Business Scams 101: Common Schemes and How to Avoid Them

Table of Contents

• Business Scam Statistics
• Common Scams Targeting Businesses
• Fastest Growing Scams
• How To Protect Your Business From Scams
• Stay on the Defensive
• References and Additional Reading

Business Scam Statistics

• Business email compromise scams have resulted in $3 billion in losses since 2016, more than any other type of fraud in the U.S.¹
• In 2020, there were 241,342 complaints of phishing scams, amounting to more than $54 million in losses.²
• Check and payment tampering fraud schemes were four times more common in small businesses than in large organizations in 2020.³
• Scammers took advantage of the pandemic in 2020, and the Internet Crime Complaint Center received over 28,500 fraud reports involving Paycheck Protection Program (PPP) loans, Small Business Economic Injury Disaster Loans, and other COVID-related fraud.⁴
• At the beginning of the Covid-19 pandemic, one Virginia couple scammed nearly 1,700 small business owners through a complex business loan scheme.⁵
• Between 2019 and 2020, job and employment agency scams increased by over 250 percent.⁶
• In the U.S., the average data breach cost companies $9 million and took over 200 days to be identified in 2021.⁷
• In companies where remote work caused the data breach, the average cost was actually $1.7 million more than in companies where remote work wasn’t a factor.⁸

Common Scams Targeting Businesses

Business identity theft

Identity theft isn’t just a peril for individual people – businesses, too, can be harmed by scammers. Identity theft increased by more than 113 percent in 2020 as people fell on hard times, according to our analysis of Consumer Sentinel Network data. This type of scam typically occurs when someone poses as a decisionmaker at your company, making purchases or taking on debt that you’ll eventually have to foot the bill for. Experian recommends that those in charge of a company’s finances regularly check credit reports to make sure all charges are accurate and legitimate.

Impostor scams

If someone calls you pretending to be from a government agency or another trusted entity, and proceeds to request sensitive information about your business, you may be on the receiving end of an imposter scam.  According to data from the Consumer Sentinel Network, these types of crimes rose by 45 percent from 2019 to 2020.

One particular scam, as reported by Business News Daily, involves someone purporting to be from the Small Business Administration (SBA). As the SBA has been handing out COVID-19 relief loans to small businesses, scammers have taken note and are using the situation to try and acquire sensitive account details.

Business lending scams

If you’re in the midst of shopping around for a business loan, you should keep an eye out for deals that offer overly gracious terms. Business lending scams will often promise you outstanding rates, even if your company’s credit is subpar. But you’ll only get access to these dream loans if you pay an upfront fee — which the scammer will promptly pocket before they disappear. You should do deep research on the lending institution in question before you commit to sending any money.

Fake invoices and payment requests

Larger companies are often targeted by invoicing or payment request scams. Why is that? If they’re very large, they’re more likely to pay out a request without giving it a close look because of the sheer volume of invoices they have to process. By the time you catch on, the scammer already has your money and is long gone. According to the Minnesota State Attorney General’s Office, fake invoices are often for directory listings, memberships, and office supplies.

Fraudulent service offerings and office supply scams

Some scammers represent themselves as legitimate companies offering business services or office supplies. You could place an order, believing you’re getting a great deal on a product or service, only to find the outfit you paid has no intention of delivering. These scams have become especially common in the wake of COVID-19. More employees are now working from home and may be looking for better internet service or office supplies they can order for themselves.

Cyber threats

Analysis of Consumer Sentinel Network data showed that cyber threats were among the most reported internet crimes in 2020, rising by over 2000 percent from 2019. It should come as no surprise that, due to COVID-19’s impact on the economy, scammers increased their digital efforts against companies. Hackers often target businesses because they tend to have bigger bank accounts. If critical data at your company becomes compromised, you could receive messages from scammers shortly after demanding payment. Worse yet, they could gain access to company email and use that to access bank account information. As the FBI’s Internet Crime Complaint Center reported, businesses lost $1.8 billion in such attacks last year.

Fake check or overpayment scams

According to the American Bankers Association, check scams are some of the oldest schemes in the book and remain fairly common to this day. They take the form of someone – be it a customer or someone posing as another business – paying you more than you’re owed via check, then asking you to pay back the difference.

If this occurs and the payer requests a refund through prepaid credit card, gift card, or wire transfer, be very suspicious. Scammers like to be paid using these methods because they’re more difficult for the authorities to track. Holding refunds for check payments several weeks could help you avoid getting burned. Under no circumstances should you refund a customer using an untraceable channel.

Charitable solicitations

Not every charitable request is for a good cause! Some scammers may take advantage of your company’s generosity and ask for a donation to a fundraiser or sponsorship opportunity that isn’t legitimate. They could also act as though they represent an established nonprofit when they’re really lining their own pockets. This type of scam is on the rise: between 2019 and 2020, reports of charitable solicitation schemes rose by 32% according to the Consumer Sentinel Network database. New, fraudulent charities tend to pop up during times of disaster.

Business email compromise and phishing scams

Spam email remains a plague, and email phishing scams have been a menace for decades. If you get an offer on a business deal that sounds too good to be true, or receive an unexpected password reset request for one of your company’s accounts, you may be dealing with a scammer. If you do get a message that appears to be from a legitimate company, it’s still a good idea to do your research on them. According to the FTC, scammers are more than capable of making a fake website or email that looks like the real thing.

Fastest Growing Scams

The FTC collects and shares millions of reports on fraud, scams, and other cybercrimes through its Consumer Sentinel Network. Using this information, we looked into the scams that could impact businesses and calculated which types are growing in frequency.

The latest data from 2020 revealed that individuals and businesses were reporting issues with malware, online payment and shopping platforms, employment agencies, and identity theft at much higher rates than in 2019.

Business-related scams that increased between 2019 and 2020

Source: FTC Consumer Sentinel Report 2019, 2020
Note: Data in the table represents reports from businesses and individuals.

How to Protect Your Business from Scams

Now that you’re more familiar with the most common and fastest growing scams, can you identify the scams that your company could fall victim to? Conduct a review of your company and check it against our scam list to identify any possible threats. Although it can be nerve wracking to find vulnerabilities in your business, there are steps you can take to protect your assets and data.

Train employees on safety

If a large number of employees are authorized to pay for services or supplies, Make sure every employee authorized to pay for services and supplies knows how to protect payment details, identify secure and insecure websites, and spot the warning signs of a scam. Consider conducting a scam simulation workshop in the office. In addition, your company can create a scam avoidance guidebook, and – as ACFE Insights recommends – provide case studies of past scams so employees can see where other companies went wrong.

Alternatively, you could leave purchasing responsibilities in the hands of a trusted few in order to reduce your risk. You’ll just have to make sure those team members also know how to keep your company’s resources safe.

Know an imposter when you see one

Some scammers like to send official-looking emails from companies you may or may not do business with. These emails often contain links that will send you to a copy of that company’s website, where the scammer hopes you’ll attempt to sign in (and helpfully give away your credentials). How do you spot a fake? Double-check the URL of the website you land on to make sure it matches that of the actual business. Also, make sure the site you’re on has an SSL certificate. This is a sign that any data you transmit will be secure and encrypted.

Establish procedures for everyone to follow

In general, you should have systems in place for dealing with potential scams. There should be guidelines on the types of information that should not be shared. Employees should know who to report suspected fraud to both inside and outside the company.

Where money is concerned, lay out a step-by-step process every employee should follow when paying vendors or issuing refunds. It may be worthwhile to put policies in place before workers can send out checks or type credit card numbers into websites. For example, employees could request authorization from a supervisor before they make purchases or payments.

Protect devices, files, and networks

How secure are employee phones and laptops? How strong is your company firewall? Do employees know not to send sensitive materials electronically to those outside your business? An internal audit of your devices and the practices your employees engage in could help you fend off attempted scams.

For example, you might want to ensure employees are using strong passwords to lock their accounts, and that they have two-factor authentication enabled. Enacting a policy that requires regular password changes could also help tighten up security.

Instruct employees not to conduct business while connected to public hotspots, such as those found in airports and coffee shops. For hackers, it is relatively trivial to scoop up data (such as logins and passwords) sent over unsecured wireless networks.

Anyone with access to sensitive or private customer data should have their own login, as well, and any attempts to open or download that data should be logged. That way you can create a trail that’ll lead you to the employee who disclosed the information, or help you figure out whose account is compromised.

Research new vendors and confirm payees

Do you know who you’re paying and what company names are used by your vendors? These details are too crucial to overlook. Each time you begin a relationship with a new payee, be sure to get a sample invoice from them so you know what one looks like. And when you receive an invoice for real, make sure you’re cutting a check to the right business, and that you’re sending money to the right place.

Report attempted and successful scams

Maybe you’ll get lucky and recognize one of the aforementioned scams before things go too far. Or maybe you’ll fall prey to a scam as so many do every day. Either way, you should report what happened to the FTC. The agency has a special webpage specifically for those who want to provide tips. The Better Business Bureau has one too.

Reporting attempted scams can help prevent scammers from striking again. Taking a few minutes to do this could save other businesses from losing their hard-earned profits, and could lead to serious consequences for the perpetrators.

Stay on the Defensive

Keeping your business safe from scammers is truly a team effort. It requires a well-trained and disciplined staff, and an understanding that you can never let your guard down – you must remain vigilant.

If you follow the guide above, you’ll know how you can further protect your company’s assets from would-be thieves, and how to spot any signs of trouble before things get out of hand. Don’t become a statistic in next year’s FBI report: take action now to plug any holes inside your organization, and stay up to date on the topic so you’re always aware of any new scams making the rounds.

References and Additional Reading

Additional Reading

• Experian: Business Identity Theft
• IRS: Identity Theft information for Businesses
• Small Business Daily: Don’t Become the Next Victim of a COVID-19 Scam
• FTC: Scams and Your Small Business: A Guide for Business
• FBI Internet Crime Complaint Center: Internet Crime Report 2020
• FTC: Report Fraud to the FTC
• Better Business Bureau: Report a Scam

References

1. Better Business Bureau. (2019, Sept. 25). Is That Email Really From the Boss? A BBB Study of Business Email Compromise Scams. Retrieved August 10, 2021, from https://www.bbb.org/article/news-releases/20728-is-that-email-really-from-the-boss-a-bbb-study-of-business-email-compromise-scams
2. Federal Bureau of Investigation. (2020). 2020 Internet Crime Report. Retrieved August 10, 2021, from https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
3. Associate of Certified Fraud Examiners. (2020). Report to the Nations 2020 Global Study on Occupational Fraud and Abuse. Retrieved August 10, 2021, from https://acfepublic.s3-us-west-2.amazonaws.com/2020-Report-to-the-Nations.pdf
4. United States Department of Justice. (2021, Apr. 9). Man Sentenced for Defrauding Nearly 1,700 Victims in $1 Million Small Business Loan Scam. Retrieved August 10, 2021, from https://www.justice.gov/usao-edva/pr/man-sentenced-defrauding-nearly-1700-victims-1-million-small-business-loan-scam
5. Federal Trade Commission. (2020). Consumer Sentinel Network Reports. Retrieved August 10, 2021, from https://www.ftc.gov/enforcement/consumer-sentinel-network/reports
6. IBM. (2021). How much does a data breach cost?. Retrieved August 10, 2021, from https://www.ibm.com/security/data-breach