Scams can impact every business, regardless of location, size or industry. But they are especially a problem for small businesses.
Local businesses and start-ups often don’t have the cybersecurity support or established accounting processes of larger companies. This can make them more vulnerable to scams.
Fortunately, knowledge is the best protection. If you own or work for a small business, be sure to stay informed about these common scams and report them if your business is targeted.
Business email compromise
Business email compromise fraud is an email phishing scam that typically targets people who pay bills in businesses, government and nonprofit organizations. It has resulted in more losses than any other type of fraud in the U.S., according to the FBI.
In BEC fraud, the scammer poses as a vendor or other trusted source, who sends an email to an accountant or chief financial officer. The email asks them to wire money, buy gift cards or send personal information, often for a plausible reason. If money is sent, it goes into an account controlled by the con artist.
Businesses receive fake invoices demanding payment for products or services never ordered or received. The most common scams involve office supplies, website or domain hosting services, and directory listings. Often, if you look closely, you’ll see fine print that identifies the bill as a solicitation. Generally, the amount is small enough to not initially raise a red flag.
This scam has plagued businesses for decades. In it, con artists attempt to fool businesses into paying for a listing or ad space in a non-existent directory. In some cases, the directory will technically exist, but won’t actually be distributed to potential customers. Other times, the scammer might lie about being with a legitimate directory, such as the Yellow Pages. Either way, the business is billed hundreds of dollars for listing services they didn’t agree to or for ads that were never placed.
Scammers often pretend to be a legitimate company to trick consumers. Scammers set up fake websites and “hijack” your company name and address. They may also use brand hijacking – the blatant copying and misuse of company logos and website content – to impersonate a business and deceive unsuspecting visitors. In this con, the company doesn’t necessarily lose money. However, its reputation is tarnished when angry customers who were ripped off by scammers think the real company is responsible.
Most businesses are regularly asked to donate funds to charitable causes. While many requests are legitimate, every year small businesses become victims of fraudulent or deceptive charitable solicitation schemes.
Phishing scams attempt to steal sensitive information about your business. These scams often appear to be legitimate emails or text messages. However, when you click on the link, you download a virus that captures personal information or load a form that asks for bank account or credit card details. Be leery of unsolicited messages and don’t click on links. Instead, hover over the link with your cursor to see the real address. Also, be sure your computer has the proper firewall and computer protection software.
Office supply scams
Businesses receive an unexpected telephone call from someone claiming to represent a reputable company with which the firm often does business. Sometimes scammers will even call in advance to find out what brand of supplies or equipment the business uses. The scam caller will try to sell the business surplus merchandise at a reduced price, citing a cancellation or over-order by another purchaser. The merchandise doesn’t exist. Don’t be fooled.
Small business operators are often approached to participate in coupon book promotions. The business offers discounts or extras in the coupon books that are sold by promoters to consumers. Problems occur if the promoters change the terms of the coupons, oversell the books or distribute them outside the company’s normal business area. Make sure the coupon book is being promoted by someone you trust, and that the terms and conditions are clearly spelled out.
Vanity award scams
A vanity award scheme capitalizes on a company’s excitement for an award that essentially holds no value. This con typically targets business owners through email campaigns. The scam email congratulates the owner on their selection for the award and invites them to click a link for further details on how to claim the prize. But of course, claiming the honor involves paying a several hundred dollar fee. Always research the organization offering the “award.”
In this scam, the person you are doing business with sends you a check for more than the amount they owe you. Then, they instruct you to wire the balance back to them. Or they send a check and tell you to deposit it, keep part of the amount for your own compensation and then wire the rest back. The results are the same: the check eventually bounces, and you’re stuck, responsible for the full amount, including what you wired to the scammer.
BBB offers these tips to help small businesses protect themselves:
Keep good records. Keep documentation of all orders and purchases. This will help you to detect bogus accounts and invoices.
Be extra careful with payment procedures. Establish payment authorization procedures, including a multi-person approval process for transactions above a certain dollar threshold.
Avoid some payment methods when possible. Wire transfers, prepaid debit cards and gift cards are scammers’ preferred methods of payment. Always confirm that any request for payment with untraceable methods such as these are verified by an authorized source. Also, try to pay by a written check. That way, a paper trail has been created.
Double check vendors. Make sure the business billing you is a business you’re familiar with and normally do business with. If not, question it. Get the name of the person you speak with, the company name, address, phone and website.
Be careful what information you share. Do not give out information about your business unless you know what the information will be used for. Never provide personal information or financial details to anyone you don’t know.
Protect your devices. Make sure you have proper computer protection software and a firewall. Don’t click on links inside unsolicited emails. They could spread malicious software or viruses.
Spread the word. If your employees know about the scam, they’ll be more likely to spot it. Tell your colleagues, too.