The holiday season is the most critical time of the year for most business. And with all efforts focused on sales, many businesses take their eyes off the cybersecurity ball and lose sight of scams that target their small business.
Don’t be a victim! Cybersecurity hygiene is a 24/7/365 practice. Be aware of these common scams that criminals use to target small business.
Here Are Some Helpful Tips to Help You Remain Cyber Safe This Season
Tech Support: This might start with a call from someone pretending to be from a recognizable company, stating there are problems within the network. They might ask an unknowing employee for passwords to access the system to fix the non-existent problem. They could get access to customer records, credit card information and business fund.
Ransomware, Phishing and Social Engineering: Just like above, the scammer will target a trusting employee but uses a fear tactic. They use malware to lock up data and hold it for ransom and/or request a wired money in order to release stolen documents. Or, they’ll send an email requesting a routine password update – it might look authentic, but it’s an attempt to steal information.
Fake invoices: A phony invoice usually is for something that invokes an immediate reaction, such as an expiring domain name registration, hoping the business will pay quickly to mitigate risks to the standard operations. Or, the scammer will take a guess on a likely product the company would order for inventory and play their luck.
Merchandise and Office Supplies: A scammer will call and ask you if you’d like a free catalog or product samples – or even just verifying your address. If you say yes, the scammer will tape record that answer. Next thing you know, you’ve got boxes of merchandise with a hefty invoice arriving on the doorstep. Although you can legally fight this (and will win), its time, stress and resources that are taking you away from running your business.
Advertising and Directory Listing: Scammers pretend to be from “The Official Yellow Pages” who are confirming your existing information. Much like the tactic above, they use tape recordings of your “yes” to justify sending you a massive bill.
Imposters: Scammers claim they are from the water, gas or electric company, calling to let you know your utility bill was late and if you don’t pay immediately, all your services will be shut off. Or, they impersonate government agents who will suspend your business license and assign fees if you don’t pay taxes or missed registrations – all bogus.
Fake Checks: A scammer will “overpay” with a check and requests you wire extra funds to their third party because they’re out of the country. Even if the bank tells you their check has been deposited to your account and it’s cleared, the bank can still come back and request you repay for a bad check. In the meantime, the scammer is long gone with the money you sent them.
Credit Car Processors: Scammers promise great deals on equipment leasing or incredible rates for processing credit card transactions, only to change terms of the agreement.
Online Reviews / Coaching: These scammers promise to fix a negative online reputation or boost your business savvy. They even go so far as creating bogus testimonials and videos promising outstanding results, if you pay a deposit fee first.
Quick Cybersecurity Tips for This Season
• Do not pay for online business coaching or boosting online reviews. Posting fake reviews is illegal.
• If a sales person refuses to provide copies of all documents on the spot, or promises to send later, you’re most likely signing with a scammer.
• Don’t be bullied into buying workplace compliance posters; they’re free from U.S. Department of Labor.
• Do not pay for nonexistent business grants from fake government programs. Scammers send letters claiming to be from U.S. Patent and Trademark Office, requesting funds to keep trademarks. If in doubt, look up the official phone number for the agency and call them directly – do not use the phone number listed on the letter.
Scammers plan carefully – They strategize to create urgencies. Are they calling you right when you’re trying to leave the office, or during dinner rush? When you receive a call, letter, text or email (and that’s a when, not an if), take a step back. Do not react with haste and practice good common sense. And most importantly, train your employees about scam tactics and how to safeguard the business.
SMB Information Sharing & Analysis Organization cares about the safety of your business. We hope you’ll find this information helpful and actionable to help keep your business cyber safe during the holidays! For more helpful information about cybersecurity and your business, please visit our resource page.
Happy Holidays and stay Cyber Safe!
Bonnie Moss | VP Operations | SMB ISAO
