Hackers are getting more creative. Learn how your business could be targeted.
If you use a computer to run your business, you're at risk of a cyberattack. Scammers and fraudsters can target any computer, accessing vital financial or business information for malicious ends. It's important to stay aware of common scams that could affect your business. Scams often come in the form of fake emails from colleagues or invoices from well-known supply companies.
Scammers have gotten much better at their crimes. In the past, questionable emails from foreign countries asking for money were common. Today, scammers target specific businesses or their employees and send convincing emails or messages to get vital information. There are some software solutions to protect businesses, but the best practice for a small business owner is to scrutinize questionable emails or phone calls. It's also important to work with your team members to ensure everyone is informed about what potential scams look like. [Related: Best Internet Security and Antivirus Software for 2018]
1. Spear phishing
Spear phishing is a type of phishing attack where a cybercriminal targets an individual or group. Phishing attacks generally occur on a much larger scale, while spear phishing is honed and adjusted to address that specific person or group. It occurs when a hacker poses as a colleague or friend requesting money or payment information. Spear phishing attacks are among the hardest to differentiate from actual email correspondence. Generally, it's important to analyze where the email the message came from, especially if the sender is asking for money or sensitive information.
Jesse Harrison, CEO of Employee Justice Legal Team, described a scam where a hacker poses as a CEO and requests money from the accounting department via email. If the accounting department doesn't double-check the sender to verify it's the CEO, it can be easy for workers to send money along without even knowing they're victims of a scam.
"This scam is so brilliant because it goes undetected in many companies," Harrison said. "The accounting department pays off the debt, and nobody will ever question it. I have instructed my accounting department to never honor any payment requests by email."
Spear phishing attacks can also occur when hackers pose as suppliers or software companies your business has partnered with. To avoid falling victim to these attacks, instruct your colleagues not to click any links on questionable emails or grant unverified requests for money.
2. Fake invoicing
If a scammer gains access to an email account, they can intercept and edit incoming emails from companies you work with, like suppliers. Business coach Robin Waite described a common scam affecting businesses in the U.K. where hackers edit invoices from supply companies.
"Typically, all they change is the bank details on the PDF document," he said. "The target then … unwittingly sends the payment to the criminals instead."
This can also occur through the mail. Scammers may send invoices for supplies that were never delivered, or even request money for web domain charges.
"Business owners should train anyone who opens the U.S. mail to not fall victim to fake invoices for internet domain renewals," wrote Jacob Ackerman, chief technology officer at Skylink Data Centers, in an email. "Domains are purchased and renewed online. There are marketing companies who use the U.S. mail to send renewal notices for domains in hopes of getting that unknowing business to make a payment."
3. Unsolicited services or products
Scammers often send products or provide services and then issue an invoice for an inordinate amount of money. This is like fake invoicing, except small businesses may be getting a "product" from the hacker. A common example is fake phone book companies. Scammers will call or email businesses and ask for basic information to update a phone book. After receiving the info, they'll send an invoice along.
"The companies attempt to use your verbal confirmation (if over phone) or signature (if through mail) as proof [that it's] OK to initiate a billed contract with their company," said Ben Huber, CEO of DollarSprout, "when, in reality, you were duped into thinking your telephone number was listed free of charge."
4. Fake SEO experts
As a small business owner, you know what it's like to vie for attention on search engines like Google. The higher your Google ranking, the easier it is for customers to find and spend money at your business. There are legitimate SEO consultants who can help you build digital marketing strategies to improve your business's online presence. These consultants or digital marketing agencies won't send you an email requesting payment out of the blue.
One budding scam is when an "SEO expert" reaches out to a small business with a detailed plan for increasing its Google rank – for a fee, of course.
"More often than not, it will be a full-blown scam, either just taking payment and not doing the work (and possibly stealing your payment details) or doing the work and continuing to charge you for months or years down the line," said Ian Wright, founder of Merchant Machine. "Then, when you try to stop paying, they'll threaten you with a negative SEO attack."
If you receive an email from a company soliciting any service, you should be very skeptical.
5. Fake calls
Businesses often receive solicitation calls from other companies trying to advertise or sell their services, but some calls, especially those with automated voice recordings, are scams. These automated callers claim to work for companies like Google. Generally, they're advertising services and requesting payment or vital business information. These calls are almost always a scam.
"Neither Google nor any reputable SEO agency on earth will robocall an office, yet they are extremely active," wrote Josh Loewen, a digital marketing director at The Status Bureau, in an email. "The scam is to get you onto the phone, then pair you with an overseas salesperson that will guarantee you higher Google rankings."