[Sources: IRON Solutions, Better Business Bureau, Norton, 2010; R-2013 | Keywords: Business, Operations, Scams]
At a time when businesses literally can’t afford to fall victim to fraud, scam artists are stealing money or personal information from unsuspecting victims and small businesses using telephones, e-mail and the Internet.
One Association member knows first-hand the importance of staying alert and recognizing the signs of a potential scam. In the last six months, the business has encountered and stopped several scams, ranging from bogus purchases over the phone and e-mail, to a telephone relay scams.
In two instances, an employee took orders over the phone from individuals who said they were not regular customers. The first order was for 400 of the same spark plug, while the second order was for 60 of the same fuel filter. The credit card was declined for both purchases. When the credit card and “ship to” addresses were Googled, it was discovered that both were bogus and to businesses such as a bank and Wal-Mart located in different cities.
“If the cards had gone through and weren’t reported stolen, there would have been a chargeback against us,” said the office manager. “Fortunately, the order hadn’t gone through yet, or we would have been without credit for the purchase, too.” Today, employees do a little investigating before placing an order for large quantities of a single item, such as checking addresses and looking for spelling and grammatical errors on all e-mail orders.
How do you know when something is a scam? While it can prove difficult, there are signs to warn you that something isn’t right. Following is a look at some of the top scams and precautions small business owners can take to avoid losing thousands of dollars.
Bogus Purchase Scams
In the bogus purchase scam, you receive an e-mail or an online response form from a prospective customer who visited your website or saw your product available for sale online. For any transaction you are considering, keep these tips in mind:
- Never accept a cashier’s check without verifying by telephone from the issuing bank that the check is legitimate.
- Don’t accept any payment method that requires you to “give back” an amount representing an “overpayment” made for your equipment. This includes freight overpayment portrayed to make your life easier.
- The only reliable ways to receive payments from overseas or domestic buyers is a wire transfer into your account before the goods are shipped out or a bank letter of credit from the buyer’s bank to your bank. Have your bank review it for any clauses that would make it difficult to comply. In domestic sales you may take other instruments, but make it a condition of the sale that you hold the item until your bank confirms that the cash has been secured.
- For an overseas sale, make sure you get the telephone number, name, and address of the U.S. forwarding agent to be used by the buyer.
The number one rule to remember when making an online sale is that if something seems fishy or too good to be true … it probably is. Don’t assume that phone contact validates an identity either – many reported scams involved ongoing phone conversations over several months. Ask for some North American supplier references. A good buyer will not be offended by your homework.
Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:
- Don’t reply to e-mail or pop-up messages that ask for personal or financial information, and don’t click on links in the message. In addition, don’t cut and paste a link from the message into your Web browser. Phishers can make links look like they go one place, but actually send you to a different site.
- Some scammers send an e-mail that appears to be from a legitimate business. This e-mail instructs you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are located. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- When entering personal information on a company’s website, check that the site is secure. A padlock icon will appear on the browser’s status bar, or the URL (web address) will read “https.”
- Create passwords that use upper and lower case letters, numbers, or special characters and are longer than six characters. It’s also wise to create nonsensical, random passwords that do not relate to your life. In addition, be sure to use different passwords for separate accounts and change them regularly.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Don’t e-mail personal or financial information.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
- Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them.
Telephone Relay Scams
The Better Business Bureau (BBB) recently warned small business owners that reports of scammers plying their trade through telephone relay services are cropping up all across the country. Telephone relay services are meant to assist the hearing impaired in making telephone calls and often rely on an operator who relays a typed message from the caller to the business. Because, by law, the operator is not allowed to disclose the origin of the call, this service allows the scammers to hide their identity.
The scam being employed over telephone relay is a variation on an overpayment scam. A business receives an order from a customer over the phone through a telephone relay service. The customer explains that the delivery service they’d like to use won’t take credit cards and asks the business to wire money to the shipper and simply tack the cost onto the overall order and charge their credit card for the total amount. Any money wired to the supposed shipper actually ends up in the hands of the customer/scammer and the credit card number provided is stolen. Not only does the business suffer the loss of goods or services ordered by the scammer, it also loses money wired to the phony delivery service.
BBB offers the following advice to business owners to help identify scams over telephone relay services:
- If the customer is using a TTY Relay Operator, ask the customer for his/her full name, address and telephone number.
- Ask the customer to provide the name of the issuing bank and its toll-free customer service number as printed on the back of all credit cards.
- Ask the customer for the three or four digit Card Verification Code that is found near the account number on the back or front of a credit card.
- Tell the customer that you will check with the bank and call them back. When you do that, keep good notes. Verify all information the customer provides. If a customer objects, explain that these procedures are for their protection, as well.
- If the customer still objects to providing any of the above information, abandon the conversation and advise that you are not prepared to do business this way.
Social Media Scams
Social Media like Twitter and Facebook have become a great way to connect with friends, relatives and colleagues around the world. However, scammers are always looking for new ways to separate you from your hard-earned dollar, and they have jumped on the social media bandwagon to do just that. Following are the top five social media scams.
- Chain Letters – You’ve likely seen this one before – the dreaded chain letter. It may appear in the form of, “Retweet this and Bill Gates will donate $5 million to charity!” Hold on. Let’s think about this. Bill Gates already does a lot for charity. Why would he wait for something like this to take action? Answer: He wouldn’t. Both the cause and claim are bogus. So why would someone post this? It could be some prankster looking for a laugh, or a spammer needing “friends” to hit up later. Many well-meaning people pass these fake claims onto others. Break the chain and inform them of the likely ruse.
- Cash Grabs – By their very nature, social media sites make it easy for us to stay in touch with friends, while reaching out to meet new ones. But how well do you really know these new acquaintances? That person with the attractive profile picture who just friended you – and suddenly needs money – is probably some cybercriminal looking for easy cash. Think twice before acting. In fact, the same advice applies even if you know the person. Picture this: You just received an urgent request from one of your real friends who “lost his wallet on vacation and needs some cash to get home.” So, being the helpful person you are, you send some money right away, per his instructions. But there’s a problem: your friend never sent this request. In fact, he isn’t even aware of it. His malware-infected computer grabbed all of his contacts and forwarded the bogus e-mail to everyone, waiting to see who would bite. Again, think before acting. Call your friend. Inform him of the request and see if it’s true. Next, make sure your computer isn’t infected as well.
- Hidden Charges – “What type of STAR WARS character are you? Find out with our quiz! All of your friends have taken it!” H-m-m, this sounds interesting so you enter your info and cell number, as instructed. After a few minutes, a text turns up. It turns out you’re more Yoda than Darth Vader. Well, that’s interesting…but not as much as next month’s cell bill. You’ve just unwittingly subscribed to some dubious monthly service that charges $9.95 every month. As it turns out, that “free, fun service” is neither. Be wary of these bait and switch games. They tend to thrive on social sites.
- Phishing Requests – “Somebody just put up these pictures of you at this wild party! Check ‘em out here!” Huh? Let me see that! Immediately, you click on the enclosed link, which takes you to your Twitter or Facebook login page. There, you enter your account info and a cybercriminal now has your password, along with total control of your account. How did this happen? Both the e-mail and landing page were bogus. That link you clicked took you to a page that only looked like your intended social site. It’s called phishing, and you’ve just been had. To prevent this, make sure your Internet security includes anti-phishing defenses. Many freeware programs don’t include this essential protection.
- Hidden URLs – Beware of blindly clicking on shortened URLs. You’ll see them everywhere on Twitter, but you never know where you’re going since the URL (“Uniform Resource Locator,” the Web address) hides the full location. Clicking on such a link could direct you to your intended site or one that installs all sorts of malware on your computer. While URL shorteners can be quite useful, beware of their potential pitfalls and make sure you have real-time protection against spyware and viruses.
General Scam Indicators
The scams described above are some of the most common types of scams. However, fraudsters are very clever people who may use many variations of these concepts to achieve the less than admirable goal of parting you and your money. In general, be wary of any offering that promises you money, jobs or prizes; asks for donations; proposes lucrative business deals; asks you to provide sensitive personal information; or asks you to follow a link to a website and log on to an account.
In closing, trust your instincts. If something sounds too good to be true, more often than not that turns out to be the case. Contact the Association office at 1-800-622-0016 if you come across any specific cases of these sorts of activity.