Sep 21, 2018
How Can I Protect My Business?
Train Your Employees
- Your best defense is an informed workforce. Explain to your staff how scams happen and share this brochure with them. Order free copies at FTC.gov/Bulkorder.
- Encourage people to talk with their coworkers if they spot a scam. Scammers often target multiple people in an organization, so an alert from one employee about a scam can help prevent others from being deceived.
- Train employees not to send passwords or sensitive information by email, even if the email seems to come from a manager. Then stick with the program — don’t ever ask for sensitive data from employees by email.
Verify Invoices and Payments
- Check all invoices closely. Never pay unless you know the bill is for items that were actually ordered and delivered. Tell your staff to do the same.
- Make sure procedures are clear for approving invoices or expenditures. To reduce the risk of a costly mistake, limit the number of people who are authorized to place orders and pay invoices. Review your procedures to make sure major spending can’t be triggered by an unexpected call, email, or invoice.
- Pay attention to how someone asks you to pay. Tell your staff to do the same. If you are asked to pay with a wire transfer, reloadable card, or gift card, you can bet it’s a scam.
Common Scams that Target Small Business
Fake Invoices
Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company actually ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake, and if you pay, your money may be gone.
Unordered Office Supplies and Other Products
Someone calls to confirm an existing order of office supplies or other merchandise, verify an address, or offer a free catalog or sample. If you say yes, then comes the surprise — unordered merchandise arrives at your doorstep, followed by high-pressure demands to pay for it. If you don’t pay, the scammer may even play back a tape of the earlier call as “proof” that the order was placed. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.
Government Agency Imposter Scams
Scammers impersonate government agents, threatening to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.
Tech Support Scams
Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.
Social Engineering, Phishing, and Ransomware
Cyber scammers can trick employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malware to lock organizations’ files and hold them for ransom.
Credit Card Processing and Equipment Leasing Scams
Scammers know that small businesses are looking for ways to reduce costs. Some deceptively promise lower rates for processing credit card transactions, or better deals on equipment leasing. These scammers resort to fine print, half-truths, and flat-out lies to get a business owner’s signature on a contract. Some unscrupulous sales agents ask business owners to sign documents that still have key terms left blank. Don’t do it. Others have been known to change terms after the fact. If a sales person refuses to give you copies of all documents right then and there — or tries to put you off with a promise to send them later — that could be a sign that you’re dealing with a scammer.
Fake Check Scams
Fake check scams happen when a scammer overpays with a check and asks you to wire the extra money to a third party. Scammers always have a good story to explain the overpayment — they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. By the time the bank discovers you’ve deposited a bad check, the scammer already has the money you sent them, and you’re stuck repaying the bank. This can happen even after the funds are made available in your account and the bank has told you the check has “cleared.”
You can download the full Scams and Your Small Business – A Guide for Business for free from the FTC. For more information on business and scams visit business.ftc.gov