Author - Robin Bowman, Senior Business Editor
Many smaller businesses are realising that determined scammers not only target bigger enterprises and private individuals. The bad guys' focus is also very much on the hard-pressed, busy and, perhaps unwary, small business person.
There are a number of scams that are well recognised by professionals whose job it is to tackle fraud.
It's a good idea to know of some of the common ones and to make sure your staff are aware of them. BUT, far more important is to have a set of guidelines for staff that make them 'scam aware'.
We'll look at this about in a moment. First, a few of the more common types of scams. And, be aware, these are just examples: there will be many variations of the same idea in each case.
Open a file - This is a very common type of scam and it ranges from the laughably inept - a message full of spelling mistakes with a ludicrous-sounding company and a very unlikely scenario - to the very sophisticated. The consequences of opening the file might be simply the introduction of malware (malicious software) onto your network to a piece of code that accesses sensitive information that can be used to commit fraud.
Common examples are an email purporting to be from a well-known courier company confirming a recent order, or a message listing a complaint against your company from some official body or other. These emails may or may not use the names of real official bodies.
Fake Invoices - These are very popular and it can be easy to see that they can be successful if they target a busy business that doesn't have a good system of checking in place. The email simply thanks you for your order for a plausible product - printer toner cartridges or stationary, perhaps - and encloses an invoice. If the amounts are not especially large, it's not uncommon for companies to just pay them without checking. If you do, you'll be flooded with more!
These same invoices may also be in fact contracts tying your company into big commitments for services and products you don't want.
You're about to break the law! - Lots of scams are built around the idea that if your business doesn't do something (which involves paying money) you will be in breach of the law in some way. One scam is a letter from some official-sounding agency asking for fees to register under the Data Protection Act. This can be effective against the unwary who may only have a loose grasp of what the DPA is and what needs to be done to comply with it. Registrations for large businesses by the Information Commissioner cost only £35 and many smaller companies may be exempt.
Training compliance - This is a well-known scam and simply involves demanding money for what are usually described as 'compulsory' health and safety training courses as required, the scammers claim, by the Health and Safety Executive.
By far the most sophisticated scammers, though, are the ones that will work on your staff over a period of time and use apparently trivial information to build an apparently convincing story they can use to fool your company.
A study in the US showed that staff in over 85 per cent of companies targeted in a controlled test were persuaded to open a 'malicious' URL. We'll look at how this so-called 'social engineering' is a growing problem for business in Part 2.
Meanwhile, here are some measures to take to protect your company from some of the most common scams around.
- Tell your staff how scams work and make them aware they may be a target. This is perhaps the most important measure to take. Making staff at least a little suspicious is your best line of defence.
- Never assume you or your company can't become a victim. There's a scam out there for pretty much everyone. Complacency is foolish.
- Never click a link you've been directed to unless you know who is doing the directing.
- Never agree to take on a service or product from a cold call. Ever! Always take time to consider, refer and call back, if you think the offer may have value. A contract can be made verbally, so beware. Don't allow yourself to be pushed by special offers and other enticements.
- Get details of who is speaking to you or emailing. Ask for names, phone numbers and addresses and check them out.
- Don't sign contracts without checking them and fully understanding what you are committing to. Don't ever be embarrassed to insist on checking they do in fact say what you've been told they say.
If you have been the victim of fraud or attempted fraud, you should always report it, preferably to the National Fraud Authority's website www.actionfraud.org.uk
Here you'll also find a wealth of information on some of the latest scams doing the rounds.
Robin has been a journalist for more than 20 years, during which time he has held several senior media management positions in both Fleet Street and Hong Kong. Robin recently returned to the UK after being based in Italy for six years. He has a passion for business innovation.
The content of this article reflects the views of the author and may not necessarily reflect the views of Premierline Direct.