From fake utility bills to bogus money transfer requests, scammers have their sights set on small businesses in 2017.
For all the advancements in modern technology, it seems the old scams are still the best scams. Con artists appear to have given up on trying to trick you into thinking you’ve won the lottery or landed some other deal which seems too good to be true. Instead they’re returning to the old fashioned business scams which seem too dull to be fake.
Fake invoices are always in fashion, whether they’re sent via email, fax or in the post. Sometimes they’re for advertisements supposedly placed in publications that might not even exist. Other times they’re for stationery or printing supplies that you never received or even ordered.
Usually the scammers don’t get too greedy; the idea is to hit you with an ordinary, realistic-looking bill and hope that someone in your organisation will pay it without giving it a second thought. If you fall for a fake invoice once, they’ll probably keep sending them.
Fake bills are also popular with scammers peddling ransomware who hope to trick you into opening an attachment or clicking on a link that contains malware designed to encrypt all the important documents on your hard drive. The scammer then demands money for the release of your documents, expecting payment in an untraceable currency like Bitcoin.
These kinds of scams come in all forms. Sometimes they’ll pose as an unpaid utility bill, hoping that you’ll open the attachment out of fear that the power company is about to leave you in the dark. Other times the scam might pose as a small windfall, such as a tax refund—large enough to sound enticing but not so much as to seem suspicious. All you need to do is fill out the attached form.
Scammers also love the old undelivered parcel routine, claiming to be a notification from FedEx or Australia Post alerting you of a package waiting to be claimed.
Other times scammers are looking to steal passwords and other sensitive information, such as tricking you into logging into a spoof banking website or finance platform.
Most of the time these “phishing” scams take a shotgun approach, sending the same email to thousands of businesses in the hope that someone will take the bait. Other times they’re “spear phishing” attacks targeted specifically at your business, with the scammers doing their research to target specific people in your organisation with personalised emails.
More sophisticated scammers are also hitting organisations with Business Email Compromise scams, breaking into your email system in order to wreak havoc.
For example, they’ll wait until a senior executive is travelling overseas and then forge an email to a subordinate in the finance department, instructing them to urgently transfer money to an offshore supplier. The money is long gone before anyone realises that it’s a scam.
Unfortunately there’s no shortage of people out there looking to scam small businesses, so it’s important to train your people to treat every communique with a healthy skepticism. You can’t be too careful when it comes to doing business online.