Scams and frauds are probably as old as humanity, but recently they have taken a new turn with the arrival of the Internet and the development of sophisticated telecommunications technology. The Government of Canada has reacted by setting up the Canadian Anti-Fraud Centre, and the Competition Bureau has published a valuable handbook called The Little Black Book of Scams (full text available at www.competitionbureau.gc.ca), which describes 12 important classes of scam and how to protect yourself against them.
Included below are five scams of special concern to small-business owners.
Create a list of regular suppliers; any new names should be questioned by the accounts payable staff. Because scammers can create company names and logos that look genuine, staff should look closely at all incoming invoices to verify dates, account numbers and other identifying information. The number of persons authorized to pay bills should be limited, since scams are sometimes committed by an employee conspiring with an external fraudster.
Senior executives can be the target of special scams.
Persons who have signing authority for large sums of money or report directly to the CEO are particularly common targets for this scam. The scam occurs when the CEO or other senior executive is known to be away from the office on a business trip. After hacking your email server, the scammer sends an email or other communication allegedly from the absent executive saying extra funds are needed immediately to close a deal, secure a contract, or take advantage of an unexpected opportunity. The email will ask that the money be sent to a third-party account.
Secure your computer systems with strong passwords and up-to-date antivirus software from a reputable supplier. Validate the request. Check the email for spelling and grammar mistakes and use of the language uncharacteristic of a native speaker or your executive. Have a standard, multi-level process for signing off on wire transfers. Remember, a wire transfer is cash; recovery is virtually impossible. Limit the amount of information available to the public about your key employees.
If you market online, you need to be aware of scammers posing as buyers of your product. A scammer will agree to buy your product and pay through PayPal or an email money notification claiming the payment is pending and will be released after you provide a tracking number. Since a tracking number is usually only created when the purchase is being shipped, the product is on the way to the buyer before you find out the payment-pending notification was fake.
The scammer might also tell you the payment cannot go through because of some problem with your PayPal or bank account and you will have to pay a fee to get another account to complete the transaction. The generous scammer offers to pay the fee now if you will transfer or wire the fee amount to a false bank account. Now you will not only lose the product and the payment, you will also lose the fee. The scammer may also simply use a stolen credit card number, issue a fraudulent cheque or make a fake money transfer.
Beware of buyers who are geographically distant with unverifiable email addresses. Never send money to get money.
These scams are committed on by fraudsters seeking charitable donations or claiming to be selling maintenance or other services. These scammers are often very aggressive, very articulate, and know every trick of persuasion in the book.
Do not make a quick decision no matter how great the pressure. Do some research on the charity or maintenance company. Get their address. Get the name of the person making the sales call and call the charity or company to make sure the person you talked to actually represents them. Do not let strangers see any company documents such as receipt forms that could give them information about your company. Do not sign anything. Make sure your employees know you have a procedure in place to review any proposals that come through the door.
Identity theft is the theft of a person’s unique identifiers such as a Social Insurance Number (SIN), passport or driver’s licence, as well as personal information such as bank account or credit card numbers, birth date, signature, address, mother’s maiden name, user names and passwords. Possession of this information enables the scammer to assume the victim’s identity and transact as if they were that person.
Shred and destroy documents with sensitive information. Destroy redundant IT equipment, especially hard drives and other storage media. Never use SIN numbers as a filing system. Never send personal identifiers or sensitive personal information by email, text message or give it to unknown callers over the phone. And (it cannot be said too often) always use strong passwords for all online accounts.
Fraud, whether committed by an employee or by an outside scammer, can destroy a business. As technology changes and scammers become more sophisticated, owner-managers must protect their businesses even more. Constant vigilance is a low price to pay for keeping your business safe.