How to protect your small business from fraud

Bogus invoices

There are various types of invoice fraud, but the most common one is a bogus invoice from your supposed supplier. A scammer can create a fake invoice that looks like one from your supplier, but is actually routed to a different bank account.

A common practice is to use an email address that is one character off from your supplier’s actual email address so the difference is nearly impossible to spot.

Tech support scams

Tech support scammers use scare tactics to trick you into paying for unnecessary technical support services. They contact businesses pretending to be computer technicians from well-established companies like Microsoft or Apple. They often ask for remote access to your computer and pretend to run diagnostic tests that reveal a (fake) problem. The goal of the scam is to get their hands on money, access to a computer network, and/or confidential information.

Phishing

Phishing emails are one of the most common types of attacks. They appear to come from established accounts and are intended to trick people into sending money or identifying information. This includes social security numbers, bank details, passwords, and any other data that makes identity theft possible. Once opened, phishing emails can expose your business data to malware.

Fake check scam

The telltale sign of a fake check scam is when a scammer posing as a customer overpays via a fake check for a product or service. The scammer will ask you to wire the extra money to a third party. They then collect the profit from the overpayment and immediately cancel the check, leaving you with an outstanding balance.

Payroll division

This is a type of fraud where the scammer preys on employees. They will send an email posing as a payroll site, prompting employees to log in with their payroll credentials. The scammer will then use their credentials to access the actual payroll site, updating the banking information to their own. This means that any and all payment going to the employee is sent straight to their bank account.

Office supply scam

Scammers can pose as your routine supplier. They might email your business to remind you that it’s time to place your regular order of office supplies. They might also send you actual office supplies, hoping that you pay the attached invoice without noticing that nobody placed this order. According to the Federal Trade Commission, office supply scams alone cost American businesses an estimated 200 million dollars every year.

Business owner level

Educate your employees: Your employees should be involved in fraud prevention. You can host regular training sessions and teach them what to look out for and about various prevention techniques. It’s also important to make sure that they are up to date with your company’s security and conduct policies. This will help prevent important details from falling into the wrong hands and ensure it’s clear what “fraud” and “theft” consist of in the eyes of your business. 

Protect your bank accounts: If you don’t already have separate bank accounts and credit cards for your business and your personal life, there’s never been a better time to make this happen. One of the biggest advantages to having multiple accounts is that if hackers get their hands on one account, they won’t automatically have access to the other(s). 

Review financial documents regularly: It’s wise to keep close tabs on financial documents such as your bank and credit card statements, paycheck amounts, and balance sheets. Regularly reviewing your financials will help you catch fraud early. It’s also a good idea to handle bills online so you don’t have paper bills with confidential details lying around the office. 

Get insurance: A good way to protect your business from internal fraud-related losses is by getting insurance. “Fidelity insurance” (not to be confused with the insurance provider Fidelity Insurance) protects your business against criminal acts committed by employees including forgery, credit card fraud, and embezzlement.

Periodically review who has access to your accounts: Some online services allow you to use more than one login to access your account information and perform various actions. Your bookkeeper, for example, may have access to your Melio account through their own username and password. This is a great way to delegate work without sharing your password but it’s important to occasionally review the list of people who have access. Double-check to make sure you know who everyone on the list is and that each person only has the permissions and access necessary for them to do their jobs. 

Know who you’re doing business with: At the end of the day, the best way to ensure you do business with the right people is by asking for recommendations from trusted businesses that you are well acquainted with. However, if you do end up working with businesses that you found online, be sure to search the company name alongside the word “scam” before conducting business. Read what people are saying and keep your eye out for anything that seems off.

Company level

Change passwords regularly: Unlike a bottle of wine, a good password does not age well. The longer you use a password, the bigger your exposure—particularly if other team members also use it to log on. Make a habit of resetting all your passwords at least once to twice a year so you have better control over who has account access. 

Verify invoices: It’s important to never send payment before you know exactly what the bill is for and before you’ve verified that you in fact received those products or services. It’s also a good idea to limit the number of employees who are authorized to place orders or pay invoices so you lower your chances of falling victim to a scam. 

Turn on email and SMS notifications: Many online services offer the option to receive email or text notifications for every action performed in your account. Opting in is one of the easiest ways to make sure you know exactly what’s going on in real time. 

Stay skeptical: Remember that email addresses, websites, and phone numbers that look legit are easy to fake. Don’t open attachments and links or download files from unknown emails. Don’t automatically believe your caller ID. The bottom line? Think before you open any email, click any link, or answer any call. 

Implement a new AP workflow: It’s wise to implement an APAPAP (accounts payable) is an accounting term that refers to the outstanding bills or invoices for goods and services already provided to your business but that you haven’t yet paid for. workflow that supports information security. An automated workflow supports cybersecurity protocols in the payments process. This reduces the likelihood that any of the accounts payable fraud issues you’ve read about in this report will affect your firm or clients. 

Implementing an automated payments solution such as Melio should be a business-wide effort and should take into consideration other financial processes.