How Scammers Use Fake Business Domains to Fool Your Sales Team (And How to Stop Them)
Sales people are optimists by nature. Every new inquiry is a potential deal, every new contact is a potential relationship. That mindset is what makes a great salesperson — and it's exactly what scammers exploit.
After 20 years in IT consulting with small and mid-sized businesses, I've seen this play out more times than I can count. A promising new order comes in. The buyer seems legitimate. The email looks professional. Everything checks out on the surface. Product ships. Payment never arrives.
Or worse — money moves first, in the wrong direction.
How the Fake Business Email Scam Works
The playbook is surprisingly simple and remarkably effective.
First, the scammer registers a domain that looks almost identical to a real company — think acme-corp.com instead of acmecorp.com, or acmecorp.net instead of .com. One character off. Easy to miss when you're busy and optimistic about a new deal.
Then they build out the persona. A LinkedIn profile for a "purchasing manager" at that company, complete with a headshot, job history, and connections. When your sales rep Googles the name, they find a real-looking professional with a real-looking employer. Everything appears to check out.
The email comes from the fake domain. The LinkedIn profile backs it up. The order looks legitimate. And the sales rep, eager to close and hit quota — especially at the end of a quarter or during the holiday push — moves fast.
That's the window scammers count on. Urgency plus optimism plus a credible-looking paper trail equals a bad outcome.
The One Signal That Reveals a Fake Business Domain
Here's the thing about these fake domains: they're cheap to register and quick to set up, but they can't fake one thing — how long they've existed.
A real company doing real business has a domain with history. Years of it, usually. The fake domain the scammer registered last month to pull off this scam? It's brand new. And that newness is a massive red flag hiding in plain sight.
If a domain was registered within the past year, treat it with serious suspicion. Within the last few months? Almost certainly a scam setup.
This is something most sales reps would never think to check manually — and scammers know it.
How to Check If a Business Email Is Legitimate
Mail P.I. checks domain age automatically as part of every email analysis. When you forward a suspicious email to check@mailpi.app, the report includes how long the sender's domain has been registered and an assessment of whether that matches what a legitimate business would look like.
You also get a full risk score from 0–100, a plain-language breakdown of any other red flags — suspicious links, urgency tactics, header anomalies — and clear guidance on whether to proceed or walk away.
The whole thing takes less time than replying to the email.
Protecting Your Sales Team Without Slowing Them Down
The solution isn't to make your sales team more suspicious of every deal — that kills the energy that makes them effective. The solution is to give them a fast, frictionless gut-check they can run in seconds before acting on any new business from an unfamiliar contact.
Forward the email. Get the report. If the domain is years old and everything checks out, close the deal with confidence. If the domain was registered three months ago and the buyer is pushing for fast shipment with unusual payment terms — now you know to slow down and verify through another channel before anything moves.
One forward. Seconds of analysis. Potentially thousands of dollars saved.
The scammers are getting more sophisticated. Your first line of defense doesn't have to be complicated.