5 Scams Your Business Might See This Year

New data coming out of the Federal Trade Commission reports consumers claiming to have lost nearly $8.8 billion to scams in the year 2022; a 30% increase over 2021 (FTC).  As scamming continues to be a great source of revenue for criminals and bad actors around the world, it has never been more important than before for business owners and executives to know what they are facing.

The Fake Invoice Scam

This scam is growing more common, as we’ve had many of our clients reach out to us recently to report this type of activity.  Here is how the fake invoice scam works:

1. Someone in your company sees a convincing-looking invoice come in from a reasonable-looking email address.  It mentions your company by name, and requests payment, impressing on the reader that it is overdue.  Sometimes there may be fees that are threatened.

2. The recipient of the email passes it on to an AP department.

3. For the scammer, the hope is that these randomly sent emails hit busy businesses that might have a tendency to automate parts of their process and lack the time to check every invoice.  Perhaps their invoice is only a few thousand dollars and your business normally deals with larger amounts.

4. The AP employee, wanting to avoid any unnecessary fees and trusting the look of the email, pays it promptly.

5. If the scammer gets paid, they are likely to send even more fake invoices to your business or sell your contact information to other scammers as part of a “suckers” list.

This scam may sound too simple to succeed, but we see it all the time.  It only takes one under-trained individual or overly-automated process to pull a few thousand or tens of thousands out of your accounts.

How to Counter the Fake Invoice Scam

The best defense against the fake invoice scam is a well-trained workforce.  Teach your workforce to verify any requests for payment or sensitive data.  Keep an eye out for emails and other correspondence that seems to be prying for additional information.  Create a culture in your company of sharing these suspicious emails with your tech department or an agency like ours.

Utility Shutdown Scheme

We recently had a client hit with this scam, and they were just about to pay up before it triggered someone’s mental alarm and they decided to call us first.  We got to it in time.  Here is how the Utility Shutdown Scheme works:

1. Scammers call thousands of businesses in a geographic area that are likely to get utility services from a specific provider.

2. Your business receives a call claiming to be from your utility provider.  If the scammer was lucky, they guessed correctly based on your location, and it seems legit.

3. They tell you that several attempts were made to reach you about this overdue payment, but no one responded.  They might sound really sincere as if they spent a lot of effort trying to avoid this.

4. Now you are informed that in a couple of hours, your utility will be shut down (usually this is electricity, but sometimes it could be other utilities) unless a payment is promptly made.

5. Wanting to avoid shutting down your business for a day, you or your team rush to fulfill the demands, which up to now have sounded reasonable.

6. You are instructed to go to a specific kiosk to make a payment.  This is where people often start to ask questions.  Frequently, the kiosk in question converts a credit card payment or cash into Bitcoin which is then sent to a specific address.

7. You send the money and only after the rush to keep the lights on is done do you realize what may have just occurred.

This scam feeds on the genuine fear of having to shut down your business due to an unforeseen event.  We all make utility payments, so it does not seem outlandish to imagine that you somehow missed one. It’s a newer scam for many businesses out there, but it really does prey on our vulnerabilities.

Countering the Utilities Shutdown Scheme

The best way to avoid this scam is to be aware that it exists and to have checks and balances in place.  Keep a line open to your accountant, or an eye on your receipts, so you can determine quickly if payments have been missed.  It’s always a smart idea to call your tech department or an agency like ours if you think you may be the target of a scheme like this.

The Interoffice Request Scam

Although this particular scam has been around for a while in many different forms, we still hear of businesses failing to catch it in time.  The interoffice scam is one you probably have already seen, or if not, you will soon.  Here is how this scam works:

1. One of your employees sees an email come in with an “Urgent” request to run to a store and pick up a gift card.  Typically this email seems to come in from someone higher up in the company, maybe it even says it comes from YOU!

2. If your employee fails to see what is often a bizarre-looking email address from a domain they do not recognize or is a generic domain, that employee might run out and grab that gift card.

3. The employee is then instructed to scratch off the film on the gift card to reveal the redemption numbers and provide them in response to the original email.

4. The scammer redeems the card on their end and emails back in a couple of days or weeks seeking more cards from your vulnerable employee.

You may never even know that your business was scammed out of hundreds of dollars.  Furthermore, you are now more likely to be the target of a scam in the future as your company is added to a list of “suckers”.

Avoiding Falling Into the Interoffice Request Scam

In order to avoid your company sending out hundreds or thousands in gift cards to scammers, stay up to date on employee training.  We suggest to most of our clients to have a robust scam portion of their employee onboarding training and to bring in professionals frequently to discuss the latest scams and ransomware in the industry.  Often, proper education and an airtight policy on how purchases are requested will prevent this scam from being effective against you.

Unwanted Product Scam (aka Brushing)

The Unwanted Products Scam, also known as the “brushing” scam, is deceptive but not entirely illegal.  It involves the sending of unsolicited products to a business which is then charged an unreasonable amount if the products are not returned promptly.  It’s a real jerk move, but thankfully rarer than the others.  Here is how it works:

1. Your company receives unsolicited products.  Figuring it was a simple mistake, or that perhaps it was ordered without your understanding, you let it slide.  If you check in to the company that sent it, they seem legitimate.  They may even have good reviews, although those can be bought.

2. You are later contacted and told that you must pay for these items promptly or return them immediately (often without shipping covered).  Perhaps you are even threatened with legal action.  The price you are quoted is a ridiculous amount compared to the product received and the alternatives, but it may sound easier just to pay and get it over.

3. You pay them their requested amount and you go your separate way, the proud owner of a product you never wanted at a price that was ridiculous.

4. The sellers got the money they wanted and have the added benefit of boosting their perceived product rating and popularity.

For many this scam is more benign than the others.  In fact, the sending of unsolicited products is not itself illegal depending on the jurisdiction.  This tactic is commonly seen by unscrupulous sellers on e-commerce websites or fraudulent businesses that are trying to manipulate product reviews and ratings.

Sidestepping the Unwanted Product Scam

When you receive a product you didn’t order, it is important to review the sender’s information for signs of fraudulent intent.  You should avoid paying for these unordered items and be cautious of any demands for a return shipping fee (which often in this case is more than the product itself is worth).  Keep any records of communication or calls related to unsolicited products.  Finally, you should report the incident to the local relevant authorities.

Ransomware Attack

We talk a lot in our firm about ransomware attacks.  These types of attacks were launched into national headlines when the Colonial Pipeline was hit with a ransomware attack in early May of 2021. Ransomware attacks, however, are much more common than many think.  Your company is much more likely to run into a ransomware attack than it was even just a couple of years ago.  Here is an example of how a ransomware attack might look:

1. One of your employees accidentally downloads ransomware.  There are many ways this could happen including an email that looks professional, a disreputable website, a faked but realistic-looking website (think Micrrosoft instead of Microsoft), or any number of other sources.  We’ve even seen a situation in which a company was exposed to ransomware by a client of theirs who was already compromised.

2. The hackers can then infiltrate your network and spread control to different points of access.

3. Hackers then lock down your access to your network and hold your valuable information hostage.

4. Often these hackers get additional access to personal logins, bank accounts, or other such items from this high level of access.

5. Then your computers, data, and network are held for ransom.  Pay us or your data is gone and your computers are locked.

For many businesses, they do not have a choice. they pay tens or hundreds of thousands of dollars to get access back to their data in an attempt to protect their individual privacy.

Avoiding Losing it All to Ransomware Attacks

Ransomware is a very sophisticated type of scam compared to the ones listed above, but perhaps even more important to guard against.  There is software out there, like the ones we use here at Your Tech Team, that can help identify ransomware attacks and shut them down before much damage can be done.  However, even with proper ransomware defense, it’s always wise to have data backups, a robust plan in place, and proper employee awareness.

Truly, we suggest reaching out to a Managed Service Provider (MSP) like us in order to best prepare against this damaging attack.