According to a recent Better Business Bureau (BBB) survey, 67 percent of small business owners who responded said they faced more risk from being scammed than just three years ago.
As scammers have become more sophisticated, and there are more areas of vulnerability than ever before, small business owners must do more to be on the lookout for costly and preventable losses.
Understand that if the scam is big enough, it could cause serious financial damage to your business. In fact, in some cases, scammers put companies out of business because the impact was so significant.
Since the threats can come from just about anywhere, the first question becomes where to focus your efforts.
Where you’re most vulnerable to scammers
Scammers can come at you a hundred different ways and new schemes to separate you from your business’s hard-earned money crop up every day.
You need to be constantly vigilant, use your intuition when something doesn’t sound right, and be on the lookout for the most common scams as a way of building a protective wall around your business.
Small and medium businesses are particularly vulnerable because they generally don’t have the deep pocket resources that Fortune 500 companies have to implement high level cybersecurity and anti-scam measures. Scammers will always seek the path of least resistance and trying to defraud Apple or Microsoft is one thing, but quite another if you’re a local business.
In its research the BBB identified the six most common scams that small businesses face.
- Bank and credit card company imposters. These scammers pretend to verify account information, but in reality, they’re trying to get access to a business’s accounts.
- Government agency imposters. They threaten legal action if a small business does not pay fees or taxes that are supposedly due to the government.
- Fake invoice or supplier billing cons. Scammers may try to submit invoices for services or goods that the small business never ordered or never received.
- Fake checks for purchases. Scammers attempt to defraud a business with nonexistent funds in exchange for goods or services they received.
- Fake advertising or business listing scams. These are offered to businesses to improve their visibility and online presence.
- Tech support scams. A scammer will offer support, protection, or other services, take your money, and never actually perform the services.
The BBB and the Federal Trade Commission both advocate that one of the best ways a business can protect itself is by staying informed about the different tactics scammers use. It’s an ongoing process since the game keeps changing.
Oversight agencies such as the FTC, the U.S. Postal Service, and others have stepped up their efforts to protect businesses, but it’s an uphill fight for small and medium businesses.
Unfortunately, sometimes an ounce of prevention comes at the expense of being a pound of cure. Getting scammed brings focus to your already full plate as a small business owner, and many owners only implement measures after they become a victim.
If this is you, don’t be too hard on yourself. Your adversaries are cunning, and there are a lot of them.
What should you do if you’re a victim?
Chances are, you’re going to be angry if you fall victim to a scammer. That’s a natural response. Punch a wall if you need to, but then take more positive steps to see what you can do to make the best of a bad situation.
Take a deep breath, gather as much documentation and evidence as you can, and then report the scam. Believe it or not, many businesses do not, either because they feel the effort is futile, that they’ll never recover their losses, or they simply don’t know how or where to report it.
Reporting the scam not only gives you a fighting chance to catch the scammer and be made whole, but it also allows law enforcement agencies to track different types of scammer activities. This information can then be shared as part of a public outreach effort. It also shows trends that allow these agencies to shift and devote resources to areas where they can do the most good.
Try to match the law enforcement agency to the type of scam. If you’ve been a victim of a crime that violates federal law, then federal law enforcement agencies can be tapped to try and deal with your case.
Federal Trade Commission
For example, if you’re the victim of any type of fraud, one of your first contacts should be with the Federal Trade Commission. This agency protects consumers and businesses. You can file a complaint, report identity theft, get consumer alerts, and tap into a wealth of free information for all types of scams and white-collar crimes. The FTC won’t be able to resolve your individual case, but if you are one of many who are victimized, they can use this information to go after perpetrators.
If you spot a scam or think your business has been victimized, report it to FTC.gov/Complaint.
The FTC also offers tips on protecting your business from scams with a dedicated Protecting Small Businesses web page. As a small business owner, you’ll find information on cybersecurity, protecting your customers’ personal information, what to do if there’s a data breach in your business and more.
Local Law Enforcement
If you’ve been scammed, on a more local level, you should file a report with your police department. They may or not be able to assist you in bringing the scammers to justice, but again, they will also use the information to spot trends and deploy resources so that others aren’t scammed as well. If the scam is widespread enough, sometimes local law enforcement will also reach out to local news media to help spread the word.
The Federal Bureau of Investigation (FBI)
The FBI oversees the Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3). This entity investigates possible internet-based crimes. They work with appropriate federal, state, and local law enforcement agencies to take action against criminal activities.
State Attorney General’s Office
If a scammer has victimized you, contact your State Attorney General’s Office or the Secretary of State where you’re located. Also, find out what state a scammer may be in and report the scammer to the Attorney General’s office in that state as well.
You can find State Attorney General contact information at NAAG.org.
The U.S. Postal Service
If you were scammed using the U.S. Postal Service in any way, you can file a complaint with your local postmaster or file a complaint online with the USP Inspection Service.
Your Bank or Credit Card Company
If you used a credit or debit card and a scammer victimized you, there may be protection against losses. Many banks and credit card companies will refund your money if they determine you were a fraud victim. Every company is different, but it’s worth checking into if your business has been defrauded.
The National Consumers League (NCL)
This nonprofit advocacy group protects consumers in several ways. They operate Fraud.org, where you can file a complaint about fraud. While they will not help you recover losses, they can expedite your complaint to the proper law enforcement agencies.
Better Business Bureau
You can also file a complaint with the Better Business Bureau. If you don’t know details about the scammer, this may be a less effective strategy since you want to try and file the complaint where the scammer is located if they are a known business entity. At the very least, people who search the BBB for information can see the complaint, which may help other businesses avoid being scammed.
Steps to take going forward
Depending on your situation, getting any lost money back may be difficult. The best you may be able to do is to harden yourself against being a victim again.
Examine your current levels of security. Can you do more, within your budget, to enhance your protection? Another critical step to take is to educate yourself and your employees about how scammers work, what red flags to watch for, and what to do if you spot anything suspicious.
If your company’s financial information was accessed or stolen as part of a scam, change as much information as you need to for maximum security. You may only need to change passwords, or you may have to close accounts and reopen new ones instead.
If your phone or computer was hacked, spend the money to have a top tier security person either wipe the phone clean of malicious software or take other steps to ensure the breach no longer exists.
Develop a cybersecurity plan that looks at risks and addresses what proactive mitigation efforts you should take. Part of this should include a stringent password policy for all employees and their devices. Among other things, use 2-factor or multi-factor authentication when possible.
Take a look at your data storage needs and processes. Often, scammers can nail a business through the back door this way. When you update with the latest security patches on your phones and computers, also make sure your data storage is equally protected as well. Uncompromised data storage is critical, especially in cases where businesses are victims of ransomware schemes.
And finally, provide security training for your employees. Teach them to spot scams in advance. Scammers know the weakest link in a business may be the human element. Don’t let that be the case in your business.