If your business uses PayPal, you’re a tempting target for tech-savvy crooks. Here are five of the more common cyber scams (including PayPal phishing) facing your small business.

Common business scams
  • Confirm this transaction. One of your employees receives an email allegedly from PayPal. It claims that funds have been transferred to your business account and asks for confirmation. When the confirm button is clicked, the employee is directed to a fake PayPal phishing website. When the employee enters your business username and password, the crook gains access to your company’s PayPal account.
  • We didn’t get the package. A con artist makes a purchase from your business and transfers money to your PayPal account as payment. The address your business is given to deliver the purchase, however, is phony. When the items show up as undeliverable in PayPal’s database, the crook contacts the delivery company and directs the items to a new address. After receiving the goods, the scammer files a complaint with PayPal saying the shipment wasn’t received. Since PayPal’s seller protection covers only the shipping address logged into their system, your business loses both the items and the money paid into your business account.
  • Log on here. A fraudster sends fake emails and uses phony websites to deliver malicious software, including programs that monitor keystrokes when you log on to websites. When employees access online bank accounts, crooks steal IDs and passwords to make unauthorized withdrawals.
  • Pay my company. A fraudster slips a phony invoice into your regular monthly bills. Maybe you’re charged for advertising that never ran, office supplies you didn’t order or memberships to non-existent trade organizations. Once you’ve paid the invoice, the crook and his bogus company disappear.
  • We’re cutting off service. An employee receives a call from your internet provider. The caller claims a bill is overdue and unless payment is made immediately, service will be cut off. Since your company relies heavily on maintaining a business website for online ordering, your employee panics and agrees to pay the bill by company credit card over the phone.
How to protect your business
  • Exercise healthy skepticism. Train employees and managers to be wary of any email that asks for confidential information, even if it seems to come from a reputable vendor or internal source. Have your employee call the vendor or supplier directly (not through an email link) to verify if someone tried calling and collecting confidential information.
  • Work with your shipping company. If possible, block buyers from re-routing packages and validate buyer addresses before shipping.
  • Beware of fake documents. Use accounting software that lists vendor names and addresses to flag potentially fraudulent invoices. Periodically review supplier lists for out-of-date or questionable information and require proper supporting documentation before paying any bill.
  • Never pay under pressure. Internet providers and utility companies will send several written notices before shutting off service. If you’re concerned that a bill hasn’t been paid, use the phone number from a recent bill to contact the provider directly to confirm whether or not there is a balance due.

 

As always, we hope you find our tips and news for businesses valuable, and look forward to receiving your feedback. Companies focused on growth have sought the help of Insero & Co. for more than 40 years. During that time they have consistently experienced the peace of mind that comes from knowing their CPA firm takes the concept of integrity seriously. Should you have any questions, please contact us directly.

Share

About the Author: Michael Marafioti

Mike is a Partner in the Audit and Business Advisory Services Group who works with many middle-market companies where he provides entrepreneurs with real-time business advice ranging from operations to financing. Meet Mike >

Subscribe

Join our mailing list for insights and tools to help you achieve your goals delivered right to your inbox.