4 Common Small Business Fraud Schemes and How to Protect Your Company

Fraud has the ability to hurt businesses in a big way. Small businesses are particularly vulnerable, making them more likely to be victims of business fraud than any other size company. Especially with the pandemic, fraud is on the rise and many businesses are being targeted.

In order to help you recognize and stop fraudulent activity before it escalates, we have detailed four common types of small business fraud, how to protect your company, and what to do if your business falls victim to fraud below.

Popular Small Business Fraud Schemes:

1. Phishing Scams:

Phishing emails will appear to be from a known sender to try and trick you into giving them your personal information. These emails can look like they are coming from a company you know or trust and are designed to capture data like bank information, passwords, or your organization’s security information.

2. Business Email Compromise:

Business Email Compromise (BEC) occurs when a fraudster poses as a business owner by taking a legitimate email address and altering it slightly by a letter or number, making it almost identical to the original. They then will request money be wired to an account for business purposes or ask for proprietary information to help access accounts and other important data from the company.

Red Flags of BEC and Email Phishing

• You receive an email from an Owner or Manager requesting to quickly process an invoice, change the recipient of a payment, or provide sensitive documents.

• The message is brief, urgent, and instructs to bypass normal policies and procedures.

• The signature indicates the email came from a mobile device.

• The sender says they’re traveling and can’t access a computer.

• The email comes from a personal account rather than an organizational account (e.g., Gmail, iCloud, Yahoo, AOL).

​​3. Text Message Scams:

With text message scams, a text message is received that indicates it’s from a legitimate agency such as the CDC, IRS, or SBA, asking you to click a link that will direct you to input your personal and business information in order to get updates on something timely such as COVID-19 cases, stimulus check status, or relief for your small business. The information that is input is then forwarded to the fraudsters.

4. SBA Loan Fraud:

Loan Fraud starts with a phone call or email offering loan services and relief to your business during this time of uncertainty. The fraudster will provide you with an application to fill out and will instruct that all business and owners’ or managers’ personal information are given.

What can fraudsters do with your organization’s information?

• Access financial information and deplete business accounts

• Access bank accounts and wire money to the fraudster

• Use Employer Identification Numbers (EINs) to open new loans or accounts in your organization’s name

• Steal or file false tax refunds

Tips for How to Protect Your Business from Fraud:

• Educate employees on scams. Scammers often target multiple people in an organization, so an alert about a scam that is shared from one employee to another can help prevent others from being deceived.

• Train employees not to provide any sensitive information by email, even if the email seems to come from a trusted source.

• Check all invoices closely. Do not process invoices unless they’re from a known vendor and you’re certain the invoiced items have been delivered.

• Ensure that systems require employees to change their passwords often on all of their accounts, use different passwords for programs, and keep passwords secure.

• Secure your organization’s financial information and all passwords.

• Be sure to know with whom you are conducting business. Research the new vendor and check if they’ve ever been reported for fraud.

• Confirm email requests via phone with the sender prior to transacting on any request done by email if an email is received from a financial institution informing you of any breaches or requesting any information, call the institution prior to providing information.

• Never click on any link or open any attachment within an email unless it’s from a known source.

• Review all bank accounts daily to ensure all transactions posting to the account are authorized and accurate.

If You Fall Victim to a Scam:

Outlined below are steps you can take if your business falls victim to one of the scams.

1. Notify your financial institution and close out compromised accounts if necessary
2. File a police report with your local police station
3. Check all your credit reports, notify creditors, and financial institutions as needed.
4. Notify all three Credit Bureaus, if necessary:
   •  Experian.com: 888-397-3742 TransUnion.com: 888-909-8872 Equifax.com: 800-685-1111
5. Change usernames and passwords on all accounts and emails that have been compromised
6. Ensure that your computer software is up-to-date, and that it will check your computer for viruses regularly
7. If you spot a scam, report it to FTC.gov/Complaint. Your report can help stop the scam
8. For more tips on protecting your organization from scams, visit FTC.gov/SmallBusiness.

How Needham Bank Can Help You Protect Your Business

• With our NB Business Online and Mobile Banking you can monitor your company’s activity in real time and set up customized account and transaction alerts so you receive notifications when things don’t seem quite right.

• One of the electronic services we offer is definable access levels by user and by account. This lets you as a business owner have control, while allowing you to give permissions to and restrict certain user’s access by user and by account.

• Our Positive Pay service is an easy way to have added security and prevent fraudulent activity on your account. Positive Pay matches pertinent information from each check against a list of checks authorized and issued by your company, preventing fraudulent checks from clearing your account.

• We also have ACH Positive Pay, which helps you manage ACH debits and credits posting to your account via filters and blocks. This fraud prevention tool allows you to determine which electronic payments have been previously authorized by you to clear and which items you have not listed for further review.

If you suspect you’ve become a victim of fraud, call 1-781-444-2100 or your local branch as soon as possible. For more helpful articles on fraud prevention, please visit our Financial Wellness Center.