Browse Directory







Hosp... Small business beware: Emerging types of scams and how to avoid being stung

Small business beware: Emerging types of scams and how to avoid being stung

It could come in the form of a random email, a suspicious text or even a dated fax, but one thing’s for sure, scammers are on the hunt and they’re looking for small businesses.

In 2012, more than 84,000 scams were reported to the Australian Competition and Consumer Commission and, according to ACCC figures, Australians lost $93 million as a result.

Research from the Australian Institute of Criminology suggests less than 10% of scams are reported, making it potentially a $1 billion problem.

Scams have been presented in a variety of forms. It could be an email message from a ‘friend’ saying they have been kidnapped in a foreign country, or your phone number might have been the ‘lucky winner’ of a lottery. These scams are easy to identify, but as technology develops, so do the scams.

A number of more sophisticated scams are emerging, including social media scams, business identity theft and SEO scams, which have the potential to cost businesses a lot more money.

Dr Paul Weber from Curtin University’s Business School and ACCC deputy chair Michael Schaper spoke to SmartCompany about these new types of scams, with tips for how businesses can protect themselves.


Business identity theft

Weber and colleagues from Curtin University are conducting ongoing research into small business scams and he says small businesses are seen as an easy target.

“These victims do seem more attractive to the scammer since they provide access to larger account balances than a normal consumer, effectively without any greater level of security or procedures to foil the scam attempt,” he says.

“Small businesspeople see opportunities and go for it. They’ve learnt that’s how you get on in business, but it can make you gullible and more open to scams.”

As technology has developed, Weber says more and more small businesses are becoming the victims of identity theft.

“In a similar vein to personal identity theft, business identity theft is becoming more commonplace. There are many forms that such an impersonation of another organisation can take, but all have the potential for relatively large losses by the very nature of the business-to-business environment in which they occur,” he says.

The scam occurs by the attacker gaining access to the business, or its supplier’s email account, and then proceeding to skim the emails between the businesses until a large transaction occurs. When the supplier asks the business to transfer a large sum to a specified account number, the business alters the account details on the email before it reaches the business’s inbox.

The business then transfers the money into the scammer’s account, thinking it’s paying the supplier. By the time both parties discover the money went to the wrong account, it’s too late and the money can’t be retrieved.

Weber says these types of scams are practically impossible to detect as for all intents and purposes the scammer is the other business. It has the same email address, the same email signatures, the same business information, the only thing different is the account number.

At a recent event in Perth to launch a national prevalence study into small business scams, Weber says out of a group of five business owners, three of them had experienced this type of scam.

When conducting his research, Weber received a personal account from an Australian business owner:

“Using this technique, the attacker was able to intercept an email from my supplier sending me a deposit invoice, change the bank account details and forward it onto me; I then made the money transfer to this incorrect account… We suspected no problem until it was too late when the money did not come through. The invoice amount was for over $4500, which was a huge loss to my brand-new business,” the owner said.

Weber says this type of scam is changing the way people think about this type of illegal activity.

“While it is all well and good to encourage people to maintain the mantra, ‘if it is too good to be true…’, this was a totally normal business transaction between two reputable businesses, nothing looked out of place,” he says.

“The scammers are watching and learning how to mimic the businesses’ behaviours before they strike. They are not easy to pick as bogus organisations.”

Weber says businesses generally aren’t protected from these types of scams by the banks, which are “too busy” trying to thwart similar attacks on consumers, so it’s left up to the business owner to change their procedures.

“The only effective way to foil such a sophisticated scam is to make separate independent contact with all electronic transaction requests and any other important business instruction,” he says.

“The language is very clearly about thinking about different processes so you won’t have to figure out if it’s a scam. I’m reasonably savvy and I can’t even figure these out because there are just no clues.”


Online shopping

Unfortunately for consumers, it seems scammers like online shopping too – for victims.

In 2012 the number of online shopping scams increased by 65% to over 8000 and cost businesses and consumers upwards of $4 million.

The ACCC says this is likely to continue to increase as more and more people shop online.

Online shopping scams generally come in two forms, classified ad scams and overpayment scams.

In classified ad scams a scammer posts a fake ad on a legitimate classifieds website for cheaply priced popular items. When a consumer expresses interest in an item, the scammer will claim that the goods will be delivered following payment. Once the consumer pays, the goods never arrive.

Schaper says overpayment scams are becoming common, too.

“Basically what happens is someone comes in, buys your product off you and then when they transfer you the money, shortly afterwards they say they’ve ‘accidentally’ paid you too much,” he says.

“The scammer then asks you to refund the money. The original payment was usually made on a stolen credit card and that’s how they’re scamming the repayment off you. They will ask you to transfer the refund and hope you do so before realising the scammer’s cheque has bounced or the money was phony.”

Effectively, this results in the consumer losing the transferred money, as well as the money they ‘refunded’.

But there is some good news, people and businesses are becoming savvier to these types of scams.

The conversion rate between a person coming into contact with an online scam and money being lost fell in 2012 to almost 37%, a decrease of 43% from 2011 levels, according to the ACCC.

Schaper says one of the biggest side effects of online shopping scams is businesses becoming disillusioned.

“Small business owners are becoming a lot more reticent about doing online trade. This is basically cutting them out of where the market is going to,” he says.

“It also has the potential to scare away customers. Consumers have the choice of dealing with a big established brand, or an interesting little retailer, but the big one you know will be safe.”

Schaper says to instil consumers with confidence, small businesses should provide a physical street address if possible to let them know they’re not dealing with a “faceless business”. Businesses should also have verifiable online security systems, offer multiple payment channels and have their online firewalls up-to-date.


Social media

Social media is increasingly allowing scammers to access work computer networks.

Weber says if staff use social media from office computers, it opens up the business’s system to hackers.

“Businesses should consider their policy around social media at work.

“It’s social media use in the workplace which is allowing Trojan horses and viruses to infiltrate business systems,” Weber says.

“In small business there is a trend for people to bring their own hardware to work and access the work network. This adds an extra security risk.”

In terms of individuals, scammers will hack into a person’s account and monitor their Facebook interactions until the right time to strike.

In 2012, the ACCC received 172 reports of social networking and email account hacking.

“In one case, a person was heading overseas for a week and he was worried his house would be burgled, so he told people on Facebook he was going away,” Weber says.

“Then, his friends and family received a message from his Facebook account saying he was stuck somewhere overseas and the scammer was able to give a legitimate reason why.”

The scam idea in itself is not a new one, but with the amount of information currently available on social media, it adds a layer of legitimacy which can cause people to become unstuck.

Schaper says generally the more information which publically exists about individuals or businesses, the easier it is for them to be impersonated.

“Scammers are the ultimate entrepreneurs. Scams have gone from faxes, to email and now to phones and going forward social media will be increasingly used as a tool,” he says.

“Each time there is a new tool, there is a new scammer. The more information you give out, the easier it is for a scammer to understand you and to construct a story which is plausible.”


Fake directory listings

In 2013, Schaper says one of the most common types of scam the ACCC received complaints about was fake directory listings.

Recently the Yellow Pages scam re-emerged, with more than 90 complaints made to the ACCC by early August.

The scam also saw an old-school method re-emerge, as faxes were sent to small businesses asking for confirmation of their contact details. In reality the fine print revealed it was asking them to sign up to an online business directory service for a minimum cost of $99 a month for two years.

This business represented itself as ‘Yellow Page Australia’ or ‘Open Business Directory’, when it was actually a sham.

Schaper says other fake directory scams occurring at the moment include health practitioner and optometrist directories and some businesses get tricked into signing away thousands of dollars.

“They’re under a huge amount of time pressure and with this scam they’re doing something which looks reasonably legitimate,” he says.

“If you’re going to check something to see if it’s legitimate, don’t look at the URLs of the suspicious email, go to the business through a legitimate contact point. Often the scammer will have set up fake phone numbers and websites.”


Other scams targeting small businesses

Weber says businesses also need to be wary of fake grants.

“This is where there is information on grants, often real grants, but the information the scammers provide is fake,” he says.

Scammers will often impersonate various government departments and request a fee before they release the grant funds to you. Scammers have also been known to say they operate the government’s GrantsLINK directory website, but in reality this site does not provide grants funding and is not affiliated with the government.

Another scheme which targets small business is scammers claiming to have ‘useful tips’ on winning tenders in specific industries.

“They will ask you to pay a fee and say they will provide you with tips. First of all you’ve broken the law by doing this as it’s considered unconscionable conduct,” Weber says.

“Secondly, after you’ve sent them the money, you don’t receive the tips.”

Equally, business ‘opportunities’ which rely on an upfront payment are worth scrutinising before investing.

When receiving any emails from ‘regular suppliers’, it’s also worth taking a sceptical view. Emails promoting ‘special offers’ or ‘for a limited time only’ deals should be treated with caution as it’s likely the supplies will be non-existent, or of a poor quality and overpriced.

When questioning the legitimacy of a business, Weber says to spend some time researching the company rather than diving in head first.

“If you’re approached by anybody, take the business name and put in a Google search with the word scam after it – if it’s a scam, you probably won’t be the first one to be targeted. The second thing is to use Google Earth and find a street image of their address location and see if it’s the same organisation,” he says.

“If you’re corresponding with the business, also think about using different communication systems. So if the scammer has contacted you over email, perhaps give the business a call using a number independently sourced,” he says.

Ultimately, if it seems too good to be true, it probably is.

If you think you’ve been the victim of a scam, or you’ve been approached by a scammer, contact the ACCC’s SCAMwatch or the federal government’s GrantsLINK.

 

 

Source: Smart Company, 17 September 2013

Industry News
Product News