- Small businesses may not think they are on the radar of cybercriminals, but they're prime targets.
- Hackers are employing phishing and business email compromise scams to steal credentials and money during the COVID-19 pandemic.
- To reduce your chances of being scammed, check email sources, secure your computers and devices, and train your staff.
- This article is for small business owners who are worried about scams and want to remain safe amid the pandemic and beyond.
The COVID-19 pandemic has become a haven for fraudsters aiming to scam people out of their money. Small business owners may not think they'll be the next victims, but they've become prime targets. Read on to learn about the COVID-19 scams aimed at small businesses.
Why scammers target small businesses
Fraudsters employ all sorts of tactics, including email phishing and fake donation sites, to defraud business owners. And there's a reason these thieves often target small business owners: They know that, unlike large corporations, most small businesses don't have the cash to hire IT staff or employ expensive cybersecurity solutions to safeguard their computer systems. [Read related article: How to Improve Your Small Business's Cybersecurity in an Hour]
Some small businesses also lack the sophistication to spot a fake email or a dubious link, and all it takes is one click on the wrong email to put a business's sensitive data in the hands of hackers.
"They say in times of trouble, people pull together and treat each other better," Andrea McGrew, chief compliance and legal officer at USA Financial, told Business News Daily. "That has not been the case. There are so many scams out there, it's really frightening."
Key takeaway: Many small businesses don't have the budget or the tech know-how to keep fraudsters at bay. As a result, they're prime targets for cybercriminals.
New COVID-19 scams targeting small businesses
Scams have been growing for years, but amid the pandemic, the amount of fraud perpetrated on small businesses is surging. The schemes run the gamut, from fake charities to website spoofing, but all are designed to defraud small businesses or their employees. Here are four popular scams to watch out for.
1. Unemployment scam
With the pandemic shutting down businesses across America, the federal government stepped in to help with added unemployment benefits. That enhancement was too much for the scammers to ignore, and they are now filing fake unemployment insurance claims.
In this scheme, the scammer gets ahold of names, Social Security numbers and other personal information and then files claims for benefits. The person being defrauded only learns of this when they receive a letter from the unemployment office in their state or the employer is notified of the claim.
"We've seen a massive issue of unemployment insurance fraud," McGrew said. "These fraudsters are obtaining information in order to file unemployment."
2. SBA spoofing
In an effort to keep small businesses afloat during the pandemic, the U.S. Small Business Administration (SBA) announced COVID-19 relief loans. To apply for these loans, business owners are directed to the SBA website.
Scammers hoping to capitalize on this new aid are tricking borrowers by sending emails purporting to be from the SBA. The emails include a link to a spoofed SBA website, which is used to steal the credentials of unsuspecting borrowers. The scam has gotten so bad that the Cybersecurity and Infrastructure Security Agency recently issued an alert warning business owners to be on the lookout for these types of emails.
3. SBA loan scams
Filling out an application for COVID-19 relief aid can be time-consuming, but it's not rocket science, nor do you need to pay anything to apply for a loan. Unfortunately, some small business owners don't realize that and, as a result, are prey for scammers. In one SBA loan scam, fraudsters claim that business owners must pay an upfront fee if they want their SBA loan approved quickly. The unscrupulous callers may even offer a bridge loan with a high interest rate while the business owner awaits federal aid.
4. Scam donation sites
Everyone wants to do their part to help others survive the pandemic, including small business owners. Scammers prey on that generosity by creating fake charities. They reach out to business owners and get them to donate to what they think is a pandemic-related cause, but really all the business owner is doing is lining the scammers' pockets.
Key takeaway: Scammers prey on small business owners' need to access capital, as well as their desire to give back.
How to avoid COVID-19 business scams
Scammers aren't going to stop as long as they have victims. To reduce your risk of being the next one, follow these five tips.
1. Check the email source.
Phishing emails have gotten very sophisticated, but there are still telltale signs that something is amiss.
"Look at the email, and see where it came from," said Sandra Guile, a spokeswoman for the Better Business Bureau (BBB). It may be riddled with spelling or grammatical errors, or it may not be personalized to you. "If it doesn't seem right, go look online," she said.
Here's a good rule of thumb: Never click any links in an email or text if you aren't 100% sure the source is real.
2. Maintain good records.
Spotting fraudsters looking to inflate an invoice can easily be prevented by maintaining good business records – and that includes orders and purchases. When you keep detailed records, if a so-called vendor calls to demand payment, you can quickly see if you actually placed an order.
The same practices should apply to payment procedures. You should know who is paying the bills and when. The BBB recommends creating a multiperson approval process for any payments that are above a predetermined threshold.
3. Avoid untraceable payment methods.
A telltale sign that something is amiss is when the vendor or charity requests payments in untraceable methods, such as cash, a gift card, a prepaid debt card, cryptocurrency or a wire transfer. If they won't accept a check or credit card, that's a big red flag.
4. Secure your computer systems and devices.
Cybersecurity shouldn't be an afterthought, even if money is tight during the pandemic. It's important to make sure that your servers, PCs and mobile devices have security software installed and that your business uses a firewall. It's also incumbent on you to keep the software updated, to ensure the systems are fully protected. [Need internet security and antivirus software? Check out our reviews and best picks.]
5. Train your staff to spot scams.
Because cybercriminals often infiltrate companies via phishing emails or malicious texts, it's important for small business owners to train their staff to be on the lookout for fraud. If you hear about a particular scam, alert your employees. The more communications and training you provide on security, the better protected your business will be.
Key takeaway: There are several steps small businesses can take to lower their risk of becoming victims of business scams. Checking the source of emails, securing computers and devices, and training staff can go a long way in reducing your likelihood of being scammed.
Common types of business scams and fraud
Scams targeting small businesses were around before the pandemic and will continue once the virus is contained. Cybercriminals are sophisticated, employing new tactics every day, but they still like to go after the low-hanging fruit, and small businesses are just that. As a result, there are several common scams small business owners should be on the lookout for during the pandemic and beyond. Here are four types of business scams and fraud:
Phishing is one popular tactic used to steal sensitive information from small businesses. It occurs when you receive an email or text that appears to be legitimate, but when you click on it, you inadvertently download malware that captures your logins and passwords or takes you to a website that looks like your bank's but isn't.
One of the reasons phishing scams are so effective is that the hackers pretend their email or text is from a familiar person, such as an employee or a customer. The criminals go to great lengths to make the email or text look real, embedding corporate logos and using email addresses that may be recognizable to the enterprise. [Read related article: Cyberattacks and Your Small Business: A Primer for Cybersecurity]
2. Business email compromises
Another variant of the phishing scam, called a business email compromise, occurs when scammers target the employees who pay the bills at the organization.
The scammer pretends to be a vendor asking the accountant or chief financial officer to wire money, provide personal information or purchase gift cards. But instead of the money going to a vendor, it ends up in the bank account of the fraudster. According to the Federal Bureau of Investigation, a business email compromise scam is one of the most financially damaging online crimes.
3. Charity scams
Businesses like to give back to the communities they serve and, as such, tend to donate money, products or services to local and national charities. Scammers know this and will prey on their generosity to steal money from them. Once a charitable contribution is made, the scammer disappears with the cash in hand.
4. Office supplies schemes
Small business owners wear multiple hats, which can get overwhelming. Scammers banking on that will call a business owner, claiming to be representatives of a vendor or company the business has dealings with. The scammers try to sell the small business owners merchandise that the business uses, at a much cheaper price than the business is currently paying. The small business owners think they are getting a deal, but what's really happening is they are getting scammed out of money. The payment is gone, and the business doesn't have any office supplies to show for it.
In another variant of the office supply scam, fraudsters send businesses bills for products and services they never requested. According to the BBB, the most common invoice scams center on office supplies, website hosting services and directory listings. Because the cost is kept small, it never raises a red flag with the business owner.
Key takeaway: Small businesses have long been targets of scammers aiming to steal logins, passwords and money. These scammers employ all sorts of tactics, including phishing, sending phony invoices and posing as charities or vendors.
What to do if your business has been scammed
When fraud happens to you, it's distressing, and it can be difficult to figure out what to do. The good news is that federal and local authorities can help you recoup your losses and pursue the fraudster.
The Federal Trade Commission (FTC) is the main government agency in charge of collecting and pursuing scam reports. You can file a report online or by calling 1-877-382-4357. Before you contact the FTC, gather all of the emails, receipts and phone numbers so you can file a complete report.
You can also file a complaint with the consumer protection office in your state and reach out to the local police if you lost money or possessions.
"You just have to be hypervigilant," McGrew said. "Most people are good and want to believe the other person has good intentions, but that's not always the case. You have to be really cautious in who you let into your life at this time."