20th April, 2016
From bogus invoices to fake parcel deliveries, scammers love an unassuming target.
If you believe Hollywood, then high-tech con artists love to pull off billion-dollar heists to rip off multinational giants. In real life, scammers are often far less ambitious.
These days you’re less likely to hear from a phony Nigerian prince asking for your help to smuggle gold out of the country, promising you a share of the loot if you kick in some money upfront.
Rather, today’s scams tend to look too dull to be fake. They rely on the fact that small business owners have so much on their plate that they won’t be paying attention to the finer details.
With so many bills to pay each month, it’s easy to let a bogus invoice slip through when it doesn’t look out of the ordinary.
Fake stationery invoices are common, because practically every business chews through printer ink and paper so it’s not the kind of bill you’re likely to question. Smart scammers don’t get greedy and demand thousands of dollars, for fear of raising a red flag somewhere along the line. They just regularly try for small amounts and hope you’ll sign off without giving it a second thought.
Scammers are also known to send fake invoices from your current suppliers, perhaps masquerading as a big business like your phone company or a small business like your real stationery provider. You might not know you’ve been scammed until your suppliers complain about unpaid bills.
Fake invoices for online advertisements and directory listings are another favourite. Sometimes the invoices are for non-existent publications. Other times scammers see your real advert and send you a bogus invoice, hoping you’ll pay it by mistake or a junior staff member will authorise the payment without questioning it.
The best way to protect yourself is to introduce strict business processes when it comes to your finances.
Limit who is authorised to make payments. Make sure all invoices are passed to a central person or department, which is across all your current supplier arrangements, so they can closely check the fine details.
Scammers also love to send seemingly innocent emails notifying you of something simple like an uncollected FedEx parcel. All you need to do is open the attached file, or click on the link, to sort out the problem. Next thing you know, your computer is locked down with cryptolocker ransomware and scammers are demanding money to release your precious files.
There are plenty of variations on this scam. The email might appear to come from one of your utility providers, threatening to cut off your service over an allegedly unpaid bill, or even from the tax office promising a small refund.
Ransomware attacks are particularly dangerous to small businesses and sole operators. Scammers know you’re likely to manage everything from a single computer and that you’re unlikely to have a dedicated tech support team. The scammer only needs to hit one computer to bring your business to its knees.
Prevention is the best cure when it comes to ransomware. Keep your antivirus software up to date, and treat all incoming emails with suspicion if you’re required to open an attachment or click a link.
Also make regular backups of your important business files, as a fallback should ransomware lock down your computer.
Keep in mind that some ransomware will lock down attached USB drives and mapped network shares, so it’s best to keep several copies of your backups stored in different locations as well as in the cloud as an insurance policy against cryptolocker attacks.
Bogus renewal notices for your business domain are common, but some scammers will also try to scare you into buying extra website names you don’t need.
If your domain name is mycompany.com.au, you might receive an email from a foreign domain name register claiming that someone is trying to snap up mycompany.tw along with .hk, .cn and others. They’re seemingly doing you the courtesy of offering you the chance to buy those domains before someone else does.
Alternatively they might claim that someone is trying to trademark your business name in another country, offering the chance for you to do so first.
Don’t worry, there isn’t really another business trying to cash in on your name. The scammers are just hoping that you’ll panic and buy those domain names through them, handing over money for something you don’t need.
As always, a healthy skepticism is your best line of defence when scammers come knocking.