How to protect your business against online scams

Have you ever felt it? 

That humiliating devastation of being duped by online scams.  

It’s a ruthless digital world out there, and when you’re focusing on the day-to-day running of your business, protecting it against an attack might be the last thing on your mind.

But it’s crucial to safeguard your business against fraudsters. Even if your company is growing from strength to strength, when it comes to online scams, it’s vulnerable. So, you need to ensure that you and your staff are savvy enough to spot a con when it pops into your inbox.

Fortunately, there are steps you can take to avoid being caught out…

Types of Online Scams

1. Don’t be fooled by fake invoice scams

This simple con takes advantage of any flaws in your financial operations and can catch busy finance departments off guard.

A fraudulent invoice might take the guise of a new company or one that’s already a frequent supplier. How could they know who your suppliers are? Well, emails can be hacked, and scam invoices will imitate ones you’ve received in the past.

The consequences of falling for fake invoices can be disastrous, especially for a smaller business, so be sure to put robust approval procedures and checks in place:

• Match the invoices received to purchase orders and receipts.
• Have multiple people authorise the payment, ideally including the person or department that made the purchase.
• For an existing supplier, double-check bank and payee details are the same as previous invoices and query anything new directly with that business using a trusted point of contact.
• For any invoices from a new supplier, search them online to ensure they look legitimate (more on what to search for below).

Be on the lookout for invoice warning signs – such as changes in details or formatting, blurry logos or unusual sums – and raise all concerns for checking.

2. Beware of overpayment scams

A classic that’s seen a resurgence recently is the overpayment scam.

Any business that promotes its products or services online (which is almost everyone these days!) is vulnerable to this scam.

It runs like this: a “customer” places a large order but, unbeknownst to you, the credit card they use to pay for it is stolen. They then get in touch with a sob story about needing to cancel and ask for a full or partial refund. The ploy is to get you to send money to a different account – the scammer’s account. 

Let’s say you unknowingly send the refund and think that’s the end of it. It gets worse.

Often, the true owner of the credit card will file a chargeback, meaning you get stung with another refund.

So, how do you avoid this?

Firstly, always confirm customer information before payment. This should help to flag up potential fraud. Never forward money to a third party; only refund the original card. Also, ALWAYS complete your regular checks and processes no matter the payment size, the sense of urgency, or the pressure placed upon you. Never rush the process.

3. Think twice about advanced fee scams

Advanced fee scams dangle a carrot in front of you, get you to pay for it upfront, and then the carrot never materialises. Or it’s a measly radish instead.

And you end up one hungry, out-of-pocket donkey.

The problem with advanced fee schemes is that they come in many shapes and sizes. It often relies on storytelling and marketing to convince you that whatever the vegetable is, it’s worth paying for upfront.

Here are some examples of advanced fee scams that might target a business:

• Awards – These rely on us falling for flattery. “Congratulations on being nominated for or winning the Customer’s Choice Award! All you need to do is part with your money to receive it…”
• Membership of a professional club or directory – Again, tickling your ego, these potentially fraudulent offers will invite you to join a new professional club or list you in a “Who’s Who” of businesses in your industry. 
• Offering investment – In these cases, the fraudster might target those businesses going through hard times. They’ll angle for an upfront “finder’s fee” for procuring the investment… which will never appear.

With these kinds of operations, once you’ve parted with your money, you’ll never hear from them again, no matter how many phone calls or emails you make demanding a refund or what you paid for.

To avoid this, make sure you research whoever’s making the offer. (As a standing rule, if you’re considering trading with an unfamiliar company, investigate them.) Any business with a post office box as its business address needs to be dealt with cautiously.

4. Guard yourself against imposter scams

Many businesses like to showcase their team members as part of their marketing. It’s a wonderful way to make your business personable and bring it to life.

However, with more information about employees and business heads available on websites and social media (particularly LinkedIn), it’s easier for scammers to try impersonating someone in the company.

Even we at Formation Media have recently been targeted by an imposter.

Our administrator received an email supposedly from a member of staff asking for their bank details to be changed on the payroll system. Luckily, our savvy staff were immediately on guard. They spotted the red flags: unusual wording and the non-work email address. All it took was a quick conversation with the impersonated employee in question to uncover the truth.

Another common scam tactic is for someone pretending to be a high-level member of the business to contact those in finance – often new or junior team members. They use high-pressure tactics to try and force payment to their own account. 

As mentioned before, fortify your financial department and processes with a no-exceptions policy.

Set a clear process for staff to amend their personal details with the company. Then follow up and confirm such requests via a more personal form of communication - ideally, face-to-face, over the phone or via video call.

5. Don’t get caught on a hook by online phishing scams

Not all scammers are immediately out to get your money.

This particular fraud tactic might sound like a nautical pastime, but it’s far more sinister and duplicitous. 

So, what are phishing scams? Phishing refers to deceptive messages that try to coerce or trick someone out of sensitive information like personal details or passwords.

Just like a burglar might scope out a property, digital scammers initially try squeezing out information about your business first. Once they have these details, they can seem more convincing when they go in for the kill to access funds.

How might they trick you out of giving away your information? Often through the use of links in emails.

You might receive a message apparently from an online service you use, warning of an issue with your account. “Click here to log in and rectify the issue.” However, the link will direct you to a phoney site mimicking the real deal in order to steal the information you enter there. 

Get in the habit of hesitating before clicking links in emails. Try to find your own route to whatever is being signposted. For instance, if a link is supposed to take you to a well-known site to log in to your account – find the website for yourself in your internet browser history or via a search engine.

Next, look at the sender’s email address – NOT their name. Unfortunately, often in our email inboxes, the actual address is obscured behind the name they’ve chosen to pose as, such as “Company Name Customer Service.” Make sure you check the address, as obscure ones are often a sign of something phishy going on (pun fully intended).

6. Watch out for online tax scams

We’ll finish where this started.

The impetus for this article was one of our directors at Formation being regularly targeted by proxy companies offering to secure tax refunds for the business.

For example, Appeal Business Rates. 

Here’s the thing: applying for a business rates refund or checking whether you’re able to receive one is something you can do for free!

The moral of the story is to always do your research on the company or service first.

There are straightforward steps you can take:

• Check on the government website whether there’s a way to do this for free (or cheaper) yourself – there usually is!
• Search them online and try including phrases like “company scam” to see if anyone else has already raised warnings about them.
• Inspect their website. If there are no contact details, that’s an immediate danger sign. Reputable companies should have a company registration number (CRN), well-considered privacy policies and terms and conditions (usually found at the bottom of the webpage). 
• Find them on Companies House and investigate their filing history. Look out for red flags like their accounts being overdue or strike off action (forcing the company to no longer exist).
• Find reviews of the company on Trust Pilot – it might be tricky to find them so try searching for the name they’ve registered with companies house.

It might take 2-10 minutes to do this research but it could save you thousands!

The golden rules to avoiding online scams

Wherever your business details and finances are concerned, be protective and on guard.

Never forget: if something seems too good to be true, then it probably is. Question everything and do your research.

So, go forth and arm your business against digital cons!

FAQs

How do I report online scams or scammer ?

If you reside in England or Wales and believe you were the victim of an online scam or fraud, you can contact Action Fraud. You can reach Action Fraud in the following ways:

• Call Action Fraud on 0300 123 2040
• Complain online on the Action Fraud website (you can choose to sign up or report as a 'guest')

Can the bank refuse a refund if I’ve been scammed or part of an online scams?

Yes. The bank can refuse a refund if they determine that you were grossly negligent, for example, if you shared your password or PIN with the scammer.

What can a scammer do with my personal information?

The scammer can use your name, date of birth and address to create another ‘you’. Identity thieves rely on a variety of methods to discover your personal information. Once they acquire the information, they can use it to take out credit cards and loans, apply for state benefits and even open bank accounts in your name.

How to identify a scammer online?

Signs of an online scammer include:

• Someone you don’t know unexpectedly calls you
• The promises appear too good to be true – for example, when something is much cheaper than you’d expect
• The person requests you to send money immediately
• They ask you to pay through an unusual method, such as MoneyGram or Western Union
• You have been asked to give personal information such as passwords or PINs