Posts

Small Businesses Targeted by Scammers

Domain Name Scam and Billing ScamIncreasingly I am seeing not only my own business targeted, but I am getting a huge amount of inquiries from other businesses asking me if something they received in an email or through the post or via the telephone is legitimate or a scam.

Invariably they are scams.

There are all sorts of tech threats such as viruses and spyware out there, but it’s the age old tricks that are still fooling small business owners.

Instead of trying to hack into your computer by stealth, scammers are finding it easier to just send you an email, or fax, or just phone you with an offer they hope you can’t refuse.

One of their common tricks is to send a business a fake Invoice in the hope that someone in the office pays it without asking any questions. It’s easy enough to do when you’re under the hammer and snowed under with paperwork.

Office supplies have become a favourite with scammers invoicing you for stationery or toner and ink cartridges that you never ordered, or even sending you an email stating that your refills are ready.  Such an innocuous-looking bill could easily slip through the cracks and be paid, especially in a small business without a dedicated accounts department to keep an eye out for such things.

There are a multitude of variations to the fake billing scam, so always check your bills carefully. Another big one is receiving an invoice from dodgy Directory Services or Advertising Company requesting payment for listings which were never published or were ran without your authorisation.

Fake Domain Name renewals are becoming more prevalent now.  They will ask for payment so you can continue to use your website address. Sometimes you’ll receive a bogus invoice, perhaps for your Domain Name, or more commonly, one which is similar to your Domain Name.

Some dodgy Domain Name Registrars have been known to send out what looks like an invoice from your current provider but is actually an authorisation to transfer your Domain Name to them. They even check online records to see when your Domain Name is due for renewal, with the hope of catching you off guard because you’re expecting an email from your real Domain Name Registrar anyway.

Dodgy Domain Name Registrars are also known for sending out emails claiming that your competitors are trying to buy up Domain Names similar to your own and offering to sell those Domain Names to you first.

For example my website is www.websitedesignmorayfield.com.au, so they might offer me www.websitedesignmorayfield.net.au and www.websitedesignmorayfield.org.au – claiming that if I don’t pay for them my competitors will buy them in an attempt to steal my customers.

Scam emails are also used to sneak spyware onto computers. Rather than sending out Spam offering cheap medications and Viagra, hackers are now sending spam disguised as a legitimate notification from a Bank, Courier Company, Airline, the Tax Office or Post Office.

The style might change, but they all require you to open an attachment or click on a link to check the status of an order or delivery. Do so and your computer could be infected with Malware designed to steal passwords or perhaps lock down your computer and hold your data to ransom.

Alternatively, you might be logging into a spoof website and handing over your password. The safest option is never to trust links or attachments in such emails and to contact the service provider directly if you’re unsure.

Scammers aren’t afraid to use the telephone either and there have been a spate of phone calls in recent times purportedly from Microsoft, claiming your computer is infected with a virus or has some other issue.

The scammers request remote access to your computer, and then identify supposed errors as an indication you have a virus and then demand money in order to remove the virus. If you receive one of these phone calls, just hang up on them.  Once inside your computer they can cause extreme havoc if you refuse to pay.

All of these types of scams rely on human error rather than technical and security weaknesses.  Scammers will often target junior staff hoping to fool them. The best way to protect your business is to educate your staff about the potential dangers of scams and enforce strict policies regarding the placement of orders and payment of invoices.

Vigilance and education are the keys to keeping your Business and Bank Accounts safe!!!!