Small Business ScamsScams A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.

A Guide for Business

Presented by SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS.

Small Business Scams Target Small Businesses Just As Much As Individuals

If you own a small business or are part of a non-profit organization, you spend a lot of time and effort making sure the organization works well. But when scammers go after your organization, it can hurt your reputation and your bottom line. Your best protection? Learn the signs of scams that target businesses. Then tell your employees and colleagues what to look for so they can avoid Small Business Scams.

If you are an employee of a company, your job and that of your co-workers could very well depend on how well you defend your company from scams. Losses from scams can risk someone’s job, but the losses can have catastrophic effects on a company’s finances too.

Scammers’ Tactics

• Scammers pretend to be someone you trust. They make themselves seem believable by pretending to be connected with a company you know or a government agency.
• Scammers create a sense of urgency. They rush you into making a quick decision before you look into it.
• Scammers use intimidation and fear. They tell you that something terrible is about to happen to get you to send a payment before you have a chance to check out their claims.
• Scammers use untraceable payment methods. They often want payment through wire transfers, reloadable cards, or gift cards that are nearly impossible to reverse or track.

How Can I Protect My Business?

Train Your Employees

• Your best defense is an informed workforce. Explain to your staff how scams happen.
• Encourage people to talk with their coworkers if they spot a scamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.. Scammers often target multiple people in an organization, so an alert from one employee about a scam can help prevent others from being deceived.
• Train employees not to send passwords or sensitive information by email, even if the email seems to come from a manager. Then stick with the program — don’t ever ask for sensitive data from employees by email.

Verify Invoices and Payments

• Check all invoices closely. Never pay unless you know the bill is for items that were actually ordered and delivered. Tell your staff to do the same.
• Make sure procedures are clear for approving invoices or expenditures. To reduce the risk of a costly mistake, limit the number of people who are authorized to place orders and pay invoices. Review your procedures to make sure major spending can’t be triggered by an unexpected call, email, or invoice.
• Pay attention to how someone asks you to pay. Tell your staff to do the same. If you are asked to pay with a wire transfer, reloadable card, or gift card, you can bet it’s a scam.

Be Tech-Savvy

• Don’t believe your caller ID. Imposters often fake caller ID information so you’ll be more likely to believe them when they claim to be a government agency or a vendor you trust.
• Remember that email addresses and websites that look legitimate are easy for scammers to fake. Stop and think about whether it could be a scam before you click. Scammers even can hack into the social media accounts of people you trust and send you messages that appear to be from them. Don’t open attachments or download files from unexpected emails; they may have viruses that can harm your computer.
• Secure your organization’s files, passwords, and financial information. For more information about protecting your small business or non-profit organization’s computer system, check out the FTCFTC The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection. The FTC can also act as a clearinghouse for criminal reports sent to other agencies for investigation and prosecution. To learn more visit www.FTC.gov or to report fraud visit ReportFraud.FTC.gov’s Small Business Computer Security Basics.

Know Who You’re Dealing With

• Before doing business with a new company, search the company’s name online with the term “scam” or “complaint.” Read what others are saying about that company.
• When it comes to products and services for your business, ask for recommendations from other business owners in your community. Positive word-of-mouth from trustworthy people is more reliable than any sales pitch.
• Don’t pay for “free” information. You may be able to get truly free business development advice and counselingCounseling Counseling is the professional guidance of the individual by utilizing psychological methods especially in collecting case history data, using various techniques of the personal interview, and testing interests and aptitudes. A mental health counselor (MHC), or counselor, is a person who works with individuals and groups to promote optimum mental and emotional health. Such persons may help individuals deal with issues associated with addiction and substance abuse; family, parenting, and marital problems; stress management; self-esteem; and aging. They may also work with "Social Workers", "Psychiatrists", and "Psychologists". SCARS does not provide mental health counseling. through programs like SCORE.org.

Be A Smart Employee

Not all businesses understand these issues. Company management may not be as aware as you are. Therefore, you may be able to make a difference in your company, and you can step up and help everyone become more aware of scams.

If you are already the victim of a scam or not, help share information about scams with your team members and the rest of the company. You can look at your processes that might be a risk and bring this information to your management. In most cases, your management will be very appreciative of your insights and support. Share the knowledge often, especially with new employees.

Common Small Business Scams

Fake Invoices

Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company actually ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake, and if you pay, your money may be gone.

Unordered Office Supplies and Other Products

Someone calls to confirm an existing order of office supplies or other merchandise, verify an address, or offer a free catalog or sample. If you say yes, then comes the surprise — unordered merchandise arrives at your doorstep, followed by high-pressure demands to pay for it. If you don’t pay, the scammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. may even play back a tape of the earlier call as “proof” that the order was placed. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.

Directory Listing and Advertising Scams

Con artists try to fool you into paying for nonexistent advertising or a listing in a nonexistent directory. They often pretend to be

from the Yellow Pages. They may ask you to provide contact information for a “free” listing or say the call is simply to confirm your information for an existing order. Later, you’ll get a big bill, and the scammers may use details or even a recording of the earlier call to pressure you to pay.

Utility Company ImposterImposter An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors. Scams

Scammers pretend to call from a gas, electric, or water company saying your service is about to be interrupted. They want to scare you into believing a late bill must be paid immediately, often with a wire transfer or a reloadable card or gift card. Their timing is often carefully planned to create the greatest urgency — like just before the dinner rush in a restaurant.

Government Agency Imposter Scams

Scammers impersonate government agents, that threaten to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.

Tech Support ScamsTech Support Scams Phone scammers may masquerade as tech support employees for a major company in order to take your money or install a virus on your computer. They may call from what seem to be legitimate company numbers using caller ID spoofing.

Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.

Social EngineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests.", Phishing, and RansomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.

Cyber scammers can trick employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts. to lock organizations’ files and hold them for ransomRansom A ransom is an amount of money or other assets of value that is paid for blackmail, extortion, or under other threats or coercion. The ransom is usually paid in cash or now in cryptocurrency. Online blackmail, sextortion, and ransomware all demand ransoms to avoid negative outcomes..

Business Promotion and Coaching Scams

Some scammers sell bogus business coaching and internet promotion services. Using fake testimonials, videos, seminar presentations, and telemarketing calls, the scammers falsely promise amazing results and exclusive market research for people who pay their fees. They also may lure you in with low initial costs, only to ask for thousands of dollars later. In reality, the scammers leave budding entrepreneurs without the help they sought and with thousands of dollars of debt.

Changing Online Reviews

Some scammers claim they can replace negative reviews of your product or service, or boost your scores on rating sites. However, posting fake reviews is illegal. FTC guidelines say endorsements — including reviews — must reflect the honest opinions and experiences of the endorser.

Credit Card Processing and Equipment Leasing Scams

Scammers know that small businesses are looking for ways to reduce costs. Some deceptively promise lower rates for processing credit card transactions or better

deals on equipment leasing. These scammers resort to the fine print, half-truths, and flat-out lies to get a business owner’s signature on a contract. Some unscrupulous sales agents ask business owners to sign documents that still have key terms left blank. Don’t do it. Others have been known to change terms after the fact. If a salesperson refuses to give you copies of all documents right then and there — or tries to put you off with a promise to send them later — that could be a sign that you’re dealing with a scammer.

Fake Check Scams

Fake check scams happen when a scammer overpays with a check and asks you to wire the extra money to a third party. Scammers always have a good story to explain the overpayment — they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. By the time the bank discovers you’ve deposited a bad check, the scammer already has the money you sent them, and you’re stuck repaying the bank. This can happen even after the funds are made available in your account and the bank has told you the check has “cleared.”

Remember

You make the difference between a safer business or not!

If your business has been the victim of a scam it is important to act fast!

For Businesses in the United States

• Notify the local policeLocal Police The Local Police is your first responder in most countries. In most English-speaking countries and in Europe report to them first. In other countries look for your national cybercrime police units to report scams to. In the U.S., Canada, & Australia, you must report to the local police first. immediately and your bank – there may still be time to stop it
• If the loss is significant notify the FBIFBI FBI - Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counter-terrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes, including financial fraud. – call their local office – we recommend you do this by phone instead of online
• If it is a credit card or check scam you can also call the local office of the U.S. Secret Service
• Also always report to the FTC at https://reportfraud.ftc.gov/#/?orgcode=SCARS

For Businesses worldwide

• Notify the local police immediately and your bank – there may still be time to stop it
• Call your national police – especially if there is a cybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. unit
• Even if not in the U.S. also always report to the FTC at https://reportfraud.ftc.gov/#/?orgcode=SCARS