Businesses of all sizes susceptible to scammers; here’s how to fortify your defenses

While data breaches and corporate scams often conjure images of towering conglomerates — frequent headliners of national news — it’s crucial to remember that businesses of all sizes are susceptible.

Vigilance and proactive measures are the keystones to safeguarding your business’s future. Let’s embrace this reminder to fortify our defenses and nurture the growth of small businesses, the backbone of our economy.

Fortunately, knowledge often is the best protection. I want to inform owners and employees about common scams targeting small businesses.

Some of the most significant tools scammers use include business email compromise, an email phishing scam that typically results in more losses than any other type of fraud.

The scammer poses as a vendor or other trusted source who emails an accountant or chief financial officer. The email asks them to wire money, buy gift cards, or send personal information, often for a plausible reason. If the money transfers, it goes into an account controlled by the con artist.

While these are strategic, more targeted attacks, spear phishing is the number one way businesses are hacked. These scams often appear to be legitimate emails or text messages. However, when you click the link, you download a virus that captures personal information or load a form that asks for bank account or credit card details. Be cautious of unsolicited messages, and don't click on links. Also, be sure your computer has the proper firewall and computer protection software.

Some other often-attempted scams include phony invoices, often asking for relatively small amounts demanding payment for products or services never ordered or received or to pay for ads in directories. Sometimes, these directories don't exist, and other times, fraudsters will send phony invoices for well-known directories, hoping no one will investigate a charge of only a few hundred dollars or less.

Businesses also need to remain diligent in keeping an eye out for scammers who set up fake websites and “hijack” your company name and address. They may also use brand hijacking, blatant copying and misusing company logos and website content to impersonate a business and deceive unsuspecting visitors. In this con, the company doesn't necessarily lose money. However, its reputation is tarnished when angry customers ripped off by scammers think the real company is responsible.

Scammers also can approach businesses with fake charity pitches, offers of highly discounted and non-existent office supplies, and vanity awards that can cost several hundred dollars but have no meaning or value.

Overpayment scams have been another hot tactic to bilk consumers and business owners over the past few years. This is a big red flag. The person you are doing business with sends you a check for more than the amount they owe you and instructs you to wire the balance back to them. The check eventually bounces; you are responsible for the full amount and lose what you wired to the scammers.

Now that we've covered some of the top business problems let’s review some helpful steps to help avoid small business scams.

• Keep good records of orders and purchases to help detect bogus accounts and invoices. Be extra careful with payment procedures and avoid untraceable payment methods to save time and money in the event of a breach. Establish authorization procedures above a certain dollar threshold.

• Don't be afraid to double-check with your vendors to ensure they have good cybersecurity practices and that you have their contact information in case of a problem.

• Protecting your devices with proper computer protection software and a firewall is vital to guard your business.

• And as always, sharing is caring. Spread the word and review with your team, regardless of how small, about phishing attacks and these other schemes. It’s a great precaution to help spot and avoid problems.

• Steve J. Bernas is president and CEO of the BBB of Chicago & Northern Illinois. He can be reached at

Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.