Own a Business? Don’t Fall For These Costly Small Business Scams
Laura was a new employee, alone in the office of a flooring company. She got a call that the power bill hadn’t been paid and was about to be shut off. She was told to immediately go to a specific convenience store to pay the bill, with cash. She called her boss, and they quickly strategized how they would pay it. The bank recognized this common utility scam and flagged it when they were getting cash.
Looking back, it was easy for Laura and her boss to see the red flags of a scam. But scammers instill a sense of panic so people don’t stop and think.
Starting a business can be a labor of love. There are hundreds of little details to take care of. Scammers know that, and take advantage of it in multiple ways. Scams targeting small businesses and entrepreneurs have stolen billions of dollars over the last few years.
Scams cost consumers and businesses almost $8.8 billion in 2022, up 30% from 2021, which saw a 70% increase from 2020. The number of scams themselves decreased, but the amount stolen soared. Every business owner needs to be alert.
Small businesses lose an average of $150,000 and nonprofits have an average of $75,000 stolen from them through scam and fraud.
How to Prevent Small Business Scams
There are many common small business scams. We will help you understand and identify the scams and learn how to prevent most of them.
Scam Terminology
There are a few terms to know to help identify scams.
Phishing and Smishing: Scammers want to get your personal information, including social security number, passwords, and bank account numbers. Phishing is manipulating someone through email into giving that information, often by impersonating other people or companies. Smishing is doing it on your mobile device (where clicking on links can also put a virus on your device).
Spyware and Malware: Clicking on links sent through email or text can put spyware and malware onto your device. Spyware allows the sender to see your keystrokes and activity, and use it for identity theft. Malware is a virus that can lock down your information so it can be hacked, and held for ransom or used to gain access to your accounts.
Spoofing: The scammer will set the caller id to look like it is coming from an familiar or legitimate source.
Phishing: The scammer sets up fake profiles to make you think they are someone they are not.
Types of Small Business and Entrepreneur Scams
Scammers rely on people’s inattention and natural trust. They create a sense of urgency and panic so people won’t think twice. They make offers too good to be true, using people’s vulnerability.
But why? One of the reasons for stealing your information is so scammers can steal your business’s identity. They can use your bank and credit card accounts and even establish new accounts in your name. Be careful about releasing your TIN (tax id number) and other financial identifiers. They might try to degrade your business so a competitor has an advantage.
Here’s a look at some of the common scams out there.
Imposter Scams
There are several types of imposter scams. Email, invoice, Docusign, phone call or text — imposters come at you from every direction.
Here’s the text from an email that included an invoice for a $360 Bitcoin purchase:
We sincerely appreciate your confidence in our products and services, and we will use every effort at our disposal to make dealing with us a positive experience. You’ll feel more at ease when you know that our devoted support staff is available to you if you have any questions, require further details, or require any other help.
Let’s dissect this. There are numerous redflags — the note is way more effusive than typical business writing, the sender’s name is completely different from the email and the support contact number is Australian.
Document Scams
An imposter scam that is growing increasingly common is the Docusign scam. Here’s how it works: A business sends a document supposedly via Docusign. It might contain legitimate looking URLs, but if you hover your mouse over them (don’t click!) they may show a different address. If you are wary about a docusign email, contact the company and report it.
Fake Invoice Scams
Scammers send invoices from a familiar-looking company or email address. While the name might seem right, there’s usually a noted difference. For instance, the email address might come from @thepenyhoarder.com rather than Penny Hoarder.
How do they do it? Scammers figure out businesses that you work with through social media and lucky guesses and then create a web page that mimics the business’s page. Once you pay the fake invoice through the fake page, they have your credit card or banking information.
Scammers might also send merchandise that you didn’t order but demand that you pay for it. You do not have to pay for merchandise you didn’t order and you are not responsible for sending it back.
Utility Scams
One of the fastest growing scams types, utility scams come in two flavors. The most common we referenced above — a call telling the business that their utilities are about to be shut off, and, because of the timing, an immediate payment at a specific place must take place.
Scammers also masquerade as a government or private assistance program and offer to help pay utility bills. All you have to do is give them your credit card information, account numbers and passwords.
Phishing, Ransomware and other Email Scams
These can be devastating to your business. Scammers know that much of your business is digital. Communication, accounts, bill paying — all of it is online and on your computer. Be diligent when opening emails and clicking on unknown links. Phishing is just like fishing — scammers cast an email, instead of a line, to see if a sucker bites.
Scareware
Scareware is malware popups on your computer that falsely tell you there is a problem with your computer and you have to get in touch immediately for assistance. Then you are connected to the scammer who will steal your information and money.
Ransomware
Ransomware is malware that locks or encrypts your computer’s information, and you have to pay to have it released. Always have a backup of important information on another device.
Pharming
When pharming, scammers put malicious programs on your device that send you to fake websites to steal your information. You might think you are going to a legitimate website, but you’re not.
Fake Directory Scams
You are offered a great deal for adding your business’ name to a directory, but there is only a short time to take advantage of this offer! Don’t do it. Often the scammer will tell you it’s free, but they need your credit card information to put it through. The directory may not even exist, and if it does, they may not be true representatives of it.
Fake Reputation Fixing
Scammers will tell you that they can change online reviews, help you gain massive amounts of social media follows and comments and make sure your business shows up high in search engine results. (Legitimate reputation management companies can actually help you with some of this, though changing online reviews is a big red flag.)
Scammers, however, will take your money and then perform little or no work, possibly hold your website domain hostage for more money, or create problems and then charge a lot more to fix them. Always research reputation management companies.
Investment Scams
Investment scams made up $3.6 billion of the $8.8 billion scammed in 2022. It is especially important for entrepreneurs to be diligent about investment scams.
Investment scams usually start with the scammers offering to teach you real estate or financial markets investing so you will quickly make profits. They offer special tricks and positive testimonials that are totally fake.
Often they will start with a free seminar, then offer investment coaching that will enable you to quit your job and live off your investments. Or that your real estate career will immediately take off with their special training. The FTC has very good information about identifying these scams.
Scam Prevention Tips
There are common red flags for scams. The easiest way to prevent being scammed is to pay attention to the details. Businesses can set policies that prevent being scammed, and those policies can also help prevent fraud.
Don’t trust anyone asking you to pay with cash, gift cards, wire transfer, cryptocurrency, or any untraceable method. Never trust anyone creating a sense of panic or immediacy for the payment. Business emails should comply with the CAN-SPAM Act, which states they should label advertisements; should not be deceptive; give you an opt-out option; and contain a valid postal address.
Legitimate government agencies and businesses won’t ask you to send personal and account information over email. Never send your passwords, social security number, or personal information in an email.
Imposter scams can rename their email addresses to look like legitimate senders. Look at the actual address, instead of the name. Don’t ever enter information into a website that only starts with http — secure websites starts with https.
Don’t ever click on or download from the links in emails or texts asking you to verify information. Ever. Never.
Closely read invoices. Are they really from a company that provided a service or product? Is everything on the invoice a legitimate purchase? If there is a change in an account number, contact information, or payment details, get in touch with the company, using previous phone numbers or emails) to verify the change.
Don’t provide a credit card number for a free product. Scammers often make offers that seem to be too good to be true. They are too good to be true!
There are billions of scams happening every year, but most of them can be avoided. A little bit of skepticism can save you hundreds of dollars. There are many consumer scams to be aware of too, such as rental scams, Facebook Marketplace scams, and a slew of other scams.
The Penny Hoarder contributor JoEllen Schilke writes on lifestyle and culture topics. She is the former owner of a coffee shop in St.Petersburg, Florida, and has hosted an arts show on WMNF community radio for nearly 30 years.