Skip to content
Tech News
← Back to articles

I Received a Suspicious Six-Figure Client Inquiry — Here Are the 5 Red Flags

2026-05-26 | original
read original get Cybersecurity Email Scanner → more articles
Why This Matters

This article highlights the importance for tech service providers and consumers to recognize early warning signs of potential scams or security threats in client inquiries. By understanding these red flags, businesses can better protect themselves from financial loss and data breaches, especially as cybercrime targeting small businesses continues to rise. Staying vigilant ensures a safer, more trustworthy digital environment for all parties involved.

Key Takeaways

Opinions expressed by Entrepreneur contributors are their own.

Running a services business means learning to read people quickly. A few months ago, an inquiry landed in my inbox that looked almost perfect on first pass: a six-figure project, a recognizable industry and a polished corporate email signature. By the third email, I was confident that something about it wasn’t what it seemed.

That experience is not as rare as most agency owners assume. The FBI’s Internet Crime Complaint Center recorded $2.77 billion in reported business email compromise losses in 2024 alone. Small service businesses are frequent targets because our inboxes are public and our pipelines are hungry.

The stakes are rarely abstract. At best, you burn hours qualifying an inquiry that was never going to convert. At worst, you hand over site access, client data or unpaid “trial” work to someone who was never a real buyer, and you only realize it after the damage is done. Knowing the warning signs is what keeps a hopeful pipeline from quietly becoming a liability.

The good news is that the warning signs are usually right there in the first few messages. Here are five I’ve learned to watch for — and what they often signal.

The sending domain doesn’t match the company

Start with the email domain. If someone claims to represent a recognizable brand but writes from a free inbox or a lookalike domain with a subtle misspelling, extra hyphen or altered extension, slow down. Legitimate procurement rarely comes from generic Gmail accounts, and almost never from domains like “contact-acme-group.co” when the real company uses acme.com.

Do a quick independent check. Find the company’s real website, LinkedIn page and staff directory. If the sender doesn’t appear anywhere in the organization they claim to represent, that’s not a detail — it’s the signal.

The sender’s role keeps shifting

Read the entire thread, not just individual emails. One message comes from a “Director of Digital.” The next is a “Head of Procurement.” A third says they “manage vendor relationships.”

... continue reading

Explore topics: fbi internet crime complaint center business email compromise six-figure project agency owners email domain
Related:
Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
Reviving BrowserID in 2026
Hacker stole £700,000 from U.K. energy company by redirecting payment
Hacker stole £700,000 from UK energy company by redirecting payment
FBI: Americans lost a record $21 billion to cybercrime last year

© 2026 GoKawiil

About | Editorial Policy | Contact