Cybercriminals often target people with identity theft scams, credit card fraud and myriad other schemes designed to steal their money. However, small businesses are also at risk of scammers and hackers, and the repercussions of cybercrime could cripple or destroy your company.
Scammers are growing more sophisticated in their business attacks, often sending convincing emails or messages to siphon vital information. It’s crucial for small business owners to be aware of potential cyber attacks and train their teams to stay vigilant.
We’ll look at 10 common scams that prey on small businesses and share tips for steering clear of business scams.
Even the savviest professional can fall victim to convincing business scams. Here are 10 cyber risks to watch for.
Phishing is a common scam where fraudsters email people and trick them into revealing sensitive information or sending money. Spear phishing ups the ante with highly targeted attacks on specific individuals or groups – often leading to massive payouts.
In a spear-phishing scheme, a hacker may pose as a colleague, boss, partner business, or friend requesting money or payment information. It’s often incredibly difficult to differentiate a spear-phishing attack from standard email correspondence.
For example, a fraudster may pose as a company CEO urgently requesting money from the accounting department via email. If the accounting department doesn’t double-check the sender information to verify the email originator, they may immediately perform the requested money transfer without realizing they’re being scammed. Unfortunately, this scam goes undetected in many companies until it’s too late and the money is long gone.
Hackers may also pose as suppliers, vendors or partner companies – anyone who might legitimately ask for payment.
To avoid falling victim to spear-phishing attacks, train your team never to grant unverified money requests. Many scams try to scare employees or create a false sense of urgency, so it’s crucial to have a standard authorization system in place for money requests.
Additionally, always analyze email sender information, particularly if the email asks for sensitive information or funds. A spear-phishing email may appear to be from a legitimate source, but if you click on the sender information, you’ll likely see a strange or unfamiliar address.
If a scammer gains access to an email account, they can intercept and edit incoming emails from companies you work with, like suppliers and vendors. Business coach Robin Waite described a common scam affecting businesses in the U.K. where hackers edit invoices from supply companies.
“Typically, all they change is the bank details on the PDF document,” Waite said. “The target then … unwittingly sends the payment to the criminals instead.” This scam can also occur through the mail. Scammers may send invoices for supplies that were never delivered, or they may even request money for web domain name charges.
“Business owners should train anyone who opens the U.S. mail to not fall victim to fake invoices for internet domain renewals,” said Jacob Ackerman, an engineer at Pure Storage. “Domains are purchased and renewed online. There are marketing companies who use the U.S. mail to send renewal notices for domains in hopes of getting that unknowing business to make a payment.”
Antivirus software is a fundamental first line of defense against cyberthreats. Check out our reviews of the best antivirus and internet security software to find a solution your small business can easily implement.
Scammers often send products or provide services and then issue an invoice for an inordinate amount of money. This scam is like fake invoicing, except small businesses may be getting a “product” from the criminal.
A typical example is fake phone book companies. Scammers will call or email businesses and ask for basic information to update a phone book. After receiving the info, they’ll send an invoice along.
“The companies attempt to use your verbal confirmation – if over phone – or signature – if through mail – as proof [that it’s] OK to initiate a billed contract with their company,” said Ben Huber, co-founder of DollarSprout. “In reality, you were duped into thinking your telephone number was listed free of charge.”
As a small business owner, you know what it’s like to vie for attention on search engines like Google. The higher your Google ranking, the easier it is for customers to find and spend money at your business. Legitimate SEO consultants can share SEO tools to help you build digital marketing strategies to improve your business’s online presence. These consultants or digital marketing agencies won’t send you an email requesting payment out of the blue.
One budding scam is when an “SEO expert” reaches out to a small business with a detailed plan for increasing its Google rank – for a fee, of course.
“More often than not, it will be a full-blown scam, either just taking payment and not doing the work – and possibly stealing your payment details – or doing the work and continuing to charge you for months or years down the line,” said Ian Wright, founder of Merchant Machine. “Then, when you try to stop paying, they’ll threaten you with a negative SEO attack.”
If you receive an email from a company soliciting any service, you should be very skeptical.
Businesses often receive solicitation calls from other companies trying to advertise or sell their services. However, some calls, especially those with automated voice recordings, are scams. These automated callers claim to work for companies like Google. Generally, they’re advertising services and requesting payment or vital business information. These calls are almost always a scam.
“Neither Google nor any reputable SEO agency on earth will robocall an office, yet [these scams] are extremely active,” said Josh Loewen, co-founder of The Status Bureau. “The scam is to get you onto the phone, then pair you with an overseas salesperson that will guarantee you higher Google rankings.”
You probably know that scammers can steal an individual’s identity, but did you know criminals can steal a company’s identity? In this scheme, scammers set up a fake website using an existing company’s name and address. Customers and vendors think the company is one they’ve worked with and trust and unknowingly switch to the clone business.
When they end up not getting the product or service they were promised, the actual company’s reputation is tarnished, and your company may even get into legal trouble.
While it’s normal for legitimate charitable organizations to contact businesses for donations, not all such solicitations are legitimate. Criminals sometimes pose as charities and take advantage of businesses that want to give back.
Every office needs office supplies, making them a target for this scheme. Scammers call business owners saying they’re selling business surplus merchandise at a reduced price, often due to an order cancellation. The business agrees to buy the supplies, but they never materialize – and their money disappears.
With this scam, your business receives an email congratulating it on winning some kind of award along with a link to claim the award. Once you click the link, you find out that to get the award, you must pay a fee that is often several hundred dollars.
This hustle seems like a normal business relationship at first. However, the “customer” sends you a check for more than they owe you and asks you to wire the difference back to them. Then, the check bounces, and you are out the money you wired plus any of the check proceeds that you spent.
Protect your business’s sensitive information, reputation and finances by implementing these tips and best practices:
Matt D’Angelo contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.