For scammers, small business is a target-rich environment.
According to the Better Business Bureau, we lose over $7 billion to scams targeting small businesses every year. And yet eight out of 10 small business owners think it’s other businesses that are more at risk. This is the result of a common misconception. Too many business owners imagine scammers only target those corporations large enough to be worth ripping off. But larger corporation are also harder targets.
Why scammers target small businesses.
Scammers consider small businesses far softer and more plentiful targets. Odds are, a small business can’t afford the security measures available to a bigger company. And, unlike scams you encounter in your personal life, small businesses can’t just ignore calls from unfamiliar number or emails from strange sources. What if the communication is a potential customer, reaching out? You can’t take that risk, so you answer. Scammers bank on that.
And if they strike out with one small business, there’s another 28 million small businesses out there to choose from. All they have to do is trick one of the 57 million small business employees to click a link or download an infected attachment.
Common scams targeting small businesses.
So how do you beat the scammers? You familiarize yourself with the common scams. Though scammers have become creative over time, once you know what to look for, you’ll spot a scam pretty quickly. Here are some of the basic scams to watch for.
#1. The fake invoice scam
Several bills go across your desk every week. Keeping track of them is difficult. That’s why the fake invoice is such a popular scam. With it, scammers try to slip in an extra invoice, or one they’ve doctored to look genuine. The hope is that you’ll pay without investigating.
The most common fake invoice you’ll see is for office supplies. Some scammers will try to hit you up for supplies they never delivered. Others are a bit more brazen—they deliver supplies you never ordered and then hit you with an outrageous bill, all the while claiming you were okay with the price when you ordered the supplies.
Another method is try to charge you for recurring costs, like renewing a website domain.
Or there’s the version where they pay a phony bill to you, but then they give you a check for too much. The next step is to send the overage (paid out of your pocket) to a third party. There’s always some elaborate yet understandable reason for this. The only problem is later when the check bounces.
Realize that these invoices look very convincing. They may actually come from services you’ve contracted with. In some cases, scammers have hijacked those services’ email accounts, which enables them to intercept and edit emails. They can change addresses on the invoice, paying instructions, and account numbers. That way, they’re redirecting money intended for that service to themselves.
#2. The tech support scam
The tech support scam typically starts with an ominous pop-up on your computer screen. Or someone calls, claiming to represent a well-known company like Microsoft. Either way, they warn you that your computer is infected. With the pop-up, it’ll usually give you a phone number to call.
The scammer on the phone will offer to solve your problem, but it’ll cost you. He or she will also want to enroll you in their “computer protection program,” or some such service. That’s how scammers hit you financially. Then, to solve the problem, they need remote access to your computer. Give it to them, and they’ll fill your computer with malware.
#3. The fake directory listings scams
For this, the scammer usually sends a letter, fax, or calls you. They don’t want much—just to confirm your phone number and address for a print or online directory. You figure this is a service you signed up for somewhere along the way and comply. Then you get the invoice for a listing in a directory that may or may not exist.
Some scammers will actually produce a directory, but won’t offer the volume and distribution that would make it worth what they’re charging you. And any attempts on your part to cancel the service is met with threatening calls where the scammer poses as a collection agency.
Other versions of this scam involves the scammer calling you out of the blue. They offer to help you with some kind of business training, or search engine optimization. Their plan is to keep charging you for the service until you realize they’re not actually doing anything—besides taking your money.
#4. The IRS scam
Scammers like to impersonate authority figures. They hope saying the name “IRS”—or citing some other government agency—will earn them instant compliance. For this scam, they’ll call and claim you forgot to renew a business license or failed to observe some other obscure regulation. The penalty is a fine, they say, and possibly back taxes, along with whatever it costs to renew the license.
#5. The phishing/smishing scam
Phishing is when the scammer sends emails intended to lure you into clicking on a link or downloading an attachment. Clicking or downloading infects your computer with a virus designed to capture your valuable data like passwords, bank accounts, and credit card numbers. Smishing is when the link or download is sent via text.
Scammers send these emails or texts to your employees. What makes phishing/smishing so dangerous is these messages always appear official. Some may even originate from another employee or a supervisor inside the company. Or maybe it comes from your bank, claiming someone cleaned out your account. The tone is always urgent: The world’s going to end unless you see this link/download right away!
How to defend your business against scammers.
You can take steps to avoid scammers. They’re not hard, but they’re time-consuming. Speed, impatience, urgency, and fear are a scammer’s tools. Small business have to work swiftly and efficiently to succeed. Implementing anti-scam measures will eat into that valuable time, but it will save you in the long run from the damage a scammer can cause.
#1. Implement procedures that verify invoices before paying them.
Don’t ever blindly pay invoices. Establish procedures that require your employees to closely look over an invoice before paying it. It might also help to compare it with past invoices. Scammers will try to camouflage their fake bills to make them look legitimate. That’s why it’s important to check any changes in account numbers, payment instructions, or contact info. Any change to those elements could indicate a scammer has compromised that company.
Never use the number on a bill you think might be phony. Look up the contact number online, or from some source other than the invoice. Call the company directly and verify that they made those changes.
#2. Train your employees to spot common scams.
Bring your staff up to speed on all the common ploys. Give them reminders of common red flags. Encourage them to change their passwords often and to choose long “pass-phrases” instead of passwords. Activate multi-factor authentication on their online accounts also provides another layer of protection. Anyone on the communication front lines—answering phones, collecting mail, answering email, and paying bills—should be especially aware of how scammers may come at them. Tell them that when they do encounter a scammer that they shouldn’t give in to bullying or intimidation.
#3. Be suspicious of all unsolicited or unexpected phone calls, emails, and attachments.
These days, scammers can easily fake an official-looking website, email address, or caller ID. That’s why it’s important to never take unsolicited phone calls or emails at face value, especially if they’re demanding confidential information. Just like the phony invoices, you should verify that these communications are from a legitimate source before you give them anything. If they threaten you when you refuse to comply, that’s just more confirmation that you’re talking to a scammer.
#4. Background people you do business with.
Before you sign up with a new vendor, always check their business profile on the Better Business Bureau’s website. Or Google them, but add terms to the search like “complaints” or “scam.”
#5. Report anything suspicious.
Scammers like to target small businesses because they’re less likely to report the scam to the authorities. Prove them wrong. If you’ve run into a scammer, even if they didn’t get anything from you, report them to the FTC and on the Better Business Bureau’s Scam Tracker.
Don’t become a scammer’s next victim.
The sad truth is, if you’re in business, you’ll encounter a scammer before too long. They see themselves as predators, and you’re their prey. Follow these steps to turn the tables on them and send them scurrying back under a rock. Learn their tricks, spread awareness among your employees and fellow business owners, and stay vigilant for scams targeting small businesses.
Another sad truth is scammers prefer to use phones to do their dirty work—57 percent of them. The right phone system can help you block their efforts. Find out what you should expect from a modern phone system—including features like call blocking, Find Me/Follow Me, and auto attendants—with our Buyer’s Guide.