Bandleaders and event musicians are increasingly being targeted by sophisticated "Business Email Compromise" (BEC) or "Invoice Fraud" scams. These scams can cost you and your clients thousands of dollars and severely damage your reputation.

This guide will break down how these scams work, the red flags to look for, and the concrete steps you can take inside Back On Stage to make your business a secure fortress.

How The Scam Works (A Step-by-Step Breakdown)

Scammers don't need to be master hackers. They rely on "social engineering"—tricking you or your client.

1. Step 1: The Breach: The scam almost always begins when a scammer gains access to your business email account (e.g., your Gmail or Outlook) through a phishing link or a weak, stolen password.
2. Step 2: Surveillance: Once inside your email, they don't do anything. They just watch. They read your client conversations to learn your communication style, and they download copies of your PDF invoices, contracts, and client lists.
3. Step 3: Impersonation: The scammer creates a "lookalike" email address that looks very similar to yours (e.g., [email protected] instead of [email protected]).
4. Step 4: The Attack: They email your client from their fake email, impersonating you. They attach a doctored copy of your real invoice, but with their bank account details swapped in.
5. Step 5: The Hook: To prevent the client from getting suspicious or calling you, they add a hook, like a "10% discount for early payment" or an "urgent late fee warning". The client, thinking they're getting a deal, sends the money directly to the scammer.

Your Prevention Playbook: A 4-Step Guide

1. Enable Two-Factor Authentication (2FA) EVERYWHERE

This is the single most important action you can take. 2FA (also called Multi-Factor Authentication or MFA) means that even if a scammer steals your password, they cannot log in without a second code from your phone.

• On Back On Stage: 2FA is enabled on all user accounts by default.
• On Your Email: This is your most vulnerable point. Enable 2FA on your Google, Microsoft, or other email provider immediately.

2. Use Integrated Payments (The Best Defense)

This entire scam relies on the scammer being able to edit your bank details on a PDF. The easiest way to defeat them is to stop using PDFs for payment. Use Back On Stage’s direct PayPal integration instead.

• How it Works: Go to Company Settings > Details > PayPal Settings in your Back On Stage account and connect your Business PayPal account.
• The Benefit: When you send an invoice, your client doesn't see any bank details. They just see a "Pay Now" button inside your secure client portal. They click it, enter their credit card on a secure page, hosted by PayPal, and the money goes right to you.