A recent report shows the risk of monetary loss for small businesses due to fraud is growing — and a group of partners is acting to arrest that trend.
The Better Business Bureau (BBB), the Federal Trade Commission (FTC) and law enforcement recently launched Operation Main Street: Stopping Small Business Scams.
The initiative targets operations seeking to defraud small businesses and conducts educational outreach to help small businesses protect themselves from scams.
On July 17, the BBB Serving Western Michigan held a joint press conference and panel discussion on the initiative. It included Jon Kessler, FTC attorney and co-organizer of Operation Main Street; Phil Catlett, president and CEO of BBB Serving Western Michigan; and Jennifer Puplava, an intellectual property and technology attorney at Grand Rapids law firm Mika Meyers.
Catlett discussed the results of the BBB’s Small Business Scams Survey of 1,200 small businesses in the U.S. conducted in March. It offers data backing for the Operation Main Street initiative.
The survey — combined with reports filed through the BBB’s online tool Scam Tracker — showed the median dollar loss from scams that target small businesses is higher than the median dollar loss for consumers.
Survey data showed about 6 percent of small businesses lose money to scams every year, representing a median loss of $800 per year for affected businesses and $4,373 on average per business each year.
The total loss is estimated at more than $7 billion per year, not including other costs such as time, impact on reputation and loss of consumer trust.
Kessler said for small businesses — which create about two out of every three new jobs in the U.S. each year and employ 30 million people — “losing even a few hundred dollars to a scammer can cause the business to operate in the red or be unable to make payments.”
“Operation Main Street combines the enforcement powers of the FTC, eight states and two U.S. attorneys who, combined, have brought 24 enforcement actions against scammers preying on small businesses,” he said. “We estimate the injury to businesses from these scams exceeded $292 million.
“These attorneys general, along with attorneys general in other states and the BBB, are also working to raise awareness of scams targeting small businesses.”
Catlett said the BBB survey results indicate scammers, while diversifying their methods, still rely largely on traditional ways to steal data or money.
“We asked (respondents), ‘When your business lost money to a scam, how were you contacted?’ And I was blown away by this: 72 percent of those who lost money were contacted by old-fashioned methods: phone and mail. By website was 15 percent, text was 11 and only 26 percent were contacted by newer technology,” he said.
Kessler said the best way to avoid the mail traps is to have a designated person within the company approve all ingoing and outgoing checks and match every invoice with a corresponding purchase order.
He noted many fraudulent telemarketing businesses will keep calling to try to wear an employee down or will call using threats of financial penalty, loss of license or the shutoff of an essential service to extort money from businesses on a tight timeline.
Warning bells should go off to an employee in such cases and they should alert their supervisor, who in turn should file a fraud report to the FTC.
With repeat calls, he said, just hang up.
“When someone is trying to scam you, you have no obligation to engage in a conversation, and as long as they think they can get something from you, they will continue to try,” he said.
Puplava counsels area, regional and national businesses on avoiding technical and privacy breaches. Training management on what to look for is not enough, she said.
“My advice to clients is generally to sit down and take an inventory of how your business works, what information comes in, what information goes out, what sensitive information you have and where your vulnerabilities may lie,” she said.
Many of the security breaches happen through phishing scams or malware triggered by an employee clicking on what looks to be a legitimate attachment or link. The email looks to be coming from a sender within the company, but the scammer is using technology to impersonate that email address.
“I’ve told clients in the past that they need to educate their employees to use common sense when going about their business on the internet and by using email,” Puplava said.
“I changed that message recently to tell people that they need to make efforts beyond just using common sense. They need to use critical thinking and actually look carefully at everything they receive before clicking on anything or even before opening an email to see whether it could be something suspicious or an attack upon their business.”
Despite the fact the majority of scams use old methods, the riskiest scams are digital, according to the BBB research.
Fraud by bank card or credit card imposters is No. 1 in terms of the size of loss, fake directory listings and advertising is No. 2, fake invoices and supplier bills is No. 3, fake checks is No. 4 and fake tech support is No. 5.
Catlett cited several local examples of small business fraud.
A local church spent $4,000 for a bus trip and Detroit Tigers baseball tickets via a fraudulent website called ReserveASeat. Numerous businesses and individuals have now reported being scammed by ReserveASeat.
An entertainment business was spear-phished when the bookkeeper received a fake email from the business owner requesting copies of employee W-2s, and the employee complied. The business then had to provide credit protection for all employees, and the employees now have to watch their credit reports to check for identity theft.
A charity was spear-phished when an employee received a fake email from the executive director asking her to purchase several gift cards. She did and mentioned it to the director the next day, who didn’t know what she was talking about.
The BBB also receives weekly reports about fake checks written against businesses’ accounts, which leads to a long ordeal with the banks to straighten it out.
Kessler, Catlett and Puplava said Operation Main Street is raising awareness of these types of scenarios as the first step.
Second, they recommend businesses seek legal or technology consultations to formulate a fraud-prevention plan with numerous checks and balances to implement companywide.
“Educating consumers to avoid the scams in the first place is far more cost-effective than trying to give money back to consumers through enforcement,” Kessler said.
Third, the FTC will continue to work with law enforcement to investigate and prosecute all reported cases of fraud.
The FTC recently published a pamphlet, “Scams and Your Small Business,” available to order in print or view online at ftc.gov, where it also houses a reporting database.
The BBB directs businesses to its Scam Tracker reporting tool and numerous educational resources on the subject of fraud at bbb.org.