Businesses have always faced opportunistic individuals seeking to exploit them, and with advancing technology, fraud methods are evolving. Whether these scams are age-old or cutting-edge, employee awareness is key to reducing the risk. Small businesses are not immune to cybercriminals targeting identity theft and credit card fraud, posing severe consequences.
As scams become more sophisticated, especially through convincing emails, small business owners must stay vigilant and train their teams. Recognising fraud, educating employees, and implementing tools to mitigate risks are essential.
This guide explores ten common scams targeting small and medium-sized businesses.
Fake invoice
Scammers target businesses by creating fake invoices that resemble legitimate ones, hoping to trick accounting departments into paying for services or goods never received. These deceptive invoices may include charges for non-existent memberships or office supplies.
Scammers even research suppliers to craft invoices that seem familiar. Using accounting software or online banking helps, but it’s crucial for employees handling invoices to follow proper procedures and question suspicious bills.
Scammers also manipulate email accounts, intercepting and altering invoices from suppliers, which may lead to unwitting businesses sending payments to scammers. This invoice manipulation isn’t limited to digital channels; scammers may also send fraudulent invoices via mail. Business owners should provide training, especially for those handling mail, to prevent falling victim to scams like fake domain renewal notices sent through traditional mail channels.
Vanity award scam
Small businesses are often targeted by vanity award scams, where an email congratulates the business on winning an award and provides a link to claim it. However, upon clicking, businesses discover they must pay a fee, often several hundred dollars, to receive the so-called award.
These scams play on the desire for recognition, claiming businesses have been selected for a prestigious publication. Expenses are involved, whether for printing or ordering multiple books. To avoid falling victim, it’s crucial to verify the legitimacy of the awarding organisation and conduct thorough checks before paying any money.
These scams frequently exploit businesses through email, offering awards that may be entirely fabricated or awarded at a national level unrelated to the business’s scope. This deceptive practice often involves charging businesses to claim the designation. As fraud tactics evolve, it’s essential to empower employees as the first line of defence and implement tools to recognise and combat these fraudulent schemes effectively.
Office supply scam
Office supply scams target businesses by posing as suppliers selling surplus merchandise at a discounted rate, often claiming it’s due to order cancellation. Business owners agree to purchase these supplies, but they never arrive, leading to the loss of their money.
Also Read: 6 cybersecurity criteria for corporate compliance
In another variation, scammers impersonate regular suppliers, contacting businesses to “remind” them to reorder items, such as copier toner and paper. Falling for this ploy results in receiving overpriced merchandise. To safeguard against these scams, ensure your staff is aware of such tactics and establish ordering procedures that include a purchase order and signature.
Phishing scams
Phishing and spear-phishing are scams that trick people into revealing sensitive information through deceptive emails. Phishing emails pretend to be from trusted sources like banks, aiming to steal data when recipients click on fraudulent links. To stay safe, keep firewalls and anti-virus software updated and verify any suspicious emails by calling the sender directly.
In spear-phishing, scammers target individuals, often posing as colleagues or superiors, creating urgency to trick recipients into revealing confidential information. Training your team to avoid responding to unverified money requests and scrutinising email sender information helps prevent falling victim to these scams. Stay cautious and implement security measures to protect your business from phishing threats.
Business identity theft
Business identity theft, also called “B2B fraud,” happens when one company uses another’s identity, like taking out a loan or creating fake websites using your branding. This can lead to financial losses and harm your business reputation. If you fall victim to B2B identity fraud, report it to your bank.
Similar to individual identity theft, scammers can also steal a company’s identity by setting up a fake website with the business’s name and address. This deceives customers, damaging the real company’s reputation and possibly causing legal trouble. Stay alert to such scams and act swiftly if you suspect business identity theft.
Business email compromise (BEC)
Business Email Compromise (BEC) is a widespread scam defrauding small businesses, causing more losses than any other business fraud according to Interpol’s ASEAN Cyber Threats Assessment 2021. Primarily targeting payroll and finance departments, the scam involves phishing emails where fraudsters, posing as vendors, request payment or wiring money to their controlled accounts.
In another version, known as CEO Fraud or BEC, attackers impersonate CEOs or high-level executives, instructing finance employees to transfer money or share sensitive information via email. Both schemes exploit email communication vulnerabilities, leading to financial and data security risks for businesses. Stay vigilant to protect against these email-based scams.
Tech support scams
Tech support scams often come in urgent pop-ups or messages seeking money or sensitive info. Scammers may pose as repairmen or salespeople to gain access to your office. Without proper screening or a reception desk, your business might be vulnerable to theft. Always verify support requests, consult your IT department, and never grant remote access to unknown entities. Stay vigilant to protect your business from deceptive tactics.
SEO scams
Small businesses are targeted with promises of improved Google rankings for a fee. Some scammers take payments without delivering results, threatening negative SEO consequences if payments stop. Legitimate SEO consultants won’t unexpectedly demand payment.
Also Read: Securing tomorrow’s finances: Navigating the rise of digital banks with cybersecurity
Be sceptical of unsolicited service emails. Additionally, small businesses may face scams promising enhanced web traffic or search engine rankings through paid online advertising, often resulting in unfulfilled promises. Stay cautious and verify the legitimacy of such solicitations to protect your business.
Business financial scams
Small businesses face financial threats from scams promising quick loans or grants, demanding upfront fees or personal details and disappearing without delivering. In the pursuit of financial growth, business owners must be vigilant against investment scams. Thorough due diligence, expert advice, and careful evaluation are essential to safeguard businesses from fraudulent schemes.
Imposter scams
Scammers use various tactics like impersonating authority figures such as the government or famous people through calls, texts, emails, or social media. They might manipulate caller ID to appear official and attempt to deceive you into sending money or sharing personal details.
Another strategy involves creating fake social media profiles resembling genuine businesses, aiming to trick customers into divulging information or making unauthorised payments. Stay vigilant to protect yourself from these impostor scams.
How to protect your business from scams
Protecting your business from scams involves implementing a comprehensive strategy. Here are key steps to safeguard your business:
Employee training
Train all authorised employees in payment processes to safeguard payment details, identify secure websites, and recognise scam warning signs. Consider organising scam simulation workshops and providing a scam avoidance guidebook with case studies of past scams for reference.
Alternatively, limit purchasing responsibilities to a trusted few individuals who are also well-versed in protecting company resources. Ensure your team is educated on common scams and fraud tactics, emphasising the significance of scepticism and verification in maintaining a secure business environment.
Cybersecurity measures
To protect your business from scams, focus on device (endpoint) and network security. Check that employees use strong passwords and enable two-factor authentication. Implement policies against conducting business on public Wi-Fi to prevent data exposure.
Also Read: The business edge: Why prioritising employee cybersecurity is a smart investment
Assign individual logins for those handling sensitive data and keep logs of access attempts. These measures create a secure environment and help trace any potential breaches, ensuring your business is guarded against scams.
Verification procedures
Implement clear procedures to address potential scams, outlining guidelines on sensitive information sharing and reporting suspected fraud internally and externally. Specifically regarding financial transactions, institute a step-by-step process for employees when handling vendor payments or issuing refunds.
Consider implementing policies requiring supervisor authorisation before employees initiate purchases or payments, enhancing verification measures for authenticity in financial transactions, particularly those involving money transfers or sensitive information.
Limited access
Ensure a streamlined invoice approval process by limiting it to a key individual or a small accounting team. Designate specific individuals or a small team to handle payment approvals while also restricting access to sensitive financial information.
Secure payment methods
Avoid insecure payment methods such as wire transfers, reloadable cards, or gift cards. Opt for more secure and traceable payment options to prevent fraudulent transactions.
By integrating these protective measures into your business practices, you can fortify your defences against common cyber scams, empowering your team to navigate the digital landscape with resilience and awareness.
—
Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic
Join our e27 Telegram group, FB community, or like the e27 Facebook page
Image credit: Canva
The post Shield your business: A guide to common scams targeting small businesses appeared first on e27.