Data security and fraud prevention are two of the biggest challenges facing small business owners today.
When scammers gain access to sensitive personal information such as customer data, log-in credentials, and account information, the results can be disastrous.
Scammers can steal your credit card information, PIN numbers and security codes to make unlawful transactions. A data breach at your small business might also lead to social security number theft, identity theft, tax ID theft, data mining and even loss of control over your accounts.
While some might think large companies are the only ones at risk for a data breach, small businesses are often affected as well. In fact, according to the Association of Certified Fraud Examiners, small businesses lose almost twice as much money per year compared to larger companies.
Data protection is a complicated responsibility for small business owners, who often have limited resources to implement fraud prevention controls. However, you don’t always need complicated analytics to understand fraud risk factors and to take steps, like fraud detection, to protect your business.
In this article, we will share tips on how you might identify a threat, recognize potentially fraudulent activity, protect yourself from a tech support scam, and tips to help protect your business from an internal fraudster.
We have also included Intuit’s Tips to help keep your information safe while using our products and services.
Tips on how to identify and protect yourself from tech support scams
Fraud detection is the first step in preventing scams, but not all scams look the same and not all scammers take the same approach.
Tech support scams are on the rise and pose a serious threat to small businesses. These bad actors will engage with their victims through different means, including sponsored ads, email, cold-calling, and pop-ups.
Tech support scammers often impersonate trusted companies that you already interact with to gain access to your systems and sensitive data. These scammers may ask you to download and initiate a remote access service like LogMeIn, TeamViewer, or GoToMyPC.
While remote management tools help authorized providers resolve issues, unauthorized third parties impersonating real companies also use these tools to gain access to their victims’ computers.
These scammers can gain access to your data and files and possibly download malicious software known as malware (computer viruses, worms, Trojan horses, or spyware) to your computer while they have remote access.
Typically, fraudsters make these requests under the guise that your software is “corrupted.” They may tell you that a problem, virus, or malfunction has been detected, or that your software requires an update, and they want to help you resolve the issue.
Many of these tech scams are aimed at obtaining your sensitive, personal information, including your account and payment information.
Here are some actions to take in the event you have encountered a tech support scammer:
- In the event that you have mistakenly given the scammer remote access to your computer, you should disconnect your computer from the internet immediately to stop their access.
- If you paid a scammer or gave your credit card information to a scammer, you should immediately contact your financial institution and ask that they stop or reverse the charges, and cancel the credit card.
- If the scammer had you install an application of any kind, uninstall it right away and call a trusted IT company. You should make sure your antivirus software is up to date and run a system scan, deleting any program identified by trusted security software.
- Once installed, malware may be able to affect other devices on your network. Make sure your security software is current on all networked devices and scan those devices as soon as you realize you have encountered a bad actor online.
- If you have given access to any device or account to a fraudster you should change your passwords. Keep in mind that trusted companies will never contact you unexpectedly requesting your password.
Common tactics used by scammers & ways to protect yourself:
Fraud risk: Sponsored ads or links.
Scammers often list advertisements for their “Support Services” on search engines like Google and Bing. These links often appear identical to those of trusted vendors, and may even be accompanied by a phone number.
Reduce your risk:
Only work with companies you know and trust. Be sure to verify all unsolicited contact with support services.
Fraud risk: Phone calls.
Scammers will make unsolicited calls claiming to be a trusted company requesting access to your computer, your personal information, or online services. Fraudsters tend to request remote access to run “tests” or “virus scans” and claim that your systems or accounts require unnecessary updates, upgrades, or repairs.
Reduce your risk:
The first step is easy: question who you are speaking with or, simply hang up. Then call a trusted number for the appropriate company.
Fraud risk: Unfamiliar emails
Scammers send emails and invoices using the brands of trusted companies to try and trick recipients into paying illegitimate invoices, share personal information, or to download attachments with malware in order to gain unauthorized access to data sources.
Reduce your risk:
Look at the sender’s email address, is it one that you recognize? Check the domain, does it direct you to a site that you are familiar with? Look for obvious signs of fraud such as poor spelling or bad grammar. If there is a phone number, do an internet search to see if it is a legitimate number.
Fraud risk: Pop-up windows:
Pop-up windows and messages that look like an error message on your screen may actually contain a virus or direct you to call a fraudster. These pop-up messages warn you of a fake security issue and usually provide a phone number for you to contact. They try to fool you by claiming to be a trusted company or use logos you might recognize.
Reduce your risk:
Examine the message closely. Similar to email fraud, look for poor spelling or bad grammar. Do an internet search for the phone number to see if it is legitimate. Don’t follow the instructions. If you suspect your computer has been compromised use another device to contact trusted support services.
Here are some tips to determine if you came in contact with a scammer.
- Did you have a weird feeling about the call? If so, call the trusted company and ask if they have a record of speaking with you.
- Look at your financial or payment records to check the merchant name, and whether it is the same company you believe you have spoken with.
- Search the contact information on the internet to see if it legitimately belongs to the company you believe you spoke with.
For more guidance on how to defend your small business from tech support scams check out these resources:
Tips to help protect your business from an Internal Fraudster
As a small business owner, you can put some fraud prevention controls in place to help prevent and mitigate the effects of fraudulent activity.
Here are some ways to combat internal fraud in the workplace.
1. Know your employees.
You place a lot of trust in your employees, therefore, it is helpful to take time to get to know them. Before hiring, you may consider background checks for all employees, especially for those that have access to money or payments accounts.
2. Verify invoices and payments.
Establish clear procedures for approving invoices and expenditures and consider who should be authorized to place orders and make payments. When you receive an invoice, make sure you ordered and received the items.
3. Know your vendors.
When working with new vendors properly research each new company and continue to monitor their processes and behavior. Ask for referrals and make time to check them. Do a quick online search listing the company’s name along with “scam” or “fraud.” Search social media to see what other people are saying about them.
4. Dividing accounting duties.
Split up the duties of sending invoices, collecting payments, making deposits and recording transactions, so no one individual has total control over your business’ finances.
5. Train your employees to identify and prevent fraud.
It’s critical to teach your employees how to identify and prevent fraud and how to report suspicious behavior. Your employees are often your first line of defense against fraud, which provides a great opportunity to catch fraud in real-time. Hold a staff meeting and go over the tips included in this article.
6. Give whistleblowers various ways to report fraud.
Whistleblowers, individuals who learn of suspicious activity and report it, can be employees, customers, or vendors.
Almost half of whistleblowers use hotlines to report suspicious activity. However, having multiple methods for a person to report fraudulent activity increases the likelihood of potential fraud being uncovered. These can include:
- Web-based forms
- Mailed letters or forms
7. Stay Vigilant.
Stay aware of potential scams and be proactive in detecting and preventing fraud. By watching for red flags and knowing how to respond in the event of a scam or data breach, you can help prevent your dream of owning a successful small business from turning into a nightmare.
Intuit’s Tips: How to avoid a scam
At Intuit, we value your data security and want to help keep your sensitive information protected. With cybersecurity threats on the rise, we have put together these tips for Intuit customers.
Bad actors may attempt to lure victims by:
- Displaying unauthorized sponsored ads claiming to be “QUICKBOOKS SUPPORT.”
- Sending unauthorized emails and invoices impersonating QuickBooks, requesting payment of a non-existent invoice.
- Cold-calling small businesses falsely claiming to be “QuickBooks” or “Intuit” and claiming that the small business requires an unnecessary update or they need to pay an overdue invoice.
How to reach QuickBooks Official Support
If you need assistance with your QuickBooks Online software, access help through your product and avoid using search engines like Google or Bing to search for support phone numbers. Here is a link to your in-product support: https://intuit.me/QBOHelp.
If you need assistance with your QuickBooks Desktop software, access help through your product by going to the help menu and selecting “Contact Us.”
You may also go to our help page for more information: QuickBooks Official Contact Us Page.
Here are steps to help protect yourself from fraudulent emails:
Always be suspicious of an email that asks for personal information, requires you to download anything, requests your authentication information to access your online account, or asks for payment when you have already paid for your service or subscription.
What to review in a suspicious email:
- Check the “From” address to see if it has a legitimate Intuit email address.
- Check the email domain (what appears after the @) and see if it is a real Intuit website.
- If there is a phone number, search the phone number on the internet to see if it really is associated with Intuit. If suspicious sites appear in the search results, delete the email.
- Mouse over (DO NOT CLICK) on any links within the body of the email to review for suspicious links. If the link is not associated with Intuit or a trusted Intuit partner, do not click any links.
- Do not download any tools.
You will find more information about protecting yourself from phishing schemes on the FTC Web site athttp://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm.
Here are steps to help protect yourself from fraudulent phone calls:
Always be suspicious of phone calls if you don’t know the phone number on the caller-id. Be suspicious if a caller immediately asks for sensitive personal information or claims you owe money for something for which you have already paid.
If a caller phones you and claims to be from Intuit or QuickBooks, question whether you were expecting a call from QuickBooks. You may also choose to hang up and call an Intuit phone number you can find on an Intuit website and request to be transferred to the caller or department. Our help page is located here: QuickBooks Official Contact Us Page
Be wary if a caller states they are contacting you about a promotion or upgrade to your Intuit account. Scammers may entice you to give them your account information by suggesting you have won or earned something unexpectedly, or that they have “detected” an issue with your subscription.
Push back on callers who talk fast in order to get you to agree to new charges or payment method. High-pressure tactics, like fast talking and quick closing, are often used to force you into a bad decision.
You can find more information about phone scams here: https://www.consumer.ftc.gov/articles/0076-phone-scams#Signs
Tips on what to do if you came in contact with a scammer impersonating Intuit:
- Report the encounter to Intuit at email@example.com.
- If you paid the scammer, call your credit card or bank, and reverse the charges as quickly as possible. You may also want to cancel the credit card or change your account number.
- If you or the scammer downloaded anything on your computer, including a remote access tool, be sure to uninstall and delete them.
Some downloads may contain malware, which will require you to take stronger measures to disinfect your system. You may want to seek help from a consultant or a systems repair firm.
- Scan your system using an anti-virus program from a respected security vendor, such as Trend Micro, McAfee, Symantec or Microsoft, to remove any viruses that may infect your computer. Several of these vendors also offer free online security tools.
- Change your password(s), particularly those involving financial information, your QuickBooks login credentials, bank account logins, credit cards, and even your email accounts.
Review your QuickBooks Account:
- Make sure all contacts/users on your QuickBooks account are up to date, including accountant users.
- Confirm the Master Administrator on the account is accurate.
- Confirm all your billing information is correct
- Be mindful of any unusual activity on your computer, bank and credit card accounts.
We also recommend that you report any suspicious activity to the appropriate government agency in your country:
- In the United States, use the FTC Complaint Assistant form or the FBI’s Internet Crime Complaint Center
- In Canada, the Canadian Anti-Fraud Centre can provide support
- In the United Kingdom, you can report fraud as well as unsolicited calls
In Australia, you can use the ScamWatch website to report a scam