Small businesses are prime targets for scams, but they are usually more vulnerable because they have less advanced security protocols. Here are some of the most prevalent scams, with expert tips to effectively protect against them.
One of the most common scams, according to the Federal Trade Commission, is the use of fraudulent invoices. Thieves pose as vendors and send an invoice for products or services that were not actually ordered. Then they get paid and disappear before accountants can spot the discrepancy. One of the best ways to protect against this scam is to use an automated billing and payment system that tracks every invoice and matches it to a legitimate purchase order. This kind of software can also quickly reconcile accounts and generate customized reports, while providing multi-level payment security and a reduction of time, labor, and paperwork.
The IRS has alerted small businesses to an increasing number of scams involving stolen Employer Identification Numbers. These are then used to fraudulently obtain credit cards or lines of credit. Or thieves generate false W-2 forms to file fraudulent tax returns. Oftentimes they send emails that appear to be from one of the company’s accountants, HR representatives, or executives. The person receiving a request replies with the sensitive information, thinking it went to an authorized person. One way to protect against such scams is to require that two people authorize any distribution of sensitive information. Another is to mandate verbal confirmation before complying with such requests.
Phishing scams are becoming increasingly sophisticated. Train employees to never open files or click on embedded links unless the email communication is from a trusted source. The name or subject line may look correct, but be intentionally misleading. It’s possible to set preferences in most email programs to enable a preview of a snippet of the email and show sender’s full address. That helps to determine whether the message is legit or not. When in doubt, call the company or individual that may have legitimately sent it, and confirm whether or not they did.
The American Bankers Association has warned small businesses for years about the threat of “account takeovers.” Thieves use phishing to get employees to open emails that install malware on business computers. Then they hack bank account passwords and credentials, and use those to drain business accounts. Banks offer tools like Positive Pay to help thwart unauthorized transactions, but they can be quite expensive for small businesses. A simpler solution is to use a payment software platform that enables transactions by AHC or e-check. That can also accelerate funding, lower transaction costs, and add layers of security including encryption, tokenization, Level 3 processing, and PCI compliance.
Not all criminals rely on digital technology, however. Many small businesses are robbed of cash, valuables, and confidential documents by people who simply walk onto the premises. They may dress as service contractors and ask to check the vending machines or photocopier. Or they simply pretend to be an employee or client, long enough to roam around and snatch purses, laptops, or files. To thwart this kind of scam, establish identify verification systems for anyone who enters the office, either with ID lanyards, passcode-protected entryways and doors, or a receptionist or security guard who screens visitors.