Small Business Scams: How to Spot and Avoid Them
Phishing scams are one of the most common scams out there that target small businesses. These scammers will target anyone who will give up their sensitive information or pay them a couple hundred dollars just to go away and solve their “problem.”
After working in security engineering for five years, I’ve seen it all. Here’s what you need to know about common scams so you can spot one and avoid getting your small business tangled in the lines.
Why do scammers target small businesses?
Scammers (especially phishing scammers) try to target anyone who will divulge sensitive information to them.
Don’t take it personally if you get targeted. You’re not the only person they’re after!
Scammers will do what they can to get information from you like passwords, bank account information, or your identity details.
One of the biggest reasons why they target small businesses is because entrepreneurs like you typically don’t have the means to protect themselves against scammers like large corporations do.
Small businesses and individuals are easier to infiltrate with malware and phishing links because they don’t have security departments who can prevent dangerous emails from getting into their inboxes, or easily verify senders.
What are the ways you can get targeted with a phishing scam?
There are two major ways that you can get targeted by a phishing attack.
- Through an email asking you for specific information, or a warning to pay an invoice or a bill.
- Through an email with an attachment or link that will secretly install something like malware onto your computer.
You might think that phishing scams are easy to spot. Although some signs can tell you that you’re being targeted by a phishing attack (read on below), it’s not always so easy to tell.
Scammers try to prey on your emotions and convince you that something is seriously wrong. They hope this will make you overlook seemingly obvious giveaways.
They capitalize on stressful situations like global pandemics, your information security, overdue bills and interest payments, and personal threats.
They suspect that these situations will get you to give up your information, click on a link, download an attachment, or wire them money to make these threats go away.
What are some examples of phishing scams that target small businesses?
There are lots of ways phishing scammers try and get creative to catch you. For small business owners, these traps can come in the form of scenarios that deliberately impact your business health and clientele.
Watch out for the following:
- Anything related to stressful local, national, or global situations (such as pandemics, wars, natural disasters, health threats, or security threats).
- Getting emails that say you have unpaid supplier or utilities invoices or bills and asking you to pay up right away, or even threaten you if you don’t.
- Someone asking you to buy them a gift card as a way to pay your bills.
- Having a scammer pose as a client telling you that you’ve sent them an invoice and they would like your banking information to wire you the money.
- A vendor sending you a pitch with a link or an attachment you need to download to learn more.
- Someone pretending to work for a vendor product or software vendor asking you to try a new feature using a link without any context.
- Emails from large organizations that are notifying you about a problem like a security breach, change in protocol, or asking for a response.
Watch out for unsolicited emails that involve overly-complicated stories or manipulative language that asks you to do something for them. These are usually phishing scams.
How can you spot a phishing scam?
There are several indicators to help you understand if you’re being phished. In addition to being mindful of common phishing scenarios, look out for the following:
- Emails that have bad grammar and spelling. It’s very common for phishing emails to not capitalize any words (especially proper nouns) and tend to spell words incorrectly. Scammers don’t really believe in grammar or spelling for some reason!
- You can make a phishing email look like they’re coming from a big organization or company email (like [email protected]) when it’s not the real sender. So, watch out for emails that come from reputable companies, but have no way or legitimate reason to directly email you. For example, WHO will never directly email you. Instead, they will always post announcements on their website or through social media, not through direct emails.
- Any emails that contain attachments or links and deliberately ask you or coerce you to click on them.
- Emails that make you feel uncomfortable or lose trust in the sender for any reason. Trust your gut, you’re probably right to think this email is part of a phishing scam.
- Emails from senders you don’t recognize, and aren’t in your email contact or address book, or in your CRM.
If you’re still unsure, consider taking this short quiz to help you spot if you’re being phished.
How can you avoid getting snagged in a phishing scam?
I always tell people that the easiest way to avoid being phished is to question every single email you get, and double check if you were supposed to get it in the first place.
If you take this approach, you’ll be much more aware of what mail is coming into your inbox, which can help you avoid clicking on a link in a panic or out of confusion.
If there’s ever a link, an ask to download attachments, or an ask to send over private information, then avoid engaging as your rule of thumb. It’s much more likely that it’s a scam than a legitimate sender who needs something from you.
You should always double check the sender. Check to see if they are in your address or contact book, check their account history in your CRM, and verify that you’ve actually sent them a quote or an invoice if that’s what they’re asking of you.
If you ever get an email from a “large organization,” go online and check their social media profiles before clicking on anything. If they’re sending a customer-wide email, then it’s guaranteed that they’ve posted about this on their social profiles, with a legitimate link.
Never click on anything unless you’re 100% positive that it’s safe to do so.
How can you protect your small business and employees from this scam?
In general, the best way to protect yourself and your employees from phishing is to install antivirus software on your computers and devices. Make sure it constantly updates, that way you don’t have to worry about getting caught in a bad situation.
Antivirus software helps prevent malware downloads from mistaken link clicks or attachment downloads. It picks up a malware download, freezes it, and flags it for you.
If you think you have clicked a bad link and you don’t have antivirus, download and install an antivirus and scan the whole computer before changing your passwords. Or change passwords from a different computer. If the malware downloaded is a keystroke logger, you won’t be able to change your passwords in legitimate privacy.
Even if you have a single password across multiple accounts, this will help protect you from a scammer stealing your personal information. This should be especially if you use a single password.
Also double check to make sure you have multi-factor authentication set up wherever you can.
Multi-factor authentication helps ensure that a device is only granted access after presenting more than one piece of evidence to prove authentication. This can be a phone number, security question, birth date, another email address, or other knowledge.
This helps ensure that your passwords stay protected against multiple sources of truth. So even if a scammer has one, they can’t get through to your account.