Have you ever felt it?
That humiliating devastation of being duped by online scams.
It’s a ruthless digital world out there, and when you’re focusing on the day-to-day running of your business, protecting it against an attack might be the last thing on your mind.
But it’s crucial to safeguard your business against fraudsters. Even if your company is growing from strength to strength, when it comes to online scams, it’s vulnerable. So, you need to ensure that you and your staff are savvy enough to spot a con when it pops into your inbox.
Fortunately, there are steps you can take to avoid being caught out…
This simple con takes advantage of any flaws in your financial operations and can catch busy finance departments off guard.
A fraudulent invoice might take the guise of a new company or one that’s already a frequent supplier. How could they know who your suppliers are? Well, emails can be hacked, and scam invoices will imitate ones you’ve received in the past.
The consequences of falling for fake invoices can be disastrous, especially for a smaller business, so be sure to put robust approval procedures and checks in place:
Be on the lookout for invoice warning signs – such as changes in details or formatting, blurry logos or unusual sums – and raise all concerns for checking.
A classic that’s seen a resurgence recently is the overpayment scam.
Any business that promotes its products or services online (which is almost everyone these days!) is vulnerable to this scam.
It runs like this: a “customer” places a large order but, unbeknownst to you, the credit card they use to pay for it is stolen. They then get in touch with a sob story about needing to cancel and ask for a full or partial refund. The ploy is to get you to send money to a different account – the scammer’s account.
Let’s say you unknowingly send the refund and think that’s the end of it. It gets worse.
Often, the true owner of the credit card will file a chargeback, meaning you get stung with another refund.
So, how do you avoid this?
Firstly, always confirm customer information before payment. This should help to flag up potential fraud. Never forward money to a third party; only refund the original card. Also, ALWAYS complete your regular checks and processes no matter the payment size, the sense of urgency, or the pressure placed upon you. Never rush the process.
Advanced fee scams dangle a carrot in front of you, get you to pay for it upfront, and then the carrot never materialises. Or it’s a measly radish instead.
And you end up one hungry, out-of-pocket donkey.
The problem with advanced fee schemes is that they come in many shapes and sizes. It often relies on storytelling and marketing to convince you that whatever the vegetable is, it’s worth paying for upfront.
Here are some examples of advanced fee scams that might target a business:
With these kinds of operations, once you’ve parted with your money, you’ll never hear from them again, no matter how many phone calls or emails you make demanding a refund or what you paid for.
To avoid this, make sure you research whoever’s making the offer. (As a standing rule, if you’re considering trading with an unfamiliar company, investigate them.) Any business with a post office box as its business address needs to be dealt with cautiously.
Many businesses like to showcase their team members as part of their marketing. It’s a wonderful way to make your business personable and bring it to life.
However, with more information about employees and business heads available on websites and social media (particularly LinkedIn), it’s easier for scammers to try impersonating someone in the company.
Even we at Formation Media have recently been targeted by an imposter.
Our administrator received an email supposedly from a member of staff asking for their bank details to be changed on the payroll system. Luckily, our savvy staff were immediately on guard. They spotted the red flags: unusual wording and the non-work email address. All it took was a quick conversation with the impersonated employee in question to uncover the truth.
Another common scam tactic is for someone pretending to be a high-level member of the business to contact those in finance – often new or junior team members. They use high-pressure tactics to try and force payment to their own account.
As mentioned before, fortify your financial department and processes with a no-exceptions policy.
Set a clear process for staff to amend their personal details with the company. Then follow up and confirm such requests via a more personal form of communication - ideally, face-to-face, over the phone or via video call.
Not all scammers are immediately out to get your money.
This particular fraud tactic might sound like a nautical pastime, but it’s far more sinister and duplicitous.
So, what are phishing scams? Phishing refers to deceptive messages that try to coerce or trick someone out of sensitive information like personal details or passwords.
Just like a burglar might scope out a property, digital scammers initially try squeezing out information about your business first. Once they have these details, they can seem more convincing when they go in for the kill to access funds.
How might they trick you out of giving away your information? Often through the use of links in emails.
You might receive a message apparently from an online service you use, warning of an issue with your account. “Click here to log in and rectify the issue.” However, the link will direct you to a phoney site mimicking the real deal in order to steal the information you enter there.
Get in the habit of hesitating before clicking links in emails. Try to find your own route to whatever is being signposted. For instance, if a link is supposed to take you to a well-known site to log in to your account – find the website for yourself in your internet browser history or via a search engine.
Next, look at the sender’s email address – NOT their name. Unfortunately, often in our email inboxes, the actual address is obscured behind the name they’ve chosen to pose as, such as “Company Name Customer Service.” Make sure you check the address, as obscure ones are often a sign of something phishy going on (pun fully intended).
We’ll finish where this started.
The impetus for this article was one of our directors at Formation being regularly targeted by proxy companies offering to secure tax refunds for the business.
For example, Appeal Business Rates.
Here’s the thing: applying for a business rates refund or checking whether you’re able to receive one is something you can do for free!
The moral of the story is to always do your research on the company or service first.
There are straightforward steps you can take:
It might take 2-10 minutes to do this research but it could save you thousands!
Wherever your business details and finances are concerned, be protective and on guard.
Never forget: if something seems too good to be true, then it probably is. Question everything and do your research.
So, go forth and arm your business against digital cons!
How do I report online scams or scammer ?
If you reside in England or Wales and believe you were the victim of an online scam or fraud, you can contact Action Fraud. You can reach Action Fraud in the following ways:
Can the bank refuse a refund if I’ve been scammed or part of an online scams?
Yes. The bank can refuse a refund if they determine that you were grossly negligent, for example, if you shared your password or PIN with the scammer.
What can a scammer do with my personal information?
The scammer can use your name, date of birth and address to create another ‘you’. Identity thieves rely on a variety of methods to discover your personal information. Once they acquire the information, they can use it to take out credit cards and loans, apply for state benefits and even open bank accounts in your name.
How to identify a scammer online?
Signs of an online scammer include: