Revised – November 19, 2021

According to a survey conducted by the Better Business Bureau (BBB) at the start of the pandemic, 67% of small business owners who responded said they faced more risk from being scammed than just three years ago.

And it doesn’t appear things have gotten better during the past 18 months.

A recent survey by the Association of Certified Fraud Examiners (ACFE) reveals that 77% of respondents have seen an uptick in fraud since the outbreak began. This trend is expected to continue with increases in every business category. The largest upswings have been in insurance, loans, bank, and financial fraud.

Small businesses are particularly vulnerable if they have an e-commerce presence. It is estimated that about two-thirds of all consumers have increased online shopping due to the pandemic. Pandemic related payment fraud has increased dramatically, as more and more criminals use unauthorized credit cards, gift cards, and digital wallets to make bogus purchases. That means businesses are stuck with the bill.

As scammers have become more sophisticated, and there are more areas of vulnerability than ever before, small business owners must do more to be on the lookout for costly and preventable losses.

Since the threats can come from just about anywhere, the first question becomes where to focus your efforts.

Where you’re most vulnerable

Much like the Covid-19 virus, scammers have also produced variants on old scams.

What are those most common scams? In its survey results, the BBB identified the six most common scams that small businesses face:

• Bank and credit card company imposters. These scammers pretend to verify account information, but in reality, they’re trying to get access to a business’s accounts.
• Government agency imposters. They threaten legal action if a small business does not pay fees or taxes supposedly due to the government.
• Fake invoice or supplier billing cons. Scammers may try to submit invoices for services or goods that the small business never ordered or never received.
• Fake checks for purchases. Scammers attempt to defraud a business with nonexistent funds in exchange for goods or services they received.
• Fake advertising or business listing scams. These are offered to businesses as a way to improve their visibility and online presence.
• Tech support scams. A scammer will offer support, protection, or other services, take your money, and never perform the services.

The BBB and the Federal Trade Commission (FTC) both advocate that one of the best ways a business can protect itself is by staying informed about the different tactics scammers use. It’s an ongoing process since the game keeps changing. As part of trying to keep your business afloat, you’ve got to become a post-pandemic student and master at the same time.

Oversight agencies such as the FTC, the U.S. Postal Service, and others have stepped up their efforts to protect businesses.

Unfortunately, sometimes an ounce of prevention comes at the expense of being a pound of cure. Getting scammed brings focus to your already full plate as a small business owner, and many owners only implement measures after they become a victim.

If this is you, don’t be too hard on yourself. Your adversaries are cunning, and there are a lot of them.

What should you do if you’re a victim?

Chances are, you’re going to be angry if you fall victim to a scammer. That’s a natural response. Punch a wall if you need to, but then take more positive steps to see what you can do to make the best of a bad situation.

Take a deep breath, gather as much documentation and evidence as you can, and then move quickly to report the scam. Believe it or not, many businesses do not, either because they feel the effort is futile, that they’ll never recover their losses, or they simply don’t know how or where to report it.

Reporting the scam gives you a fighting chance to catch the scammer and possibly be made whole and allows law enforcement agencies to track different types of scammer activities. This information can then be shared as part of a public outreach effort. It also shows trends that allow these agencies to shift and devote resources to areas where they can do the most good.

Try to match the law enforcement agency to the type of scam. If you’ve been a victim of a crime that violates federal law, then federal law enforcement agencies can be tapped to try and deal with your case.

Federal Trade Commission

For example, if you’re the victim of any type of fraud, one of your first contacts should be with the Federal Trade Commission. This agency protects consumers and businesses. You can file a complaint, report identity theft, get consumer alerts, and tap into a wealth of free information for all types of scams and white-collar crimes. The FTC won’t be able to resolve your individual case, but if you are one of many who are victimized, they can use this information to go after perpetrators.

If you spot a scam or think your business has been victimized, report it to FTC.gov/Complaint.

You can also subscribe to the FTC’s Business Blog at FTC.gov/Subscribe or sign up for scam alerts at FTC.gov/scams.

The FTC also offers tips on protecting your business from scams with a dedicated Protecting Small Businesses web page. As a small business owner, you’ll find information on cybersecurity, protecting your customers’ personal information, what to do if there’s a data breach in your business and more.

Local Law Enforcement

If you’ve been scammed on a more local level, you should file a report with your police department. They may or not be able to assist you in bringing the scammers to justice, but again, they will also use the information to spot trends and deploy resources so that others aren’t scammed as well. If the scam is widespread enough, sometimes local law enforcement will also reach out to local news media to help spread the word.

The Federal Bureau of Investigation (FBI)

The FBI oversees the Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3). This entity investigates possible internet-based crimes. They work with appropriate federal, state, and local law enforcement agencies to take action against criminal activities.

State Attorney General’s Office

If a scammer has victimized you, contact your State Attorney General’s Office or the Secretary of State. Also, find out what state a scammer may be in and report the scammer to the Attorney General’s office in that state as well.

You can find State Attorney General contact information at NAAG.org.

The U.S. Postal Service

If you were scammed using the U.S. Postal Service in any way, you can file a complaint with your local postmaster or file a complaint online with the USP Inspection Service.

Your Bank or Credit Card Company

If you were victimized using a credit or debit card, there may be protection against losses. Many banks and credit card companies will refund your money if they determine you were a fraud victim. Every company is different, but it’s worth checking into if your business has been defrauded.

The National Consumers League (NCL)

This nonprofit advocacy group protects consumers in several ways. It operates Fraud.org, where you can file a complaint about fraud. While it will not help you recover losses, it can expedite your complaint to the proper law enforcement agencies.

Better Business Bureau

You can also file a complaint with the Better Business Bureau. If you don’t know details about the scammer, this may be a less effective strategy since you want to try and file the complaint where the scammer is located if they are a known business entity. At the very least, people who search the BBB for information can see the complaint, which may help other businesses avoid being scammed.

Steps to take going forward

Getting lost money from a scam may be difficult. The best you may be able to do is to harden yourself against being a victim again. Many businesses used their down time during the pandemic to do this. If you’re still experiencing a lull, this might be a good place for you to focus your efforts in the short term.

Examine your current levels of security. Can you do more to enhance your protection? Another critical step to take is to educate yourself and your employees about how scammers work, what red flags to watch for, and what to do if you spot suspicious activity.

If your company’s financial information was accessed or stolen as part of a scam, change as much information as you need to for maximum security. You may only need to change passwords, or you may have to close accounts and reopen new ones.

If your phone or computer was hacked, ensure the device is wiped clean to ensure the breach no longer exists.

Develop a cybersecurity plan. Part of this should include a stringent password policy for all employees and their devices. Among other things, use two-factor or multi-factor authentication when possible.

Take a look at your data storage needs and processes. Often, scammers can nail a business through the back door this way. When you update with the latest security patches on your phones and computers, also make sure your data storage protected as well. Uncompromised data storage is critical, especially in cases where businesses are victims of ransomware schemes.

And finally, provide security training for your employees. Teach them to spot scams in advance. Scammers know the weakest link in a business may be the human element. Don’t let that be the case in your business.

1) Protect your computer: Install a firewall, anti-virus and anti-spyware software. Check for and install the latest updates.

2) Shop trustworthy websites: Look for the BBB seal and other widely-recognized “trustmarks” on retail websites. Click on the seals to confirm they’re valid.

3) Protect personal information: Read a site’s privacy policy and understand what personal information is being requested and how it will be used. If no policy is posted, that’s a red flag that they may sell your information without your permission.

4) Beware of too-good-to-be-true deals: Offers on websites and in unsolicited e-mails may offer extremely low prices on hard-to-get items. There may be hidden costs – or your purchase may sign you up for a monthly charge. Look for and read the fine print.

5) Beware of phishing: Legitimate businesses do not send e-mails claiming problems with an order or account to lure the buyer into revealing financial information. If you receive such an e-mail, the BBB recommends picking up the phone and calling the contact number on the website where the purchase was made to confirm any problem with the transaction.

6) Confirm that your online purchase is secure: Look at the website address or URL in the box at the top of your browser screen. There should be an “s” after “http” or a lock symbol in the lower right-hand corner of the screen. If you have doubts about security, right-click anywhere on the page, and select “Properties” to see the real URL. The dialog box should say whether the site is encrypted.

7) Pay with a credit card: Under federal law, you can dispute the charges if you don’t receive the item. Shoppers also have dispute rights if there are unauthorized charges on the card, and many card issuers have “zero liability” policies if someone steals your card number and uses it. Never wire money.

8) Keep documentation of your order: Save a copy of the confirmation page or e-mails confirming the order until you receive the item and are satisfied.
Check your credit card statements often: The BBB recommends that you check your account regularly for suspicious activity by going online or calling your credit card company. Make sure statements match up with purchases you know you made.

9) Know your rights: Federal law requires that orders made by phone, mail or online be shipped by the date promised, or within 30 days if no delivery time was stated. If goods are not shipped on time, shoppers can cancel and demand a refund. Consumers also may reject merchandise if it is defective or if it was misrepresented.

For more information about shopping safely online, visit the Federal Trade Commission’s website at www.onguardonline.gov.