Protect Your Business from Cyber-Scams

Two weeks ago we reported on the most common cyber-scams targeting individuals like you and me.  But businesses are also in the cross-hairs of scammers.  A recent effort by the Federal Trade Commission and the Better Business Bureau has created some resources to help small business owners and managers learn how to protect themselves from these scams.

It is important to understand that your business is not too small to be an interesting target for a cyber-scammer.   When scammers go after your company or organization, there can be many negative impacts to your company’s bottom line.  Most of these scams go directly for your money.

Scammers will try to gain the confidence or trust of you or your employees using tactics such as:

  • Presenting themselves as a figure of authority, a government agency, a key client, even your CEO or your manager.
  • Using pressure to create a sense of urgency, causing you to act without having time to think it through.
  • Using intimidation or creating fear, by suggesting terrible consequences for failure to act, and act now.
  • Using untraceable payment methods us as wire transfers, Western Union or other prepaid cards or crypto-currencies.

The best solution is to train your employees to look for and recognize scams and exploits, to encourage an environment where employees talk to each other if they have doubts or suspicions, and a reporting structure the encourages and rewards them for alerting management about suspicious emails, phone calls, or other activities.  Teach them never to share passwords or send them by email.  Verify all invoices, payments and requests for wire transfers, even if they appear to come from owners, customers, vendors, or coworkers.  Don’t believe everything you see, caller ID can be spoofed, emails may be sent by imposters, and realistic replica websites can be easily created.

Typical business scams:

  • Phone directory listing and other advertising scams – They may pretend to be from “the Yellow Pages,” another directory, or business publication.  The listing may be offered for “free” but later they send a big invoice for payment.
  • Fraudulent invoices – These may appear to come from regular vendors, or from domain name registration companies.
  • Unordered merchandise – This can start as a call confirming a recent order, or to offer a free catalog.  The merchandise such as office supplies or cleaning supplies arrive, followed by high pressure collection calls.  Legally, you can keep unordered merchandise without paying for it.
  • Tech support scams – Just as it happens to individuals, businesses can fall victim to tech support scams that start as a pop-up alert or a phone call from “Microsoft.”
  • Government agent impersonation – They may pretend to be from the IRS or a state tax agency, and be demanding immediate payment.  They may even pretend to be from the US Patent Office claiming you need to pay to keep a patent in force.
  • Utility company imposter – These scammers claim your gas or electric bill is past due and demand immediate payment.
  • Phishing and ransomware – We have covered these exploits extensively in previous posts.
  • Business promotion and marketing scams – These scammers claim they can improve your Google page rank, improve online sales, fix negative reviews, and other online marketing magic.
  • Credit card processing and equipment scams – Promising lower rates, these scammers get you to pay a “set up fee” or buy expensive equipment.
  • Check scams – A “new customer” places a huge order.  The perpetrator sends a check for more money than the actual invoice, requesting you to send the over payment back, or on to a third party.  Later, when their check bounces, you are out the products you originally billed for, and the money you sent to the scammer as well.

Your best defense is to do business with reputable companies that you know by name and reputation, or who are recommended by other businesses that you trust.  Never rush to make a payment, and check out any claims thoroughly.  If the deal seems too good to be true, it probably is.  Check out new vendors online by searching on their name and the word “reviews” or “scams.”  Train your employees and encourage them to become part of the security solution.  By following these tips and ideas, and you can protect your company from these sorts of attacks.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.