Businesses should train employees on how to avoid scams, says...

Businesses should train employees on how to avoid scams, says the president of the Better Business Bureau of Metropolitan New York. Credit: Getty Images/iStockphoto/Daviles

Small businesses lose more than $7 billion annually to scams, according to a recent report from the Better Business Bureau.

Top scams highlighted in the report include those involving a bank or credit card company impostor, a fake invoice or supplier bill, tech support, a directory listing or advertising.

Often, small businesses can be the low-hanging fruit, so it’s critical to educate employees and establish internal controls to avoid falling prey to scammers.

“Businesses need to be proactive and learn about the most common scams and how they operate and how to prevent them,” says Claire Rosenzweig, president of the Better Business Bureau of Metropolitan New York.

Teach employees what to look out for and how to respond, she says.

For example, scammers exploit the full range of communication channels to make contact with their targets, the report found, but the phone is the top means of contact for business scams, says Rosenzweig.

This can be a problem because while consumers are routinely advised not to answer calls from unknown numbers, businesses probably answer their phones whether they recognize the number or not, figuring callers could be clients or new customers, according to the BBB.

Among the best-known scams:

• Tech support (scammers pretend to be from a well-known company claiming they can fix your computer or provide ongoing computer maintenance)

• Government agency impostor (scammers impersonating government agents make threats)

• Directory listing and advertising (businesses are fooled into paying for nonexistent advertising or listings)

• Fake checks (the victim company receives a bogus check for goods delivered)

• Bank/credit card company impostor (scammers impersonate a bank or other credit card issuer)

Tim McHale, a partner at Cerini & Associates, a Bohemia CPA firm, says he sees scams locally on the rise.

“I think the hackers are getting smarter and using better technology,” he says.

He recently reviewed a case where scammers hacked into a client’s vendor’s server and emailed the client a request for payment for the amount legitimately owed with an official-looking invoice with the company logo. It resulted in an $85,000 loss for the company, which the company has since mostly recouped by working with its bank.

Companies should scrutinize any emails or requests for payment, says McHale.

Robert Siciliano, a Boston-based security expert and a security analyst with Hotspot Shield, a virtual private network that enables a secure connection for Wi-Fi users, says he’s seen most scams revolve around social engineering and/or phishing.

This can include an employee’s getting an email that looks like it’s from the company CEO or CFO saying they’re late on a payment to a vendor and requesting the employee expedite a wire transfer to the vendor ASAP, he says. Typically the CEO’s email has been hacked.

“Anytime the phone rings, a letter or an email comes in requesting the transfer of funds, that needs to be double-checked with everybody in the organization that is responsible for initiating that payment,” says Siciliano, author of “Identity Theft Privacy: Security Protection and Fraud Prevention” (Tross Publishing; $19.95).

Government agency impersonation is another popular scam, says Steve Linker, managing member at Dix Hills-based Linker LLC, a forensic accounting and business valuation services firm.

He’ll often hear of scammers posing as IRS agents or a collection bureau for the IRS who email or telephone that there’s a balance due and the company needs to wire money soon. Businesses should give no information to the scammer and notify their CPA, he says, noting an IRS agent will never initiate contact via email or a phone call. The IRS communicates predominantly through the U.S. Postal Service.

Linker suggests companies have a fraud prevention probe conducted to discover any weaknesses in their internal control systems.

Bottom line is small businesses must be proactive.

“They really need to protect themselves,” says Rosenzweig.

Fast Fact:


Percentage of small businesses that believe there is more risk of business scams today than there was 3 years ago

Source: Better Business Bureau