The COVID-19 pandemic has impacted small businesses on a number of levels—from revenues to headcount to productivity. In addition, hackers have turned the pandemic into an opportunity to defraud both individuals and small businesses. If you’ve been a target or want to arm your business against future scams, we put together the following guide with everything you need to know about COVID-19 scams against small businesses.
Common small business scams during COVID-19
The most common scams that small businesses have experienced recently—and which you should look out for—include:
- Unemployment fraud: Email phishing scams, which are successful when a user clicks a questionable link, ultimately give hackers access to data like owner names, Social Security Numbers, and more. They then use that information to file for COVID relief and unemployment benefits.
- SBA copycats: Since the SBA has been helping small businesses get financial assistance during COVID-19, copycat websites have sprung up offering bogus loans, charging loan application fees, and/or selling high-interest bridge financing.
- Fake fundraisers: Scam artists are creating fake pandemic-related causes and asking for donations.
To protect your business from scams like these, you’ll need to beef up your cybersecurity measures. Keep reading for four ways to do that.
1. Know how to spot phishing attempts
Phishing attempts typically happen via email or text. They’re designed to trick you into giving personal information, passwords, account numbers, Social Security Numbers, etc. Or, they have fraudulent links that, when clicked, introduce malware and ultimately expose private data that’s stored on your device. Fortunately, most phishing scams have similar characteristics, such as:
- Disguise: They may look like they’re from a company you know or trust.
- Panic: The content incorporates a sense of urgency or even panic to get you to click a link, open an attachment, or provide personal information. For example, they’ll say there’s been suspicious activity or a problem with your account, ask you to confirm personal information or make a payment, or include a fake invoice or coupon.
- Impersonal: They have generic greetings, like “Hi friend,” or just “Hello.”
- Strange sender: The “from” email address has a strange variation of an actual company. For example, if someone was pretending to be Bluevine, they might use an email address ending with @mail.bluevine.work instead of @bluevine.com.
- Suspicious links: The actual links go to suspicious websites. To check this, hover over the links for a preview.
- Grammar: The email or text is riddled with spelling and grammatical errors.
If you receive an email like this from a company you use and trust, you can always call them directly to see if they sent it before you take any action. And if you are confident that it’s spam, you can report it to the FTC.
2. Maintain your records
Sometimes, phishing scams will include fake invoices that often request payment in the form of cash, cryptocurrency, or another untraceable payment method. If you keep a good record of your orders and payments, then you should know if these statements are legitimate or not. To avoid paying fake vendors, run an audit of your accounting practices and record keeping to ensure that everything is properly tracked.
3. Invest in cybersecurity
Securing your computers and devices is key to protecting your business from scammers. Start by running a cybersecurity risk assessment to identify security strengths and vulnerabilities. If you have a dedicated IT staff, they can take the lead on your security audit. Otherwise, you can hire an external security consultant or company, or use the Department of Homeland Security’s Cyber Resilience Review and/or Cyber Hygiene Vulnerability Scanner. Learn more about these options here or from the SBA.
From there, you’ll understand what security software and firewalls you should install on your servers, computers, and other devices. Security software can help you manage user access, protect data, and secure your systems from viruses, malware, and other security risks. Firewalls act as a shield that prevents cyber attackers from accessing your networks.
4. Create a plan
All in all, your security plan should focus on both prevention and response. That way, you can protect your business from scams, and know what to do if you happen to fall for one.
For prevention, you’ll want to follow the guidance outlined above, address any vulnerabilities you identify during your security audit, and train your staff on your security protocols so they’ll also know how to spot and prevent a threat. For response, you should file a report with the FTC, your state’s consumer protection office, and/or the local police—just don’t forget to provide any relevant emails, texts, receipts, and phone numbers to complete your report.
If you’re looking for more financial flexibility as you implement new security measures, Bluevine can help. Our solutions—which include financing, payments, and banking—are designed with your specific needs in mind. Open a line of credit for added financial security, manage and track payments, and earn 2.0% interest on a no-hidden-fee checking account for eligible accounts.BVSUP-00005