Sunday, May 15, 2011

Common Business Scams

Two of the more recent and popular business scams involve getting the checking account number of your business. In one case the scammer calls a business firm claiming to represent a bank credit card company. The caller offers extremely favorable interest rates and repayment terms for new customers. The scammer claims to need some basic information to complete the firm's pre-approved credit application. Included in this basic information is the business's checking account number. After getting the account number, the scammer writes "demand drafts" on the account which will be honored by the bank if the draft has a valid checking account number on it. To help cover up the deception, the scammer often writes the drafts for small amounts that will not attract attention.

In the second scam, the scammer mails the company a check for a small amount. When the check is returned to the scammer, the information on the check will permit the scammer to learn the company's checking account number. The scammer then uses the account number to start writing demand drafts on the company's account.

Companies can help to fight these scams by thoroughly reviewing and reconciling the company's bank statement each month. If you discover any suspicious activity, call your bank immediately and then later notify it in writing. Businesses can avoid the second scam by reconciling all incoming checks with existing customer accounts and balances before cashing any check. Don't cash checks until you have identified the source.


It is estimated that cyber crime costs the economy more than one trillion dollars per year. While attackers initially focused on large companies, they are increasingly targeting small and medium-sized businesses that often do not protect their systems as much as the larger companies. Automated attacks are becoming more sophisticated and frequent. Because of the volume and the technological sophistication of these attacks, any business-no matter its size-needs to be prepared with proper security measures. With the availability of "toolkits" for installing malware, cyber criminals do not even need to be well-versed in technology to penetrate a system.

Malware can be installed by sending an e-mail attachment, using a social network site, or breaking into a company's website. Once the malware is installed, the crook controls the computer. Some of the malware programs wait for the user to visit a banking or financial site and then capture the user's log-in information which is sent to the attacker. The compromised computer may also be used for its computing power, permitting the launching of additional attacks. Currently the biggest cyber risk involves bank account fraud, using legitimate account numbers. Attacks on bank accounts can be particularly harmful to small businesses. Banks typically do not extend the same protection to businesses that they do to consumers. Banks will generally provide some kind of coverage for losses connected to consumer accounts but do not provide similar protection for businesses.

Unfortunately, many small and medium-size businesses have done very little to protect themselves against cyber attacks. A poll of approximately 1,500 small businesses indicated that one-third of them did not even have basic antivirus software installed on their computers. Small businesses that had some protection tended to rely on antivirus software and basic network firewalls. Such protection may work against well-known viruses and attacks but not against the more sophisticated new attacks. A further concern is that computers increasingly operate outside of firewalls.

Companies should begin by assessing their degree of risk, taking into account the number of people who can access the network, the current level of protection, and the nature of the data being stored. Most cyber attacks come by web or e-mail, so filtering systems would be needed for those avenues of attack. When purchasing antivirus software, get the business-class version, rather than the consumer version. Businesses may want to hire the services of a computer security company. Finally, keep in mind that cyber criminals are more likely to direct their attacks at computer users than computer systems.


Bad data often lead to bad business decisions. Make a detailed review of your data on a regular basis. Know who is getting paid and what they are getting paid for. You need to be confident that the data underlying your financial statements is accurate and current. Don't wait until the end of the year to find out how things have been going for the previous twelve months. You may wish to hire a consultant to make a custom report of items that are of particular significance to your business operations. Most business software can provide alerts to warn you when certain indicators are not within an acceptable range. Be sure that your bank account is reconciled on a monthly basis.


If some of your customers have quietly slipped away, don't give up on them without a fight. There are some fairly simple things that you can do to try to wake up those dormant customers. First, find out why they have gone silent. There are online surveys and polls that can be specifically customized to fit your business. Ask them what you need to do better. Find out if you need to make some adjustments in the goods or services that you offer. Be prepared to react to their feedback and make adjustments where possible. Let your dormant customers know how you have responded to their feedback.

Second, you should be prepared to offer them special incentives to renew their business relationship with you. These incentives could take the form of discounts, cash, or personalized service. The incentives should involve offering your customers something that your competitors can not. It should be something unique to your business and valuable from the customer's viewpoint. Be prepared to use the new technology to get back your old customers. Use social network sites to connect with previous customers. As part of your original online survey, determine what sites your customers are using and bring them into play.

It is estimated that almost 450 million people use Facebook every day, and increasingly customers will be looking to such sites for business transactions. Use a browser app to reconnect with and maintain contact with customers. Social networking sites and browser apps can be a good way to convey the satisfaction of your current customers. If you do business online, e-mail can be an effective way of contacting and encouraging the return of former customers. Use the company website to seek out actively any customer problems and suggestions for improvement.

Many businesses become so concerned with attracting new customers that they often lose sight of the importance of trying to renew a business relationship with a former customer.


Business people worry regularly about the security of their computer operating systems. Security would be better served by worrying about the users of the system, rather than the system itself. Today's cyber criminals are more likely to target user behavior than a technical flaw in the operating system. It is simpler for the attacker to get users to compromise their own security by opening an e-mail attachment.

Two popular scams provide good examples of this. One involves an e-mail claiming to be from the IRS which directs the recipient to open the attachment and fill out a required form. Another claims to be from the BBB and tells the recipient to open the attachment to get information about a complaint that has been filed. In both cases, opening the attachment installs malware in the recipient's operating system.