In previous blog posts, we’ve devoted considerable time to offering our advice as a leading IT Support company on how to protect your small business against the wide variety of cyberattacks out there– and rightly so. Unfortunately, there are also many other scams targeted at small businesses like yours. As a result, we’ve prepared this list of 8 common small business scams, both IT and non-IT related, that you should be aware of. Think of this blog post as a scammers’ wall of shame and become familiar with this list to best protect your company.
This scam occurs in three typical forms. Simple Domain Slamming is when a scammer sends out an invoice urgently requesting you to re-register your domain name with their way overpriced registry service as opposed to a trustworthy registrar. Another variation is an invoice offering “Website Listing Services” for functions that can be easily done independently or are worthless in promoting your site. The final variation known as the “Chinese Domain Name Scam,” involves an urgent letter/email warning the recipient that a competitor is trying to register domains similar to their company or is in some way threatening to steal their trademark information. For an inflated fee, the con artists offer to register similar domain names to prevent this imaginary threat from occurring.
To protect against these scams, always be aware of your company’s domain name registrar and when the domain is due to expire. Always carefully research any companies offering new services. For more information, please refer to this blog post.
Variations of this involve a scammer calling or emailing a business to confirm or verify the company’s contact information for a supposedly updated listing in a business directory. When the unsuspecting employee gives the information, the scammers use this as a phony affirmative decision to order a new listing in the real or fake business directory. An expensive invoice will arrive a short time later and many companies simply pay it thinking it is a legitimate expense. If the company refuses to pay the invoice, the scammers often make collection calls or send notices demanding payment with additional late fees. Some even threaten legal action and notices to credit agencies if no payment is received. Some of these con artists will then offer a phony discount price to clear up the matter. Many small businesses simply pay up to stop these annoying activities. However, after paying the invoice these victims are often hounded again by the same company or similar unethical companies who have determined that they are ripe for the picking.
To avoid this scenario, instruct all employees to refuse answering any “directory” or other companies looking to verify their contact information. If a company does seem legitimate, refer them specifically to one knowledgeable company executive, well aware of this scam, for further action.
Vanity Award Scheme
Companies frequently receive official-looking emails congratulating them on being selected “Best of…” whatever city or region they are from in their specific industry. The email informs them that they will receive a trophy or plaque for this honor, but they will have to pay hundreds of dollars for the cost of the award as well as shipping charges.
In short, any legitimate organization honoring a company with an award or achievement will not request payment to cover the cost of an award.
Phishing for Confidential Information
Phishing is a malicious attempt to obtain financial or confidential information from companies or individuals, typically by sending an email that appears to be from a legitimate source. The bad actors pose as trusted sources and try to “fish (phish)” for sensitive information from unsuspecting employees using some form of appealing bait. For example, the bait often involves an email from what seems like a trusted retailer offering a free coupon or gift if you click on a link. Once that link is clicked, the hacker will try to install malware on your network or gather sensitive information.
Scammers have now developed a new, clever phishing technique to gain access to sensitive information. They send a phony email from a boss or other authority figure, such as a CEO or CFO, asking for the personal W-2 information for all the company’s employees. The email appears legitimate at first glance as it contains the authority figure’s proper email address, name, and title, which lulls the employee into a false sense of security. Cybercriminals are able to find a goldmine of personal information about bosses, including titles and email addresses, on sites such as LinkedIn and social media sources, which makes the email message seem authentic. In reality, the cybercriminal has either spoofed or forged the boss’s email or has hacked into the email account and taken temporary control over it.
To combat this insidious scam: Never click on links, reply to emails, or fill out forms from unknown sources. Always verify any unusual requests for sensitive information with a phone call to the authority figure supposedly requesting it. Make sure all employees are well-trained in proper online behavior to protect the company and themselves. If an offer looks too good to be true or too enticing, there’s usually a malicious reason behind it. For more information on phishing please refer to our earlier blog post.
Fake invoice or Supply Swindle
In this scam, a company either receives a phony invoice for a good or service they never ordered or received or they receive a package of goods with an invoice, although they never ordered it. The con artist company is counting on an employee assuming that someone ordered these goods or services and simply paying the invoice without further review.
To avoid this scam, make sure your company has a reliable purchase order system and accounting process. At a minimum, ensure that only designated employees may approve purchases above a certain amount.
In this check overpayment scam, the person or company you are doing business with sends you what looks like a legitimate personal or cashier’s check for more than the amount they owe for your goods or services. There are different stories accompanying why they have sent more money, sometimes to pay some relative with it or to pay for some shipping services, etc. They then instruct you to keep what is owed to you and wire back whatever is left to their account overseas. If the person follows these instructions, the original check will eventually bounce and the recipient will be left responsible for any payments, including the money wired back to the scammer.
Do not get involved with any transactions where the other party asks you to wire back money to their account. Never accept a check for more than the agreed upon amount no matter how tempting, as it is most likely fake. Always verify the buyer’s address and ask for a check drawn on a local bank or from a bank with a local branch.
How much worse can it get? There are hordes of scammers out there playing on people’s emotions to get generous donations for what seem like worthy causes. This scam is especially nefarious as it makes it that much more difficult for legitimate charities to obtain needed donations from individuals and companies like yours. Often the scammers will use fake charity names that are similar to legitimate organizations.
Before donating any money or giving a credit card number, ask for more information about the organization, including promotional materials and their website address. Be wary of giving money to causes on gofundme.com and similar websites without doing some research first. Use a reputable website such as charitynavigator.org to determine if the charities are legitimate. In short, always be skeptical and if it doesn’t feel right, don’t be afraid to refuse a donation request.
Fake Tech Support
For almost a decade, an army of cybercriminals has contacted individuals at home and at work to try and convince them that their devices are dangerously compromised and that they’re the only ones that can fix these significant problems. The necessary repair work always involves a hefty fee of course.
The most frequent scam technique involves a concerned IT employee, usually from the Microsoft Help Desk or other official sounding department at Microsoft (or some other huge IT corporation), calling to warn you that they have become aware that your computer is infected with a virus or some other form of malware. They and possibly some more colleagues will ask you to read off some of the technical information on your computer and grow increasingly “concerned” as it becomes more evident that your computer is “infected” and filled with damaging malware. The scammers often ask for permission to share remote access to your computer as they diagnose the problem further. In the end, they let you know that the problem is severe, but they will be glad to repair any issues for a substantial fee, usually starting at a minimum of $200. They then ask for your company credit card or bank information so they can start working to resolve this problem immediately. Any fee they receive is for useless work and, even worse, they often download malware into your system if you grant them remote access to your network.
No reputable large IT companies will ever contact anyone directly to warn them of a problem specific to their workstation or network. Always contact any IT vendors you use through their trusted website contact information. Immediately consult with your reliable IT service provider if you have a problem or if there is some warning about an issue to be sure you are receiving the proper assistance. Report the contact information and specific methods of any scammers to the Federal Trade Commission (FTC). For more information refer to our earlier blog post.
Armed with this knowledge, and with the help of your trusted IT Support team, you will be better prepared to protect your company against the multitude of scams that threaten small businesses now and in the future.
This article was written by Network Depot’s Marketing Director, Chris Sylvester.