With all the talk of high-tech threats such as viruses and spyware, it’s easy to forget that the old tricks are still the best tricks when it comes to fleecing small businesses.
Rather than hack into your computers in the dead of night, scammers find it easier to just drop you an email, send you a fax or simply call you with an offer they hope you can’t refuse.
One simple trick is to send you a fake bill and hope that someone in the office pays it without asking any questions. It’s an easy enough mistake to make when you’re snowed under with paperwork.
Office supplies are a favourite with scammers, invoicing you for stationery or toner cartridges which you never received or perhaps never even ordered. Such an innocuous-looking bill could easily slip through the cracks and be paid each month, especially in a small business without a dedicated accounts department to keep an eye on such things.
There are plenty of variations on the fake billing scam, so check all your bills carefully. Keep an eye out for invoices from dodgy directory services and advertising companies demanding payment for listings which were never published or ran without your authorisation.
Scammers are even known to send out invoices for advertisements which ran in other publications.
Fake domain name renewals are another popular scam, asking for money so you can continue to use your website address. Sometimes you’ll simply receive a bogus invoice, perhaps for your domain name or one which looks similar.
Some shifty domain name registrars are also known to send out what looks like an invoice from your current provider but is actually an authorisation to transfer your business to them. They even check online records to see when your domain name is set to expire, hoping to catch you off guard because you’ll be expecting an email from your real domain name registrar.
Dodgy domain name registrars are also known for sending out emails claiming that your competitors are trying to buy up domain names similar to your own and offering to sell those domain names to you first.
For example if your website is www.mybusiness.com, they might offer you www.mybusiness.net and www.mybusiness.org – claiming that if you don’t pay for them your competitors will buy them in an attempt to steal your customers.
Scam emails are also a popular method for sneaking spyware onto computers. Rather than sending out spam offering cheap meds, hackers have taken to sending spam disguised as a legitimate notification from a bank, courier company, airline, tax office or post office.
The style might change, but they all require you to open an attachment or click on a link to check the status of an order or delivery. Do so and your computer could be infected with malware designed to steal passwords or perhaps lock down your computer and hold your data to ransom.
Alternatively, you might be logging into a spoof website and handing over your password. The safest option is never to trust links or attachments in such emails and to contact the service provider directly if you’re unsure.
Scammers aren’t afraid to pick up the phone either and there’s been a spate of phoney phone calls supposedly from Microsoft, claiming your computer is infected with a virus.
The scammers request remote access to your computer, point to trivial errors as signs of a virus infection and then demand money in order to remove the virus. Hang up on them straight away, as once in your computer they’re known to wreak havoc if you refuse to pay.
These kinds of scams all prey on human error rather than technological weaknesses, with scammers often targeting staff in junior roles in the hope of fooling them. The best way to protect your business is to educate staff as to the dangers of scams and put strict policies in place regarding the placement of orders and payment of invoices.
Keeping a tight rein on your outgoing payments makes it easier to spot the bogus invoice hidden in your pile of paperwork.