One thing that has been constant throughout world history is that where there are businesses earning money, there are scams that target them.
These days, scammers’ tactics are becoming ever more high-tech and complex – as companies learn how to protect themselves from scammers, the scammers learn new methods to breach security and to steal from small businesses.
In this article, we will discuss common scams that target small businesses, including:
- High-tech and low-tech scams that target small businesses,
- Common scammers’ tactics – old and new, and
- How to protect your business from scammers.
Common Scams that Target Small Businesses
There are old scams, new scams, high-tech scams, and low-tech scams, but two things are certain:
1) If you own a business, you are at risk of becoming a victim of scammers, and
2) companies that do not take measures to protect themselves from scams are at the highest risk of being targeted.
What are we talking about?
First, let’s look at some examples. Common scams that target small businesses today include:
Ransomware attacks: Sophisticated scammers (sometimes government actors or threat actors with the support of governments) will use malware to lock a company’s systems and files and hold them for ransom – promising to release the systems or data once the company pays a ransom in bitcoin.
Theft of protected personal information (PPI): Scammers use a variety of techniques – phishing emails, social media contacts, fake automated messages, or impersonation, for example – to gain access to a company’s customers’ or employees’ PPI that they can then use for fraud or identity theft.
Tech support scams: Scammers who impersonate tech support companies (or, in some cases, who are tech support companies) may attempt to charge you to fix tech problems that do not exist or attempt to gain access to your computer network to steal customers’ or employees’ PPI.
Government agent imposters: Scammers will impersonate government agents and threaten to suspend business licenses, impose fines, revoke trademarks, or take other legal action unless the business owner immediately pays fees.
Bank fraud: Once a scammer has obtained the usernames and passcodes for your company’s bank accounts – through phishing or keystroke loggers, for example, they will make withdrawals from your office account.
Fake invoices: Scammers may create fake invoices for companies or services that they know your business uses – office supplies, cleaning supplies, or website fees, for example. They are hoping that 1) the person who pays the invoices will believe it is a routine invoice and they will pay it without inquiring, or 2) the service is critical enough (no one wants their website to go down, even temporarily) that the company will quickly pay the invoice.
Charity scams: Many businesses routinely give to charitable causes, and scammers will take advantage of this by posing as a non-existent charity.
Business identity theft: Just as identity theft can target individuals, it can also target small businesses. Scammers will use fake websites, your company name, brand, logo, email addresses, and phone numbers to take money from unsuspected would-be customers.
The variety of scams that target small businesses today is limited only by the creativity and sophistication of the scammers, and their methods are constantly evolving as companies learn to protect themselves against yesterday’s techniques…
Scammers’ Tactics that Target Small Businesses
Although the exact methods of many small business scams change over time, there are some common threads that should be red flags when you see them. For example, scammers will often:
- Target vulnerabilities in your networks and computers,
- Pretend to be someone that you trust – another company you do business with, a government agency, or a fellow employee,
- Create a sense of urgency – they will want you to make a quick decision to sign, pay, or provide access without taking the time to check out their credentials,
- Use intimidation – something awful will happen if you do not pay them quickly, like legal action from the government, a systemwide crash, or the loss of something that is critical to your business’s operations, or
- Use untraceable payment methods – cash, wire transfers, gift cards, or reloadable cards.
How to Avoid Scams that Target Small Businesses
How do you avoid small business scams? Awareness is good, but how can you protect your company from the ever-present threat of theft?
- Protect your business’s computers and network – hire professional IT and data security consultants who can help your company put comprehensive cybersecurity policies in place,
- Protect your supply chain – a part of your cybersecurity policy must be focused on your company’s supply chain – ensure that not only your business’s systems and data are secure, but also that the companies you do business with have similar protections,
- Train your employees – ensure that all employees are aware of the most common types of scams, that they comply with your company’s security policies, and that your company has a “cybersecurity culture,”
- Verify all invoices and payments – ensure that the number of employees who are authorized to pay invoices is limited, that all payments are verified, and that larger payments must be approved by more than one person,
- Keep detailed records – document all invoices and payments, including who approved each payment and why, and
- Ensure a free flow of information among employees regarding scams that are trending and red flags that employees should be on the lookout for.
Please feel free to contact any of our Murray Lobb attorneys with questions about how to avoid scams through contract negotiations or company policy or how to respond when your company is targeted by a scam. We also remain available to help you with all your general business, corporate, and estate planning needs.