How to protect your business from fraud

FeaturedMoneySmall Business

Written by:

Data security and fraud prevention are two of the biggest challenges facing small business owners today.

When scammers gain access to sensitive personal information such as customer data, log-in credentials, and account information, the results can be disastrous.

Scammers can steal your credit card information, PIN numbers and security codes to make unlawful transactions. A data breach at your small business might also lead to social security number theft, identity theft, tax ID theft, data mining and even loss of control over your accounts.

While some might think large companies are the only ones at risk for a data breach, small businesses are often affected as well. In fact, according to the Association of Certified Fraud Examiners, small businesses lose almost twice as much money per year compared to larger companies.

Data protection is a complicated responsibility for small business owners, who often have limited resources to implement fraud prevention controls. However, you don’t always need complicated analytics to understand fraud risk factors and to take steps, like fraud detection, to protect your business.

In this article, we will share tips on how you might identify a threat, recognize potentially fraudulent activity, protect yourself from a tech support scam, and tips to help protect your business from an internal fraudster.

Tips on how to identify and protect yourself from tech support scams

Fraud detection is the first step in preventing scams, but not all scams look the same and not all scammers take the same approach.

Tech support scams are on the rise and pose a serious threat to small businesses. These bad actors will engage with their victims through different means, including sponsored ads, email, cold-calling, and pop-ups.

Tech support scammers often impersonate trusted companies that you already interact with to gain access to your systems and sensitive data. These scammers may ask you to download and initiate a remote access service like LogMeIn, TeamViewer, or GoToMyPC.

While remote management tools help authorized providers resolve issues, unauthorized third parties impersonating real companies also use these tools to gain access to their victims’ computers.

These scammers can gain access to your data and files and possibly download malicious software known as malware (computer viruses, worms, Trojan horses, or spyware) to your computer while they have remote access.

Typically, fraudsters make these requests under the guise that your software is “corrupted.” They may tell you that a problem, virus, or malfunction has been detected, or that your software requires an update, and they want to help you resolve the issue.

Many of these tech scams are aimed at obtaining your sensitive, personal information, including your account and payment information.

Here are some actions to take in the event you have encountered a tech support scammer:

  • In the event that you have mistakenly given the scammer remote access to your computer, you should disconnect your computer from the internet immediately to stop their access.
  • If you paid a scammer or gave your credit card information to a scammer, you should immediately contact your financial institution and ask that they stop or reverse the charges, and cancel the credit card.
  • If the scammer had you install an application of any kind, uninstall it right away and call a trusted IT company. You should make sure your antivirus software is up to date and run a system scan, deleting any program identified by trusted security software.
  • Once installed, malware may be able to affect other devices on your network. Make sure your security software is current on all networked devices and scan those devices as soon as you realize you have encountered a bad actor online.
  • If you have given access to any device or account to a fraudster you should change your passwords. Keep in mind that trusted companies will never contact you unexpectedly requesting your password.

Common tactics used by scammers & ways to protect yourself:

Fraud risk: Sponsored ads or links.

Scammers often list advertisements for their “Support Services” on search engines like Google and Bing. These links often appear identical to those of trusted vendors, and may even be accompanied by a phone number.

Reduce your risk: 

Only work with companies you know and trust. Be sure to verify all unsolicited contact with support services.

Fraud risk: Phone calls.

Scammers will make unsolicited calls claiming to be a trusted company requesting access to your computer, your personal information, or online services. Fraudsters tend to request remote access to run “tests” or “virus scans” and claim that your systems or accounts require unnecessary updates, upgrades, or repairs.

Reduce your risk: 

The first step is easy: question who you are speaking with or, simply hang up. Then call a trusted number for the appropriate company.

Fraud risk: Unfamiliar emails

Scammers send emails and invoices using the brands of trusted companies to try and trick recipients into paying illegitimate invoices, share personal information, or to download attachments with malware in order to gain unauthorized access to data sources.

Reduce your risk:

Look at the sender’s email address, is it one that you recognize? Check the domain, does it direct you to a site that you are familiar with? Look for obvious signs of fraud such as poor spelling or bad grammar. If there is a phone number, do an internet search to see if it is a legitimate number.

Fraud risk: Pop-up windows:

Pop-up windows and messages that look like an error message on your screen may actually contain a virus or direct you to call a fraudster. These pop-up messages warn you of a fake security issue and usually provide a phone number for you to contact. They try to fool you by claiming to be a trusted company or use logos you might recognize.

Reduce your risk:

Examine the message closely. Similar to email fraud, look for poor spelling or bad grammar. Do an internet search for the phone number to see if it is legitimate. Don’t follow the instructions. If you suspect your computer has been compromised use another device to contact trusted support services.

Here are some tips to determine if you came in contact with a scammer.

  1. Did you have a weird feeling about the call? If so, call the trusted company and ask if they have a record of speaking with you.
  2. Look at your financial or payment records to check the merchant name, and whether it is the same company you believe you have spoken with.
  3. Search the contact information on the internet to see if it legitimately belongs to the company you believe you spoke with.

For more guidance on how to defend your small business from tech support scams check out these resources:

How to spot, avoid & report tech support scams

Cyber security for small business

Tips to help protect your business from an Internal Fraudster

As a small business owner, you can put some fraud prevention controls in place to help prevent and mitigate the effects of fraudulent activity.

Here are some ways to combat internal fraud in the workplace.

1. Know your employees.

You place a lot of trust in your employees, therefore, it is helpful to take time to get to know them. Before hiring, you may consider background checks for all employees, especially for those that have access to money or payments accounts.

2. Verify invoices and payments.

Establish clear procedures for approving invoices and expenditures and consider who should be authorized to place orders and make payments. When you receive an invoice, make sure you ordered and received the items.

3. Know your vendors.

When working with new vendors properly research each new company and continue to monitor their processes and behavior. Ask for referrals and make time to check them. Do a quick online search listing the company’s name along with “scam” or “fraud.” Search social media to see what other people are saying about them.

4. Dividing accounting duties.

Split up the duties of sending invoices, collecting payments, making deposits and recording transactions, so no one individual has total control over your business’ finances.

5. Train your employees to identify and prevent fraud.

It’s critical to teach your employees how to identify and prevent fraud and how to report suspicious behavior. Your employees are often your first line of defense against fraud, which provides a great opportunity to catch fraud in real-time. Hold a staff meeting and go over the tips included in this article.

6. Give whistleblowers various ways to report fraud.

Whistleblowers, individuals who learn of suspicious activity and report it, can be employees, customers, or vendors.

Almost half of whistleblowers use hotlines to report suspicious activity. However, having multiple methods for a person to report fraudulent activity increases the likelihood of potential fraud being uncovered. These can include:

  • Email
  • Web-based forms
  • Mailed letters or forms

7. Stay vigilant.

Stay aware of potential scams and be proactive in detecting and preventing fraud. By watching for red flags and knowing how to respond in the event of a scam or data breach, you can help prevent your dream of owning a successful small business from turning into a nightmare.

Here are steps to help protect yourself from fraudulent emails:

Always be suspicious of an email that asks for personal information, requires you to download anything, requests your authentication information to access your online account, or asks for payment when you have already paid for your service or subscription.

What to review in a suspicious email:

  • Check the “From” address to see if it has a legitimate email address.
  • Check the email domain (what appears after the @) and see if it is a real website.
  • If there is a phone number, search the phone number on the internet to see if it really is associated with the company. If suspicious sites appear in the search results, delete the email.
  • Mouse over (DO NOT CLICK) on any links within the body of the email to review for suspicious links. If the link is not associated with the company or a trusted partner, do not click any links.
  • Do not download any tools.

You will find more information about protecting yourself from phishing schemes on the FTC Web site.

Here are steps to help protect yourself from fraudulent phone calls:

Always be suspicious of phone calls if you don’t know the phone number on the caller-id. Be suspicious if a caller immediately asks for sensitive personal information or claims you owe money for something for which you have already paid.

Be wary if a caller states they are contacting you about a promotion or upgrade to your account. Scammers may entice you to give them your account information by suggesting you have won or earned something unexpectedly, or that they have “detected” an issue with your subscription.

Push back on callers who talk fast in order to get you to agree to new charges or payment method. High-pressure tactics, like fast talking and quick closing, are often used to force you into a bad decision.

You can find more information about phone scams here.

Report any suspicious activity to the appropriate government agency in your country:

This article originally appeared on the QuickBooks Resource Center and was syndicated by

Featured Image Credit: