Some food for thought at that Labor Day barbecue: Scammers are increasing their focus on small and midsize businesses. Among the top ploys that burn employers and their labor force:
Phishing emails. Business email compromise (BEC) is a fast-growing scheme in which cybercrooks glean names and titles of executives from LinkedIn or corporate websites to spoof internal messages, usually alleged to come from top executives. In the most common ruse — netting scammers over $2 billion in recent years, according to the FBI — they pose as the CEO and email instructions to pay a vendor or bill; the money is wired to a scammer-run account. Employees may also receive bogus emails, allegedly from human resources, instructing them to update their log-in credentials so those accounts can be accessed. So before you act on such “company” emails, authenticate them with an interoffice phone call.
Deactivating deception. In emails or letters, businesses are falsely told that their website address, Facebook account or other online presence is about to be “deactivated” — a move to generate quick cash in bogus renewals, to glean log-in credentials or to distribute malware. Also beware of companies that promise you — for a hefty fee — better placement of your business in Google searches; no third-party vendor can guarantee keyword-placement results.
Phony invoices. Businesses receive fake invoices demanding payment for products or services they never ordered or received, often in amounts small enough not to raise suspicions, the Better Business Bureau warns.
Better Business Bureau bamboozlement. In one longtime and sporadically recurring ruse, businesses get emails alleged to be from the Better Business Bureau with a subject line such as “Complaint from your customers.” When worried business owners click the attached links for “more details,” malware is unleashed that provides cybercriminals with remote access to company files. In another scheme, self-described BBB employees call companies to “update” business or personal information so they can obtain details for BEC and other scams — and/or threaten to charge fees for not immediately providing these updates.
Supply swindles. Sometimes, boxes supposedly packed with office supplies arrive unexpectedly with cash-on-delivery decrees from duping deliverymen. Front-desk employees may assume the delivery is expected by a coworker (fraudsters can get names easily enough), but the boxes may be filled with junk or be empty, according to the Federal Trade Commission. Other times, companies are phoned in advance to learn what brand of supplies or equipment they use, and in a follow-up call, self-described suppliers offer bargain prices on surplus merchandise that’s paid for in advance but never delivered.
Directory scams. Claiming to be from the Yellow Pages or an online phone directory, swindlers ask businesses to confirm their address and phone number (or for online directories, request search-term keywords to use on search engines). Assuming they are simply updating an existing listing, employees provide this seemingly innocent information. But then, the company is billed hundreds of dollars for allegedly provided listing services or may be sent “solicitation” paperwork that may be interpreted as a bona fide invoice.
For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map .
Also of Interest
- How students get scammed
- Social Security COLA projected for 2017
- Get Help: Find out if you're eligible for public benefits with Benefits QuickLINK
- Join AARP: savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia and more.