Data Destruction St Louis | Secure Document Destruction of St. Louis

  • Business Shredding
  • Residential Shredding
  • FAQs
    • Business Document Destruction FAQs
    • Residential Document Destruction FAQs
  • Blog
  • Contact Us

by

What Type of Scams Should You Guard Against? Part 1: Business Case Studies

 

What Type of Scams Should You Guard Against? Part 1: Business Case Studies

When you’re a small business owner, as if you don’t already have enough to worry about, crooks have become a lot more sophisticated in trying to scam you out of your hard-earned money.

Many scams fall into the same overall types of scams. According to a recent Better Business Bureau survey, the six most common of these that small businesses need to protect against are:

  • Imposters posing as a bank or credit card company and pretending to verify account information but with the actual intent of gaining access to a business’s accounts.
  • Scammers pretending to represent various government agencies who threaten to impose fines or take similar enforcement actions if a business does not pay fees or taxes.
  • Fraudsters who offer businesses increased visibility through advertising, advanced search engine techniques, and business directories.
  • Sending a business an invoice for services never rendered or trying to induce a business to pay for products it never ordered or received.
  • Paying for goods and services with fraudulent checks from non-existent accounts.
  • Scams involving tech support or ransomware demands.

Spotting a scammer

Although every scam and every scammer are unique, most all share the same general characteristics. Here are some red flags to look for:

  • They pretend to be someone you trust, either in the guise of a company, person, or government agency.
  • They create a sense of urgency by setting a short deadline to respond.
  • They use fear and intimidation, pressuring you to send a payment before you can check out their claims.
  • They use wire transfers, gift cards, or other untraceable payment methods.

Business Case Studies

It’s impossible to list even a small fraction of all the scams targeting businesses today. However, the following case studies will give you an idea of some of the tactics scammers use.

Business email compromise (BEC)

This is sometimes referred to as CEO fraud. Losses are estimated at more than $5 billion globally, and that figure continues to rise as scammers refine their already sophisticated tactics.

BEC involves a crook gaining access to a business owner’s corporate email account. The scammer then spoofs the owner’s identity to defraud the company. Favorite targets include companies that often conduct business with overseas suppliers of who routinely transfer money through wire transfers.

This form of transferring money is especially vulnerable because legitimate wire transfer requests are often urgent, and in most cases, the resulting wire transfer will be processed immediately. Companies that work using this model often don’t take the time to sign forms or wait for callbacks to confirm the transfers, creating further exposure.

It’s estimated that about 40% of all business victims of BEC are small or medium-sized businesses.

BEC remains an ongoing problem despite the requirements that banks are required to implement enhanced security measures to verify transfers.

An example of how BEC can happen

In 2018, an authorized wire transfer originator for a non-profit business client of First Business Bank made a wire request transfer of $28,626 to a person at Wells Fargo Bank. First Business Bank verified the documentation and initiated an authentication process to verify the legitimacy of the request. Later that day, the non-profit’s Executive Director contacted the bank to report the wire request was fraudulent and that it should not have been approved.

The Executive Director had approved the request, which he thought was from a colleague who was also an authorized account representative. But upon closer inspection of the request, it was determined the request was a fraud.

WannaCry ransomware attack

In 2017, the WannaCry ransomware cryptoworm hacked into computers running the Microsoft Windows operating system. It encrypted data and demanded Bitcoin ransom payments. Although the attack stopped when Microsoft issued an emergency patch in just a few days, it was estimated to have infected more than 200,000 computers in 150 countries.

Losses ranged from hundreds of millions of dollars into the billions of dollars. In late 2017, the United States, U.K., and Australia formally accused North Korea of being behind the attack.

Petya cyber-attack

Also, in 2017, The Petya ransomware attack took place. The software took over computers and demanded $300 in bitcoin. It also exploited Microsoft operating systems, specifically something known as the EternalBlue vulnerability. It appears to have started through a software update mechanism for companies working with the Ukrainian government.

It affected banks, power utilities, and even the radiation monitoring system at Chernobyl had to be taken offline. Ultimately, Petya caused serious disruptions at companies throughout the United States and Europe.

The IRS W-2 phishing scam

In recent years, phishing scammers have sent out fake emails that look like they are being sent from various businesses and corporations. These emails request personal information of employees under the guise of obtaining important tax and compliance information.

This scam requires that bad guys know who has access to W-2s in your business who has the authority to ask for this information.

In one year alone, this scam impacted more than 120,000 employees at 100 different businesses in the United States.

The phony Amazon attack

Under this scam, hackers send out what appears to be legitimate deals to businesses and consumers who are Amazon customers. When a recipient attempts to purchase the deal, the transaction is not completed. Instead, customers are redirected to a page to input data that can be stolen and used by hackers.

A variation of this is a scammer who will send out an email appearing to be from FedEx or USPS with the subject line “Shipping Information.” When a recipient opens a link in the email, they are directed to a page that downloads a virus on to the person’s computer, which can then be held for ransom.

The non-profit filed an incident report with the Internet Crime Complaint Center, worked with law enforcement, and contacted the beneficiary bank, among other actions.

Chipotle data breach

The vast majority of 2,000+ Chipotle employees were hit by a data breach that occurred when Eastern European hackers sent emails to staff that turned out to contain malware.

For three weeks, this malware allowed the hackers to gain access to each store’s POS system and access customers’ “track data,” which includes credit or debit card numbers, expiration dates, and verification codes that are stored on a card’s magnetic strip. The breach affected restaurants in 47 states.

Shell companies are often inside jobs

A shell company exists only on paper. It provides no goods or services. It is also one of the easiest ways for an employee to execute a fake invoicing scam.

The employee will set up a company in a friend’s or relative’s name, and then invoice their own company as a means of collecting payments. Most of the time, the employee will have some level of knowledge on how invoices are processed, or they may even be the employee doing the actual processing. That means they know what dollar amounts to stay under to avoid detection, making it easy to scam an employer for years.

Lawyers are not immune

Believe it or not, attorneys are often victims of business scammers. It happens in a couple of different ways.

A lawyer may be contacted by a “client” claiming a business owes them money and that if the lawyer collects this money, they’ll earn a fee. The lawyer reaches out to the “debtor” who sends a fake check to the law firm to pay the debt. The firm deposits the money, and the client directs the lawyer to deduct their fee and wire the balance to an account, which turns out to be untraceable or in another country.

Similarly, attorneys in divorce settlements may receive a supposed settlement, which is actually a fake check. They deposit the money, distribute the funds, and then find out from the bank that the check is a fake, leaving them on the hook if they’ve already sent out money to a client.

The overpayment scam

In this type of scam, a “vendor” or customer may contact a business, purchase a product or service, and then send a payment in for more than the amount they should have paid. Fraudsters then ask the business to wire them a refund using a wire transfer or other similar means.

This type of fraud is also prevalent on Craigslist for people who are selling big-ticket items like cars or boats.

A few more “inside job” hits…

From CFO Daily, here are some brief real-life examples of how employees scammed businesses:

  • An IKEA employee mastered the company’s phone and mail order system and issued himself $400,000 in refunds for purchases made by customers in a single year.
  • A Calgary Transit employee swiped almost $375,000 by pocketing about $200 a day in coins while he was a fare counter.
  • A U.S. postal worker in Washington, D.C. took the agency for $40,000 by claiming he was stuck in jury duty for a case that lasted 144 days.
  • A former embezzler turned theft prevention specialist put his talents to use by scamming Block Communications out of more than $1.1 million for a firm he was supposedly trying to protect.
  • The FBI caught a former Quest Diagnostics manager who stole more than $1.2 million through false expenses using fake companies and invoices. His reward was five years in prison.

By better educating yourself as a business owner, you can harden your business against scammers, hackers, and fraudsters. Your business’s very survival may depend on how well you proactively fend off attacks from criminals looking to take advantage of you.

Filed Under: Security

About

John has lived and breathed the document security industry for the last decade.  John prides himself on SDD’s ability to innovate and consistently stay ahead of the curve.  However, his approach toward the business has stayed consistent, delivering incredible customer service and complete document destruction for the St. Louis area.

Other posts you might like...

  • How and What Business Documents to Destroy: Keep Your Business Legal and Secure.
  • Having a Document Destruction Strategy in Place is Especially Important in a Post-Pandemic World
  • Does Your Business Need Cyber Liability Insurance?

Free Quote

Secure Document Destruction

We specialize in secure onsite document and data destruction across the St. Louis Metro area!

Testimonials

"Thanks, John. Your company is first rate and I have already recommended it to several friends and relatives. Keep up the good work!"
Mike W.
"Thank you John. The service provided by SDD was outstanding. You provided everything that was promised and at the designated time arranged and I might add that your man that handled the job couldn't have been nicer or accommodating.. It is rare to find businesses that follow through with their promises. We appreciated doing business with you and would recommend SDD to anyone needing this service. Thank You!"
Joe B.
Distribution Sales, Leviton Manufacturing
"John did a great job! Friendly, answered all my questions, very helpful. Thanks for providing good service!"
Lana E.
Alton, IL
"We had a problem when our previous shredding company raised their prices sky-high. When we called SDD; John gave me a quote over the phone and came out the next day. They performed the same size job in about half the time, … at a lower price! We would recommend them highly to anyone who needs shredding."
Chris K.
Missouri Insurance Exchange
"It gives our company "peace of mind" to depend on the professional & personable, fast & efficient shredding services of Secure Document Destruction of St. Louis. I would highly recommend SDD STL. The service and price is exceptional!"
Laura K.
La De Da Entertainment
"Secure Document Destruction is AWESOME!! John always takes great care of us, the service is fast and reliable; John, our service/driver is great too. Looking back, I wish I would have switched to SDD sooner! 5 out of 5 stars!"
Tracy T.
Central Bank of St Louis
"Thank you! Everything went very well. Great customer service from beginning to end!! I am sure we will be in touch for future clean up projects."
Amy F.
Oasis Institute
"THANKS!!!! My house feels better with ALL that paper gone! The service was excellent!!! Thanks again!"
Kathy Ames
Desoto, MO
"SSD provided the shredding services for my business when I closed in 2013 and again in 2024 when I called on them to shred the last of the documents that had been held in storage. They were friendly, honest and very helpful throughout the difficult process which was made easy with their professionalism over the years I dealt with them and I highly recommend them."
Bob L.
Rock Hill, MO
"You and John are wonderful people and I thank you so much for working with me. God Bless you both."
Laura E
"Your service/driver guy, JP just came and did our pickup. He is such a nice, friendly person and so are you. It is great doing business with you guys."
Berry Silberberg Stokes PC

Contact Us

Secure Document Destruction of St. Louis
2517 Adie Rd.
Maryland Heights, MO 63043
(Appointments only at this location. Please call 314-795-0004)

314-795-0004
Fax: 618-281-7153
In Illinois: 618-281-3245

Email Us

About Us

  • Email
  • Facebook
  • LinkedIn

Services

Onsite Shredding Service
Commercial Shredding Service
Residential Shredding Services
Hard Drive Destruction
Data Destruction
Routine Service
One-time or Purge Service
Document Shredding Services
Mobile Shredding Services
Document Destruction Services
Residential Shredding Services
Medical Records Shredding

Categories

STLCHAMBERLOGONAID AAA LogoOFallon-Chamber-Logo

Review Us

  • Business Shredding
  • Residential Shredding
  • FAQs
  • Blog
  • Contact Us

Copyright © 2025 · Secure Document Destruction