There has been a lot in the news lately about scammers targeting the elderly and others, but did you know that scammers are actively targeting smaller businesses to try to separate you from your money?  The truth of the matter is that scammers will look for any weak opening through which they can steal money, and once they have the money there is virtually no way to recover it.  The following is a list of common scams targeting smaller businesses and tips on how to avoid them.

 Scams –

• Phishing and Ransomware:  These scams are pretty well-known.  They usually start with an email to an employee that asks the recipient to click on a link.  Doing so then gives the scammer access to your computer system and potentially access to your confidential information and passwords.  It can also give the scammer the ability to lock your systems until you pay the ransom.

• Spear phishing:  A scammer will pose as a colleague, business partner, friend, vendor or other person in need of money or payment, often with a sense of urgency.  The scammer hopes that the person sending the money will not check to see if the request is legitimate.  Once it is discovered that it is not legitimate, the money will be gone. 

• Fake invoices:  Scammers target your payables department by using fake invoices that look similar to those for legitimate products and services in hopes that they will be paid.  Another version of this scam is that the scammer will obtain a real invoice and change the bank payment details on the invoice before sending it to the customer.  Ultimately, the customer finds that the payment it made went to a scammer.

• Vanity award scams:  These scams hope to capitalize on a company’s excitement in receiving an award that holds no value.  Receiving the award either requires you to click a link for details on how to receive the award.  In order to receive the award you then have to send them money in the form of a “fee.”

• Overpayment schemes:  This is the classic scheme involving the “buyer” of your product sending a check for more than the amount owed.  They ask you to wire back the overpayment, and then stop payment on the check or other form of payment.

• Office supply scams:  These start with an unexpected call or email claiming to represent a reputable company that is selling “oversupply” or “surplus” office supplies for a reduced price.  Once you pay, you then find out that there are no office supplies and the deal was bogus.

• Directory scams:  These are scams where a business is sold a directory listing or a mention in a publication that does not exist.  It is not unusual for the scammer to lie and state that they are with a reputable directory.  The payment for the listing or ad that you were promised will then vanish.

• Fake SEO experts:  These start with the scammer sending an email to the business claiming that it is an SEO expert, and its services will boost the business’ Google search rankings.  Very frequently these experts are fraudulent and will take your payment for months and possibly steal the company’s payment details.  When you threaten to stop making the payments, the scammer will threaten you with a negative SEO attack.

• Bank account takeover:  In this scam the scammer will use fake emails and fake Web sites to deliver malicious software to your computers.  Using keystroke loggers and the like, they will gain access to your bank accounts, and then make withdrawals.

Tips –

1. Educate your staff:  Share this newsletter with your staff, and have regular meetings to discuss threats that have been received and new threats identified through business news sources.  Encourage your employees to discuss scams and suspicious emails and calls they have received with their co-workers.

2. Email protocols:  Have a solid written policy that sets email protocols such as never click an unverified link, never send sensitive information via email (email is very insecure), and the need to keep company information strictly confidential.  Prohibit the downloading of files from unexpected emails.

3. Verify receipt of goods and services:  The accounts payable staff should verify receipt before paying an invoice.

4. Limit invoice approval:  A key individual or small accounting team should be responsible for invoice approval.

5. Be careful about payment methods:  Avoid any payment method that is not traceable.  These include wire transfers, reloadable Visa/Mastercard cards, and gift cards.

6. Verify caller and emailer identify:  With today’s ability to clone and display cloned numbers on caller ID, it often appears that callers are authentic.  Staff should be skeptical of all callers and emailers until their identity can be verified independently.  They should verify a caller’s ID and phone number from the legitimate merchant’s website, and return a call through the merchant’s published phone number.

7. Device protection:  Make sure your computers and other devices are protected with antiviral software and firewalls.

8. Bank account reviews:  Check your balances and withdrawals frequently, and even daily, to make sure no unauthorized withdrawals or other activity is occurring.