A metaphorical representation of internet scams

How to Avoid Internet Frauds and Scams: A Small Business Owner’s Comprehensive Guide

Scammers are getting more innovative and persistent in their attempts to take your hard-earned money and steal your confidential information. Unfortunately, small businesses are frequently targeted for internet frauds and scams because they present the perfect opportunity. On the one hand, small businesses have more money than individuals. On the other hand, they generally have less security to protect against cyber scams versus large corporations.

At Frontier Marketing, we’ve always been dedicated to helping small businesses grow and thrive. Part of that is educating owners on the dangers lurking online. Today, we’ll explain everything you need to know about internet frauds and scams, including identifying and protecting yourself against these malicious attempts.

What Are Internet Frauds and Scams?

Internet fraud is a cybercrime that involves deception using the web. Some types involve hiding information, portraying themselves dishonestly or trying to use malicious software and schemes. The goal is always to steal your confidential information to either enact identity theft or steal your small business’s hard-earned money and property. In rarer cases, the purpose may be to defame your company’s character and reputation.

What Can Happen If You Fall for Internet Scams?

Falling victim to internet frauds and scams comes with severe consequences – and it happens much more often than you think. A few of the potential risks of falling for one of these schemes include:

  • Small business identity theft: Someone steals your company’s information and pretends to be you, either to take out loans, access your financial accounts, or scam others using your name.
  • Business losses: You could have your financial accounts emptied or even lose your property in some serious instances.
  • Security breaches: Hackers can access your client’s or employee’s information, where they can then become the victims of identity theft and financial theft.
  • Breaking the law: In some specific cases, a scam can make you an unknowing party to a crime like money laundering.
  • Emotional turmoil: Falling victim to a scam can make you feel angry, depressed and anxious generally, while some cons will purposefully play with your emotions to cause distress.

The most important thing you can do to protect your small business is to learn how to identify potential internet cons and take all necessary steps to protect yourself. Below, we share extensive information on both these topics.

Email Scams

Many internet frauds and scams are delivered straight to your inbox, and this type of cyber-attack has steadily increased in recent years. Below, we cover the most common types of scams you should be watching your inbox for.

Phishing Scams

Phishing is one of the most widespread identity theft methods used by con artists online. The method involves using various email tactics to get you to volunteer your company’s confidential information, including financial details.

Often, this is done through “email spoofing,” which involves using an email address similar but not identical to a well-known company. For example, instead of support@Google.com, they may use support@G00gle.com or supp0rt@goggle.com.  If you’re not paying attention, this can look the same at a glance. Another tactic is sending you to a fake website, where they hope you’ll provide your payment details for a purchase – one you’ll never receive.

Examples of common spoofed email variations
These are a few examples of variations you might find in spoofed email addresses.

Tech Support Scams

You’ll most often be presented with tech support scams through email, but they can also appear through phone calls or pop-up advertisements on your desktop, phone or tablet. This scam works like this:

  • You’re contacted through one of the medians above and told that your computer is infected by someone posing to be with a reliable company (like Norton Antivirus)
  • The scam artist then asks for remote access to your digital device (usually your computer, but maybe a tablet), which requires you to download an app
  • Once the app has been downloaded, the scammer will either download a legitimate virus or somehow “show” you something that makes it appear like your computer is infected
  • You’ll be told the person can fix it for a fee, which can range between a couple of dollars and a couple of hundred dollars

In these scams, your computer never had anything wrong with it. No antivirus company will call you about a problem you didn’t call them about first. This is why you should never give anyone remote access to your digital devices.

Malware Emails

Malware is software designed to maliciously gain access to your digital devices or internet network. Once the software has access, cyber criminals can harm your small business by stealing your company’s financial accounts or damaging the system they’ve accessed. It’s also possible for malware to allow scammers to access your employees’ or clients’ sensitive information. This is why you should never download attachments or click links from email addresses you aren’t familiar with.

Business Email Compromise Scheme

A type of phishing that specifically targets businesses (usually small companies) by pretending to be a legitimate supplier, company executive or similar. These types of internet frauds and scams have the goal of getting you to transfer funds to a false account.

Payroll Diversion

A con artist sends a phishing email to your employees, posing as a legitimate payroll provider. Often, these look realistic because they use your company’s logo. If the employee clicks the link, they’ll be sent to a login screen designed to capture their actual payroll credentials. The stolen credentials allow the con to sign in and divert the employee’s paycheck into a different bank account.

It’s important to always verify changes to payroll information with your employees in a verifiable way, such as over the phone, in person or over video chat.

Social Media Scams

Social media is rife with potential scammers. Why? These channels can give the appearance of knowing someone (or something, like a brand) while still allowing anonymity. Below are a few examples of common internet frauds and scams that happen over social media channels like Facebook, X, Instagram, Pinterest and even LinkedIn.

A person using a phone with social media icons floating around it
Social media is an excellent marketing opportunity, but you need to be cautious during interactions.

Fake Profiles

People create fake profiles online, often posing as someone you know, like a friend, family member, coworker or neighbor. Sometimes, these fake profiles imitate celebrities. The goal is to either glean personal information from your private social media accounts so they can impersonate you, enact a romance scam (see below), or send harmful links.

Malicious Clickbait

Imposters create advertisements promoting fake websites or applications. When you click to download the app, your phone or computer could be infected with malicious software. Alternatively, you could end up at a fake website (discussed below) and lose money or have your personal information stolen.

Avoid clicking on social media advertisements that direct you to outside links. Instead, search for the company online first and only navigate through the search engine.

Friendship/Romance Scams

These scams often target individuals but can also target small businesses and their owners. Here, someone creates a fake profile on social media and builds a relationship with you or your business. Scammers usually try to develop friendships when targeting businesses, but they may also try to push things into an online relationship. Once the bond is established, they create fake sob stories and ask you to send them money.

Harmful Link Messages or Posts

This is the same as email phishing, except it occurs over social media messengers and posts. Someone sends you a link which, when clicked on, will attempt to take your personal information and financial details through various methods.

Other Internet Fraud and Scams

Besides your email inbox and social media accounts, you may run into online scammers in other places on the internet. For example, the common fraud types below can happen through internet searches, pop-up advertisements and even legitimate retailers.

Files labeled crimes, thefts, fraud and internet fraud
Internet fraud can happen anywhere online and result in the theft of your small business’ hard-earned money.

Disaster Relief Scams

As unfortunate as it is, scammers often take advantage of difficult situations to line their own pockets. A prime example is disaster relief scams, which involve hiding behind the guise of a real organization and asking for donations to a relief fund.  This fraud can occur through internet searches, fake websites, email, social media or even print. The only way to avoid them is to only give donations to established, legitimate and verifiable organizations.

Fake Charitable Solicitations

It’s the same principle as disaster relief scams. However, these types of internet frauds and scams hide behind a fake charity organization that’s usually named to very closely resemble a legitimate one. Instead of helping the so-called charity’s target demographic, your company’s donations will line a con artist’s pockets.

Unsafe Search Links

These links can appear in any search engine. They mimic an actual website but are insecure connections meant to steal your personal information. Good antivirus software should alert you to unsafe connections before you get there. If you receive this notice, use your browser’s back button or click out of the tab and don’t go to the website.

Fake Antivirus Software

This internet scheme is like the fake tech support one mentioned earlier. The difference is that this one uses websites and pop-up advertisements to peddle so-called “antivirus software.” The issue is that this doesn’t come from an authorized cybersecurity company; instead, it’s often a virus, malware or ransomware. The purpose is to gain access to your identity, your computer and your financial information.

NEVER download antivirus software that you’re unfamiliar with. ALWAYS go to a verified website or provider for your cybersecurity needs.

Fake Websites

Although you should always be cautious about what websites you visit, you must be especially careful when using your work computer. Fake shopping websites often pose as popular retailers, but they can also target small businesses by posing as counterfeit warehouses or suppliers.

They lure you into providing your payment details by offering unbelievable deals on top brands. Instead of receiving the items you purchased, you receive cheap knockoffs or nothing at all. To avoid this, remember that if it seems too good to be true, it probably is.

Formjacking

Formjacking is the same premise as fake websites, except someone hacked into the authentic retailer. Once they do, they redirect shoppers to a fraudulent payment page so they can steal your payment details. Before inputting your credit card details, always double-check the URL to ensure it’s the same one you were shopping at. If in doubt, don’t put your payment details in.

Business Identity Theft

We think of identity theft as something that happens to individuals, but it can also happen to your small business. Once someone has stolen your company’s sensitive information using another tactic listed here, they pose as your company to carry out fraudulent or illegal activities.

Fake Invoicing Requests

Scam artists create fake invoicing requests and send them to you through email or PayPal. These are for products or services you never ordered or received and often come from strange email addresses. The hope is that whoever processes your invoices will assume they’re real and pay them without thinking twice.

Bonus: Phone and Physical Mail Scams

At Frontier Marketing, we focus primarily on the digital landscape. However, we did extra research to create a comprehensive list of potential schemes that could target the small business owners we love serving. So, as a bonus, we’ve included cons that can happen over your phone or through physical mail.

A credit card is positioned next to a cell phone where someone has put in their card details
Never provide your credit card details over text messages or to unsolicited callers.

Pre-Approval Notices

This con usually occurs via physical mail (but it’s not unheard of for it to happen through email). You’ll receive a pre-approval notice for a credit card or bank loan for your small business. If your company is struggling, it’s easy to fall victim to this scam.

But the catch is that these pre-approval notices always include a small fee you must pay before receiving your card or loan. This isn’t how it usually works, and you should never give money to a financial institution asking for upfront money.

Of course, this is different from being charged annual fees. Annual fees are often taken straight from your credit card balance after being approved.

Debt Relief Notices

The Federal Trade Commission (FTC) states that this scam is run by operations who target individuals or small businesses who are struggling financially. The companies claim they’ll help by settling or consolidating debts, but they state they require a hefty upfront fee before doing any work. If you fall victim to these false debt relief notices, they won’t follow through on their promises, and you’ll be even more in debt.

Fake Checks

If your small company sells products online, you may be targeted by the fake check con. Someone purchases a product and overpays using a check (which ends up being forged). You’ll then be confronted about the overpayment, at which point you’re conned into sending the difference back through bank wire.

But, since the check was a forgery, your company loses the difference instead of gaining anything. This can be even worse if you’ve already mailed the purchases since you’ll also be out those costs. This is why you shouldn’t accept checks as a form of payment; instead, you should opt for secure forms of e-payment.

Smishing/Vishing

It has the same goal as phishing (see above) but uses text messages or voice mail. In smishing, you receive a fraudulent text message claiming to be from a reputable company to obtain your details and financial information. In vishing, the con artist calls or leaves a voicemail claiming to be someone they’re not.

Promotion Abuse

Some scams will try to take advantage of your generosity by abusing promotions. They can do this in three primary ways:

  • A bad actor will use single-use discounts or promotional codes multiple times.
  • Someone does the above and abuses your return policy, hoping to “get paid” for your
  • A single person sets up multiple accounts under fake (or stolen) names to take advantage of free deals or discounts multiple times.

It’s hard to avoid promotional abuse scams in person or through your e-commerce store. Tracking discounts or coupons through means other than a person’s name (such as by phone number, email and delivery address) can help.

Voiceprint Scams

Technological advances have enabled scammers to capture your voice through a phone recording. Then, they use this to create a “deepfake” vocalization for impersonating you at financial institutions. For small business owners, the ability for con artists to access your financial accounts can be devastating.

The only solution? Hang up if you hear something suspicious on the other line and don’t answer phone numbers you don’t know on your personal phone.

Directory Scams

You receive a phone call from someone claiming to be from a business directory company. They want you to confirm your company’s details, including name, address, fax number and even the owner’s full name. Small businesses and non-profit organizations are the typical targets for these types of internet frauds and scams.

Shortly after the phone call, you’ll receive an invoice to pay for the cost of the alleged listing – but the directory company doesn’t exist, and the business owner never receives anything of value.

Government Imposters

Someone calls you pretending to be from a legitimate government agency, like the Small Business Administration (SBA), Federal Bureau of Investigation (FBI) or a similar entity. They tell you you’re in trouble and something bad will happen if you don’t handle it. For example, you’ll lose your business license if you don’t pay a fee or be prosecuted for not paying fines you’ve never heard of.

Government agencies will not call you for these reasons! These entities will first contact you by mail using an official letterhead and a verifiable mailing address.

Keeping Your Small Business Safe from Online Scammers

You know what internet frauds and scams might target your small business, but how do you stay safe? Follow the best practices below and ensure all your staff with access to a computer is trained to follow them. Many experts recommend that cyber safety be part of your onboarding process if you regularly work with devices connected to the internet.

Image: fraud-prevention

  • Title: Fraud Prevention
  • Alt Text: Metaphorical depiction of the digital landscape
  • Caption: Follow these Frontier Marketing tips to protect your company from fraud when navigating the digital landscape.

Email Best Practices

  • Don’t click links in emails, especially if they’re unsolicited.
  • Look at email addresses discerningly and check for misspellings, numbers being used instead of letters, grammatical errors or supposed typos.
  • Never download any attachments unless they come from a real, verifiable sender and you were expecting them.
  • Use your email provider’s spam filters to catch some of the more obvious con attempts.

Social Media Best Practices

  • Don’t accept friend requests from people you don’t know on your personal accounts.
  • Don’t click on links sent through messenger, especially if they’re unsolicited and especially not on your work computer.
  • Avoid clicking on advertisements on social media channels that promote sales that seem “too good to be true.”

Phone Best Practices

  • Don’t click on links sent to you through text messaging, especially if they’re unsolicited.
  • If you receive a phone call on your work number from someone who seems off or suspicious, hang up and don’t engage.
  • Don’t answer phone calls from people you don’t know on your personal phone.
  • If someone calls claiming to be tech support unsolicited, hang up. Actual tech companies won’t call you out of the blue.

General Internet Best Practices

  • Never give any information to people you don’t know (including your name, as the business owner, or your company’s name – they should already know that answer).
  • Keep all your digitally connected devices secure with passwords and legitimate antivirus software.
  • NEVER allow anyone remote access to your computer or tablet.
  • Choose passwords that are challenging to guess and, ideally, include a combination of uppercase letters, lowercase letters, numbers and signs.
  • Update and change your passwords regularly – especially if there has been a recent security breach.
  • Remember: if it seems too good to be true, it probably is.
  • Don’t click pop-ups claiming your computer has been infected with a virus.
  • If you receive a pop-up that resembles your actual cybersecurity program, but it wants you to call a phone number or click a link, don’t. Genuine security pop-ups will never do this.
  • Train all your employees to watch for these signs and protect themselves against internet frauds and scams.
  • Have clear procedures for invoicing, approving payments and collecting payments.
  • Research every company you may potentially work with before providing any information.

Physical Mail Best Practices

  • Don’t call phone numbers or visit websites on suspicious flyers.
  • Don’t install software or download applications sent to you through physical mail.
  • If you receive mail at your company from a person you don’t know, the safest option is to ignore it and throw it in the trash.

What Should You Do If You Believe You’ve Been the Victim of a Web Scammer?

Sometimes, despite our best efforts, we can still fall victim to one of several internet frauds and scams. Don’t feel down on yourself! Cyber scammers continue to get more sophisticated and believable as time passes. Forgive yourself, and then move quickly forward with an immediate action plan.

Your action plan should follow these steps:

  • Stop contact with the scammer.
  • Report any potentially compromised bank accounts or credit cards to your financial institution immediately. The transactions may be reversed or canceled.
  • Notify the three major credit bureaus (Equifax, Experian and TransUnion). Ask them to place a free security freeze on your personal credit report and that of your small business, as appropriate.
  • Check your computer by running your antivirus software to see if any malicious malware or keylogging software is present. Now is also an excellent time to verify that your antivirus is up to date.
  • Change all your account passwords and make sure they’re strong options that are hard to guess.
  • Report the scam to the appropriate agencies.

You can report internet frauds and scams in several places, depending on the type. For all fraudulent activity, be sure to alert local law enforcement. While they may not be able to do much about the crime, they can create a report and ensure you have a paper trail should you need to recover lost monies or property. The FTC, Better Business Bureau (BBB) and identitytheft.gov are other reporting options.

Learn More About How to Keep Your Business Safe

Anyone can be the victim of internet frauds and scams, especially since there’s been a rise in these crimes in each recent year. Unfortunately, small business owners are often targeted. But you’re on the right path by knowing what to look for and the steps you can take to keep yourself and your business safe.

At Frontier Marketing, we want to help your small business grow, thrive and succeed. For more information about keeping your business safe or helping it grow, subscribe to our newsletter. You’ll receive the latest breaking news and information straight to your inbox!