For small-business owners, it’s a jungle out there every day. Through a variety of methods, nefarious individuals are trying to steal their company’s data, passwords and money. This is much more difficult to defend since small businesses typically don't know every person or company they do business with.
Thieves have become much more sophisticated than the original “419” or "Nigerian Princess" scams. Learn how to protect your business from these 11 all-too-common scams.
1. Your password has expired. An official looking email arrives from your email provider or other cloud-based provider explaining that your password has expired or your account is over the storage limit. You are instructed to log in to the provided link to get this fixed. Once you do, the scammer captures your password information and anything else attached to it.
How to beat the scam: No service provider will email you out of the blue like this—these types of notifications usually appear upon logging into a service. Also check the email address and the URL of the provided link. While these can be masked, many times they are not and reveal that the source is not the service provider.
2. Online orders or invoices. You receive an email confirming that your order for a common office supply product has shipped, or a notification from UPS about a pending product delivery. The attached "invoice" is typically a zip file. Click on the zip file, and your computer network gets infected.
How to beat the scam: Phony invoices are sometimes sent for products never ordered. Notifications of real orders never arrive by zip file. Establish purchasing controls at your company that include a list of approved vendors and a check against real purchase orders before paying anything.
3. Directory advertising. Callers solicit your company to place an ad in a local business directory. Unfortunately, the directory never comes out.
How to beat the scam: Examine past directories and talk to customers in those listings to see if they had worthwhile results.
4. Government information needed. You receive an email from the FDIC claiming it has information about your bank accounts. You hand over, right to the scammers, your banking information.
How to beat the scam: Government agencies like this would never contact you by email. Do not respond.
5. The customer overpaid. A customer "accidentally" overpays for a product by credit card or check and asks immediately for your company to wire the difference back to them before the payment has cleared. The check typically bounces or the credit charge is voided later by the customer.
How to beat the scam: Only refund purchases with the same method after payment has cleared the bank.
6. Your company is a winner! You are congratulated about receiving a “prestigious” award for your business, but to receive it you have to pay for a trophy, plaque or directory. This is the updated version of the “Who’s Who” book scam. The awards are bogus and just used to sell your company some products or services.
How to beat the scam: Keep your ego in check and refuse to participate.
7. Domain renewal notification. You receive an email or a letter that your domain is up for renewal but from a different hosting provider. Alternately, your company receives an invoice for a domain that looks similar to your company’s address, but is spelled differently. You pay for a renewal of a domain you don’t want or pay to the wrong service provider.
How to beat the scam: Check your invoices carefully.
8. Email address blackmail. You get a notification that a recent marketing email you sent included a name that is from a licensed database. They threaten to sue you if you don't pay the $7,500 license fee.
How to beat the scam: Make sure every name has opted in on your list.
9. Donation to a worthy cause. You receive an email soliciting money for a recent disaster. However, the money never gets donated to the cause or the credit card information is simply stolen.
How to beat the scam: Only donate to causes your company independently selects. Go directly to that website to donate.
10. Hotel request for information. You are awakened in the middle of the night from the hotel front desk wanting to verify your credit card information. They want you to repeat your number, expiration date, security code and zip code. But it's not the front desk. It's a person unaffiliated with the hotel, who is calling random rooms in an effort to capture credit card information.
How to beat the scam: Hang up and call the front desk from your room to verify the request.
11. Free WiFi. If you're a business traveler, you probably hate to pay for WiFi. In searching for an open hot spot, you come across one that has the hotel’s name on it. To sign in, you are directed to a site that captures your room number and credit card info.
How to beat the scam: Ask the hotel for the specific name of the network or find a place where you pay a fee that has a secure login.
Read more articles on how to manage your money.