FTC Sees Surge in Business Impersonation
Cybercriminals can and do target small businesses. Monitor your business profiles, credit reports and customer feedback. Report problems to the authorities.
NEW YORK — The Federal Trade Commission received more than 330,000 reports of scammers impersonating businesses in 2023.
Some of these scammers pretend to be major corporations like Amazon or Best Buy, the FTC says. But small businesses are at risk too, says Scott Taber, a cybersecurity awareness program specialist at the Michigan Small Business Development Center.
"There's always been this idea that small businesses are too small. But we know that's not true – that cyber criminals specifically target small businesses because of that fact," Taber says. "Small businesses typically don't have the same resources as the larger organizations."
You can take steps to protect your business from fraudsters even without a dedicated risk or security team. Here are some simple ways to spot and address imitation scams.
How to find out if you're being imitated
Take a half-hour each day to perform "online hygiene" by searching for information about your business, suggests Melanie McGovern, director of public relations and social media at the Better Business Bureau. That can help you notice anything unusual.
For instance, McGovern says, even businesses that don't have websites may be listed in third-party directories. Scammers can find those directories – which usually include identifying details about your business, like its address – and create an online presence, then start making fraudulent sales.
"That's unfortunately how the scammers think," McGovern says. "That's an opportunity for them."
Monitoring financial records like your business credit reports can show potential issues as well. For example, Taber says, a scammer might try to open up new lines of credit or make large purchases in your name.
He recommends paying attention to customer feedback, too. If a customer gets a strange email or friend request and they report it to you, take time to investigate.
"They're probably going to be one of the best ways to advise you that something's going on," Taber says.
How to respond to an imitation scam
The most common imitation scams reported to the FTC in 2023 included:
- Fake subscription renewals, like emails claiming that a certain subscription needs to be renewed. Even if a customer doesn't have a subscription to that service, they might click on the link seeking more information.
- Fake giveaways and discounts, in which scammers ask customers to send money to them to claim their offer.
- Fake package delivery problems, like a text claiming to be from the United States Postal Service informing the customer that there was a problem and they need to pay a fee to resolve it.
If a scammer is imitating your business and your customers need to be cautious, tell them what's going on and what you're doing to prevent it from happening again. This is especially important with your most essential clients with whom you need to preserve relationships.
"If you are knowing that there is an active scam with your business and you hide it or don't acknowledge it … you're going to lose customers and clients that way," Taber says. "Your business reputation is going to take a huge hit."
Next, report the scammer to the authorities. If they're posting on social media, report it to the social media platform and ask them to take down the post or shut down the account.
In Michigan, where Taber lives, he recommends calling the state attorney general's office. They may not be able to charge or convict the scammer, especially if they're based abroad, but it may add to a case that authorities are building. Learn how to file a report with your state attorney general's office or the FTC in advance so that you're ready to do so if you have to.
How to prevent your business from being used in imitation scams
Don't wait until a scammer targets your business to begin tightening your security and improving your digital marketing.
The business cybersecurity basics are essential, McGovern says. Set up two-factor authentication on all of your accounts and require your employees to change passwords regularly. To dodge phishing attempts, always double-check that emails and text messages claiming to be from your bank or a business partner are from a legitimate address or phone number before you respond or click links.
Beyond that, make sure your business has a website and a presence on whatever social platforms you use to communicate with customers. If there's an account you no longer use, keep an eye on it to ensure it's not taken over by a scammer, McGovern says.
Cybersecurity insurance can help protect your business finances if your information is compromised. Your insurer may be able to add some cyber coverage to your existing coverage portfolio – since no business is too small to be the target of a scammer.
"If you take payment information, if you have personal information about your customers – everybody's vulnerable," McGovern says. "Every business needs to be cyber aware and making sure they're protecting not only themselves, but their customers."
© Copyright 2024, The Courier-Times, all rights reserved.