Are you staying updated with the latest business scams that could affect your company? This article is your opportunity to catch up! Our staff have observed different types of business scams that are going around and while most of them are poorly put together, others can seem very realistic. In 2023, Australians lost $2.74 billion dollars to scams. This number will continue to rise as scammers come up with more ways to steal money and trick unaware individuals into believing their schemes to be genuine. One of the best ways to prevent losses against business scams is to raise awareness and warn employees about potential criminal activity. 

Protecting your company from business scams

Business scams will always be a threat and for most entities, the risk will be high. Scammers are not always after money right away. They may first look to steal data that will enable them to run more elaborate crimes or give them access to security systems that will allow them to get funds later on. Here are a few business scams that could target your company:

  • Deepfake business scams
  • Hotel scams
  • Impersonation
  • Charity scams
  • False billing 
  • Vanity awards scams
  • Fake QR codes
  • Domain name 
  • Remote access scams

Deepfake business scams

Deepfake scams are very sophisticated. Scammers use AI to create believable copies of a politician, colleague or executive. They then approach employees within the company and ask them to send over money as part of a deal, request passwords or customer and contract data. 

Who is the main target of these scams? It can be anyone. Ferrari recently had a close call when a scammer contacted an executive and pretended to be the CEO. As long as the scammers have a sample of someone’s voice or face, they can recreate anyone. If employees are approached by a colleague and the situation seems suspicious or unusual, they should seek external verification that the person on the other end is genuine. For example, the Ferrari executive asked the criminal a question only the CEO would know the answer to. 

Hotel scams

One of the latest business scams has been targeting companies that are attending conferences. Scammers obtain a list that has the contact details of the employees or the employer, and they offer them a really good deal if they book accommodations through them. The scam can seem real as they will pretend to check the organisation’s details and they will even mention nearby hotels. The caller will seem professional and try to convince the victim that they are acting in their best interest. 

Once the scammer finds the ‘best deal’, they will send an email to the employee so they can fill out their card details, phone number and other personal details. In some cases, the hotel booking may be genuine. In others, it may not be. In both cases, however, the criminals will be able to take money from the person’s credit card. Even if they do make the booking, the person will be asked to pay again at the hotel. 

The only way employees should be making conference bookings should be directly through a website that they trust. Even if they receive amazing-sounding deals through email, it is recommended that they type the URL directly. 

Impersonation

Impersonation business scams can catch people off guard as the scammer will use a realistic-looking email address to contact other employees within the company. They might ask them to pay an invoice, send them certain files or give them login credentials. The scam may become more believable if the criminal finds the victim’s personal email. People fall easily for impersonation emails because::

  • They know their place of work
  • Know their name and personal email address
  • Know the name and surname of their manager

If your usual way of communicating is not through personal email, this should raise a red flag for employees. Secondly, if the person is presenting an invoice for something that was not discussed or a deal the employee has never heard of before, that should be another sign that the exchange is suspicious. Always check the email address of the person you are talking to and see if it leads back to their original profile. 

Charity scams

Among business scams, this may be the most unethical. Scammers may reach out to unsuspecting employees and pretend to represent a well-known charity. They may call them or send them an email and encourage them to start a fundraiser or make a payment through a website they have provided them with. Of course, the person on the other end is not representing a real charity. 

Regardless of the link they were provided with, staff should visit the website directly and check whether the person they spoke with is who they say they are. 

False billing

False billing business scams involve a scammer hacking an employee’s email and intercepting the purchase of goods and services. The scammer will see that the employee has been assigned with the payment of goods and services and send a new email with fake payment details. Alternatively, if they do not have access to the employee’s email, they will pretend to be a company that the business works with and buys goods or services from. They will claim that they are billing for an order that was never made. 

If you do not already, make sure that there is a process in place to approve purchases from other companies. Ensure that the order is genuine and check who was the employee who made it if there is uncertainty. 

Vanity awards scams

If you receive an email about an award that you have won or could potentially win and the email is asking for a fee to receive it, be cautious. Scammers create awards out of thin air and may send photos of what the award looks like to convince the business to fall for it. They might add an employee’s name to it and give a valid reason as to why they were selected for the award. In reality, the award does not exist, and scammers are looking for quick money. 

If an employee receives an email that claims they won an award, encourage them to research the business and the award and see whether it is genuine or not. If there is an image, ask them to do a reverse image search to find out whether similar pictures have been used in other business scams. Criminals tend to re-use the same scripts and schemes for multiple victims. Warn them against clicking on links or making any payments until they have looked into the claim. 

Fake QR codes

QR codes are everywhere now and criminals have used this opportunity to add another threat to the never-ending list of business scams. This is pretty simple but pretty easy to miss. The scammer uses a real business ad or payment notice that contains a QR code. They then stick a fake QR code on top of the real one which takes them to a fake website. The victims will then enter their card details on the fake website and their card has now been compromised. Parking companies are usually the biggest target for this scam as they may offer QR codes as a way of making a payment. 

Before accessing a QR code, ensure that it is not a sticker. If it looks suspicious, try to find a different way to access the website or contact the company directly. 

Domain name

There are quite a few versions of the domain name scam. A criminal may approach an employee and claim that someone wants to buy the business domain for a really good price. If the employee falls for it, the scammer will then ask them to sign up on a website and pay a fee for the appraisal. 

Another version sees the scammer ask for a fee for domain renewal. The organisation will get a fake invoice that may even have the wrong domain listed on it. The sender will make the email seem urgent by setting a tight deadline before the domain is given to someone else. 

For domain renewals, employees should always log into the domain company that they use and go from there. If a domain company sends a renewal warning, they will usually give clients a lot of time to respond. This scam can also happen with website hosting businesses. 

Remote access

Business scams like this one target unsuspecting employees who may have been contacted via text, email or call about a computer or internet problem. The person on the other end will ask for remote access to solve the problem and may ask the employee to buy some type of software, such as an anti-virus. By giving the scammer access to the device, they will be able to see all of the employee’s movements, even days after the employee lets them in. This can leak confidential documents and payment details. 

Ensure that your employees contact your IT team before trusting an external provider to fix their ‘problem’. If the business does not have an IT team, it is still recommended that they are trained to speak to another colleague before they believe the caller. 

The constant battle against business scams

Regardless of what you are selling or where you are operating, your staff will face multiple business scams. To minimise losses, make sure you are always staying updated on the latest business scams and looking for ways to train employees further. 

If you are looking to add an extra layer of protection, at Polonious we help multiple organisations all over the world deal with scams by implementing a robust investigation process for your IT, audit, or investigation teams to follow. We speed up the investigation process so more funds and information can be recovered and we have workflows for audits to detect areas that are more vulnerable to scams than others. Our risk matrix can indicate the severity of the situation and can help the business prioritise each risk, and we can automatically log action items to an action register to manage risk mitigation. 

If you are looking to minimise risks further and ensure there is tight process control in place, check us out!