague on purpose. It allows scammers to send the same message to thousands of people.
3) The link isn’t a real DMV website
The message includes this link:
ca.mnvtl.life/dmv
That isn’t a government domain. Official DMV websites in California use “.ca.gov” or similar trusted domains. Scammers often create lookalike links to trick you into clicking.
4) Urgency and threats
The message pushes you to act quickly with a deadline. It lists consequences like license suspension and extra charges. Scammers rely on fear. When you feel rushed, you are more likely to click without thinking.
FBI WARNS OF DANGEROUS NEW ‘SMISHING’ SCAM TARGETING YOUR PHONE
5) Asking you to reply to proceed
The text says to reply with “Y” to get instructions. That is another trap. Responding confirms your number is active, which can lead to more scam messages.
6) Generic language and odd phrasing
Parts of the message feel slightly off. The tone is formal but not quite right. That subtle awkwardness is common in scam messages sent to large groups of people.
7) Overloaded threats designed to scare you
The message piles on consequences like license suspension, added fees, court action and even credit damage. In this case, it even mentions a license suspension and a $160 late payment charge. That combination is meant to overwhelm you and push you to act fast. Real agencies usually provide clear, specific notices, not a long list of escalating threats in a single text.
INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU
Scam texts like this often arrive out of nowhere and try to create urgency before you have time to question them. (Kurt “CyberGuy” Knutsson)
What this means for you
Even if you have never driven in California, you could still receive this message. Scammers cast a wide net and hope someone takes the bait. If you click the link, you could be taken to a fake payment page. That page may ask for your credit card details, personal information or login credentials. In some cases, it can also install malware on your device or redirect you to credential-stealing pages. This isn’t about a ticket. It is about getting your data. State DMVs typically do not send final legal notices or payment demands by text message.
Why these scams keep working
These messages work because they tap into something most people fear. Legal trouble, fines and losing driving privileges. They also look just real enough to pass a quick glance. That is all scammers need. As more services move online, these scams will continue to evolve.
Unlike typical DMV scams, this message impersonates a court and escalates the threats to make the situation feel more serious (Kurt “CyberGuy” Knutsson)
Ways to stay safe from traffic ticket text scams
Start with a simple rule. Never trust a payment request that shows up out of nowhere. Here are practical steps you can take:
1) Do not click the link
If you are unsure, do not tap anything in the message. That includes links and reply options.
2) Use strong antivirus software
If you accidentally click a link, strong antivirus software can help detect malware and protect your data. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Verify directly with the DMV
Go to your state’s official DMV website by typing it yourself into your browser. Do not use the link in the text.
4) Check the sender carefully
Look at the phone number. International numbers or random strings are a clear warning sign.
5) Ignore generic greetings
Real notices will usually include your name or case details. Vague language is a red flag.
6) Consider a data removal service
Scammers often get your number from data broker sites. Removing your personal info from those databases with a data removal service can reduce these messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
7) Block and report the number
On your phone, block the sender and report it as spam. This helps reduce future attempts.
8) Turn on spam filtering
Enable spam filtering on your phone or through your carrier to catch more of these messages before they reach you.
Kurt’s key takeaways
Todd did the right thing. He paused, questioned the message and did not click. That one decision likely saved him from handing over personal information. When it comes to messages like this, skepticism is your best defense. If something feels off, trust that instinct.
Should phone carriers and tech companies be doing more to block scams like this before you ever see them? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Honda revealed prototypes of two new hybrid models, an Accord sedan and the Acura RDX SUV, during its annual business briefing this week, built on a platform that it says will begin launching next year. The RDX was announced earlier this year as Honda’s first SUV to feature the next-gen version of its two-motor hybrid system.
In March, Honda announced it would take a writedown of up to 2.5 trillion yen ($15.7 billion) on its EV investments. Now Honda says its EV-related losses will be “resolved” by 2029, and that it will reevaluate its EV plans in 2030.
-
North Carolina5 minutes agoSketch of Revolutionary NC brigade discovered hanging on NY wall
-
North Dakota11 minutes agoMemorial service at North Dakota State Capitol honors fallen officers
-
Ohio17 minutes agoOhio State educators honored for service in classroom and beyond
-
Oklahoma23 minutes agoOklahoma high school tennis Classes 6A-4A boys state championship results
-
Oregon29 minutes agoOregon health officials warn of measles exposure at Happy Valley clinic
-
Pennsylvania35 minutes agoWhat each Pennsylvania 3rd Congressional District Democratic primary candidate would do on Day 1
-
Rhode Island41 minutes agoPerson injured after falling onto Red Line tracks near Rhode Island Avenue station
-
South Dakota53 minutes agoSouth Dakota Highway Patrol: slow down, stay alert as summer traffic picks up