small business ownersIn today’s world, individuals and corporations aren’t the only ones who are at risk for cybersecurity threats. Scams targeting small businesses are a growing problem that can, unfortunately, strangle the life out of businesses that are still maturing. While these threats are something to be concerned about, luckily with some knowledge, small business leaders can identify and learn how to avoid these dangers. In this post, we’re covering a few of the more common scams that small business owners can expect their businesses to face as well as the best ways to deal with each scam.

Directory and listing scams

What they are: Visibility is of critical importance to small businesses, which is why many organizations end up paying for services that increase their exposure. Scammers know this, so some will pose as directories and publications promising to promote businesses for a fee. In some cases, as the FTC notes, scammers will mail letters to an organization under the guise of updating existing contact information within a publication or for a group that said organization might already be partnered with. Without reading the fine print, your company could end up getting charged for a phony service, which often isn’t even offered by the entity the sender is pretending to be.

How to handle this scam: The best way to avoid these scams is to ignore unsolicited offers promising to increase your exposure, especially through directories and publications you’ve never heard of. Also, if anyone, including a “business partner,” sends you something to sign, make sure to read it thoroughly to confirm it’s best for the business and doesn’t create any surprises down the road. There are legitimate organizations that offer opportunities to increase your visibility, but rather than take up a stranger on their offer, you’ll need to do your own research and figure out which of these companies will work best for you.

Small business loan scams

What they are: It’s no secret that running a business is expensive, and in times of monetary need, you’ll likely either consider a business credit card or a small business loan. Unfortunately, since the loan application process can take some time and not every business or business owner may qualify for a loan, scammers have inserted themselves into the market in order to appeal to those who are desperate for funding.

How to handle this scam: One of the tell-tale signs of a loan scam is the presence of application fees or other “upfront” charges that scammers force you to pay in order to “receive” your loan. Although some lenders, like online lenders, do charge an origination fee, which is usually a percentage of the total amount, they never ask for this money upfront — it’s tacked on to your total loan amount. Scammers, on the other hand, will ask for money right off the bat, then take your money and run, leaving you worse off financially. While you may be thinking that these scammers only reach out to potential victims through sites like Craigslist or social media, the reality is that your business can be contacted a number of ways, including through phony ads or email. To protect yourself from small business loan scams, you’ll want to check out the warning signs in this post and make sure that the terms, such as the interest and payment timelines, of any loan you’re looking into are fair.

Vanity scams

What they are: Vanity scams are a category of scam that preys on your desire to be acknowledged or to move up in status and rank. A typical vanity scam will offer you an award or recognition in some publication or group for a fee. Similarly, these scams could involve an admirer or fellow business owner flattering you and asking to partner with them. The partnership might involve you investing with them to form a new venture or sharing industry or trade secrets.

How to handle this scam: To avoid these scams, you’ll want to realize that if someone asks you to pay fees to join a society or claim an award you’ve never heard of, the membership or reward probably isn’t worth it. If you’re ever unsure about an award or society that reaches out to you, remember that you can always complete a quick Google search. Additionally, those who want to make an investment should remember that they’re better off reaching out to individuals they’re interested in partnering with, rather than responding to the requests of strangers.

Phishing, smishing and all of its super nasty variants

What they are: Phishing (and variants like smishing) is a scam that likely needs no introduction, given how prominent it’s become in the last few years. That said, you should know that phishing can create absolute nightmare scenarios for small businesses. Given their size, most small businesses don’t have the same cyberattack response that large organizations do, but unlike the average individual, small businesses will likely face personalized threats and must absolutely have a strategy to mitigate hacking, especially since these scams have cost businesses over $1.2 billion.

How to handle this scam: Because phishing refers to a wide range of attacks, it can be hard to pin down specific responses, but in general, you should keep the following in mind:

  • Avoid emails and texts from unsolicited sources. The key to avoiding phishing is to be skeptical of emails or texts you receive. For example, if you receive an ambiguous message about a new business opportunity, think twice before responding to it, as your legitimate business partners likely will not send you an out-of-the-blue opportunity with little information. Instead, if it’s some sort of business opportunity, they will probably provide you with all of the facts upfront or request a call to go over any details you need to know. If you’re ever in doubt of the authenticity of a message, under no circumstances should you open any links or content contained in the message. To be safe, you’ll want to reach out the individual who the text or email claims to be from — use the contact information you already have for that individual, as opposed to responding to the email or text. Keep in mind that scammers may try to target you via phone by calling and asking for your email or cell number to send you a special offer. As such, it’s best to avoid clicking on links in emails or text messages unless you’re 100% sure the sender is who they claim to be.
  • Don’t share personal information via email. This may sound obvious, but it’s a point that needs to be made, especially since more sophisticated phishing threats, like spear phishing, might leverage the names of people you know or work with in order to make a scam all the more enticing. For example, a W-2 phishing scam from earlier this year attempted to dupe employees into handing over their personal information to who they thought was a company manager or HR representative. Although these emails weren’t legitimate, forged email headers allowed scammers to use authentic company email addresses to trick victims into sending over the requested information. As such, if you ever receive a request for personal information via email or text, it’s best to contact the sender over the phone or in person before responding to their request — that’s the safest way to confirm it’s legitimate.
  • Understand how scams and social engineering works. Phishing, like many social engineering scams, is designed to motivate you with urgent or emotional appeals. Recognizing this constructed sense of urgency, especially when coupled with requests for compromising information (or money) is the key to identifying potential scams. To protect yourself and your business, it’s best to slow down and think about the request before you act. If someone is pushing you to do something right now, you should know that it’s probably a scam.

False invoices and charges

What they are: No one enjoys being double charged or charged for a service they didn’t ask for, but that’s exactly what some scammers aim to make your business do. These scams can take the form of fake refund checks (or overpayments and overcharges), bills for products or services you haven’t received or those you did receive but didn’t ask for.

How to handle this scam: The best thing to do in order to deal with this scam is to avoid signing up or paying for anything you don’t understand. For example, if you’re not sure about a payment structure agreement you’re thinking of making with another company, ask them to clarify, or if you receive an invoice from a company that you’re unfamiliar with, don’t pay it (or ask them about it before you pay anything). A company or service provider that can’t give you proof of service is likely a scam. Additionally, don’t cash checks that exceed an agreed upon payment amount, even if they come from business partners or customers you’ve worked with before, as it can also be a nightmare for your accountant. Finally, avoid sending money or payments to any individuals or organizations you don’t know or haven’t fully researched. Be sure you do your research before you provide money to any company that’s requesting it.

Businesses aren’t the only targets of scams, which is why the average consumer also needs to arm themselves with basic cybersecurity knowledge in order to defend themselves against the hazards of today’s world. Continue reading our scams blog to aid you in obtaining the knowledge you’ll need to stay safe.