In this episode of Client Horror Stories, host Morgan Friedman sits down with Mickie Kennedy, founder of eReleases, to discuss a cautionary tale of client fraud and the broader issue of cybersecurity in small businesses. What starts as a bizarre story of a fake check quickly unfolds into a masterclass on vetting clients, avoiding scams, and staying vigilant in a world filled with digital deception.

The Check That Sparked It All

Back in 2002, Mickie received what seemed like a legitimate order from a new client: a press release to be distributed through his company, eReleases. The payment came in the form of a bank check—the kind labelled “official” that, at the time, most people would trust without hesitation.

He deposited the check, the bank accepted it, and everything appeared fine—until it wasn’t.

Roughly a week and a half later, the bank called him: the check was fraudulent.

What shocked Mickie most wasn’t just the fact that he got scammed, but how easy it was to fake something that seemed so official. At that time, the assumption was that a certified check couldn’t be faked. But the fraudster had simply printed one using a standard printer, something Mickie, like most people back then, didn’t know was possible.

To make matters worse, the same fraudster returned months later, this time with a different identity and another press release. The only reason Mickie didn’t fall for it twice was because he recognized the writing style—it was just too similar. That moment of déjà vu saved him from being burned twice.

Lessons in Vetting & Red Flags

From that experience, Mickie began to view ‘client vetting’ very differently. Back then, he had no systems in place to confirm who was placing the orders or how they were paying. Today, however, his team performs due diligence on every new customer before they can submit a press release.

They now check:

• If the business phone numbers match what’s online
• Company background and online presence
• Any red flags in behavior or communication

The key takeaway? Trust, but verify.

Checks and Wires: Proceed with Caution

Over time, Mickie also learned that payment methods themselves can be a red flag. While checks were once commonplace, he now actively discourages them. Why? Because they take time to clear and can easily bounce or be faked, particularly in business-to-business transactions.

Instead, his company favors credit cards, PayPal, or ACH from verified sources. Interestingly, even bank wires, which have long been considered secure, come with risks. Mickie shares a conversation with his bank where he learned that commercial accounts don’t have the same protections as personal ones. If a scammer has access to your account and routing number, they could withdraw money via ACH, and you may not be able to recover it.

That moment stuck with Mickie and should serve as a wake-up call for anyone who casually hands over banking information.

Crypto Chaos and Chargeback Nightmares

Fraud didn’t end with that first fake check. As Mickie’s company grew, so did the number of scams, especially from a specific industry: cryptocurrency.

At one point, eReleases was inundated with press releases related to cryptocurrency. And nearly 50% of the payments for those were fraudulent.

People were using stolen credit cards to promote coins they didn’t even own or represent. Some were simply inflating the value of assets they had a stake in—getting press coverage to drive hype, and then disappearing.

Eventually, Mickie’s team stopped accepting any press releases related to cryptocurrency. Six months later, even the larger distribution networks, such as Newswire, followed suit. The fraud was just too rampant, and there was no reliable way to verify who truly owned a crypto project. The entire experience was yet another reminder: some industries carry a higher risk of fraud than others.

Protecting Your Team (and Yourself)

One of the most eye-opening aspects of the episode is when Mickie and Morgan discuss internal vulnerabilities, specifically how employees, even those in IT, can fall prey to simple phishing scams.

Mickie shares how his IT guy once forwarded a fake ACH change request to him without blinking. The email impersonated an employee and requested a change to direct deposit information. But Mickie immediately saw three red flags:

1. The sender’s email wasn’t correct
2. The real employee would never contact him that way.
3. It was a well-known social engineering trick.

These scams are common—and shockingly effective. Mickie even tells the story of an employee whose sister worked at a company that fell for one. The company rerouted her paycheck based on a fraudulent request. By the time anyone realized it, the money was gone.

The lesson? Always verify changes to sensitive data through a trusted channel—preferably in person or on the phone.

Your Website Might Be Helping the Scammers

Ever wonder how scammers know the names of your staff? Mickie figured it out the hard way: his company’s “About” page listed team members by name.

Fraudsters were scraping those names and sending targeted emails to HR departments, trying to update payroll details or request wire transfers. These phishing attempts are more successful when they appear to come from a real employee.

To prevent this in the future, Mickie plans to:

• Stop listing staff names publicly.
• Use pseudonyms or codenames internally.
• Label laptops with flavors (e.g., PR Vanilla, PR Grape) instead of employee names

These small steps might seem overkill to some, but when even basic scams have burned you, you learn quickly that vigilance is cheaper than recovery.

Final Thoughts: A Culture of Caution

Morgan and Mickie agree that staying ahead of fraudsters isn’t about having high-end security systems—it’s about training yourself and your team to spot minor inconsistencies.

Morgan shares how one of his employees received a spoofed email “from him” requesting an update to their bank details. Fortunately, she sensed something was off. Upon examining the headers, they discovered that it was sent from a suspicious IP address located in Nigeria. But it took a keen eye and technical knowledge to uncover that.

Key Tips From the Episode:

• Don’t trust checks, especially from new clients
• Always vet new clients and verify business details.
• Be cautious when sharing account or routing numbers.
• Avoid industries with high fraud rates (e.g., crypto)
• Train employees to spot phishing and impersonation scams.
• Don’t overshare team information on your website or LinkedIn.
• Pay attention to subtle inconsistencies, such as names, email addresses, and timing.
• Use pseudonyms or anonymized internal labels when possible.

As Morgan neatly wraps up: “Being able to identify and avoid sketchy people is 90% of the battle.”

Final Word:

Mickie Kennedy’s story is a powerful reminder that fraud doesn’t always come wearing a mask and holding a gun. Sometimes, it wears a suit, sends a polite email, and hands you what appears to be a real check. Whether you’re a solo entrepreneur or running a team, this episode is a must-listen for anyone who wants to tighten their operations, protect their finances, and stay one step ahead of the scammers.