Protecting Your Business Against Scams
Scams targeting businesses of all sizes are prevalent. Vigilance and awareness are tools you can employ to give you the edge and help prevent your company from becoming a victim.
Here are some of the most common scams:
Business Email Compromise (BEC)
BECs can be financially damaging for a company. Spoofing or phishing tactics will disguise an email address so that it appears to be from an authentic-looking account and trusted source requesting a payment, purchase, or sensitive information.
Ransomware
A lapse by one employee clicking on an email attachment from a suspicious source could disable your company’s computer system with a payment demand to regain access. This risk has elevated with more employees working remotely.
Fake invoices
Sending a bill for supplies a company typically orders is a bet scammers are willing to make because of the potential return. Employees may unwittingly process the payment.
Protective measures you can take include:
Protect networks and devices
Ensure your computer network has a firewall and update your anti-virus, malware, and spyware detection software. Require employees to use strong passwords and change them every 90 days. Limit the number of employees who have access to proprietary information.
Train employees
Employees are at the front lines of fraud defense — schedule fraud training at regular intervals to enable your employees to spot potential malicious content. Keep them informed of current scams and have them alert your computer security personnel of any scam attempts.
Establish payment procedures
Put in place controls restricting the number of employees accessing the company accounting system. Have more than one person review the statement before paying it. They should scrutinize bills for irregularities, such as requesting a wire transfer, change of bank, unusual dollar amount, or demanding immediate payment. Contact the customer or vendor to confirm the bill amount if it looks suspicious. Request a sample invoice if they are new payees.
Recognize phishing signs
Telltale signs include a fake email address similar to an actual one, urgency, spelling errors, and suspicious links or attachments.
Report attempted/successful scams
File a report with the Federal Trade Commission, your state attorney general, and your local FBI field office, regardless of whether the scam was successful. Contact your financial institution if there was a money transfer.
References:
“Scams and Your Small Business: A Guide for Business,” https://www.ftc.gov/business-guidance/resources/scams-your-small-business-guide-business, (May 2018).
Chad Brooks, “Business Scams 101: Common Schemes and How to Avoid Them,” https://www.business.com/security/business-scam-guide, (Updated Feb. 21, 2023).
“The True Price of Fraud for Businesses,” https://www.synovus.com/business/resource-center/protecting-your-business/the-true-price-of-fraud.