Tech and cyber scams impacting small business: You may be surprised

Image by mohamed_hassan from Pixabay

By Michelle van Schouwen

Do you think cyber scams are risks only for the naive or tech-ignorant? Sorry, but that is no longer true.

As a small business owner, both you and your staff often battle vexing issues: The internet is down, someone is misusing your business PayPal account or credit card, key software is buggy, bills are piling up, or the company bank account is actually overdrawn. Being deluged with genuine problems can tend to make owners and employees vulnerable to tricksters intent on stealing your money, data, and identities.

What’s more, cyber criminals are no longer reliably “obvious,” if they ever were – the old Nigerian inheritance scam is now just one of hundreds of ways scammers weasel into people’s money and identities. Scamming is a major industry. Americans – businesses and individuals – are estimated to have lost $40 billion to phishing schemes alone in 2022. According to scam baiters (people who work to expose scammers) 95 percent of global scam calls originate in India. Illicit companies have large call centers similar to legitimate tech support centers, and many of the representatives are technically savvy, as well as experienced in ways to scam people. The Undercover Asia|CNA Documentary expose “India’s Thriving Scam Industry: Before You Call Tech Support” demonstrates how former tech support workers take databases from the large companies for whom they used to work and put them to malevolent use.

A few alarming examples of the many current scams impacting small companies include:

-An employee has a tech support issue tangentially related to a computer, printer, phone or pad, and calls a toll-free number that turns out to be a scammer. A “knowledgeable” tech support rep inveigles the employee to gain access to the device, purportedly to check or fix the problem, and gets into the company’s credit cards, bank account, PayPal, or cryptocurrency.

-Similarly, the issue could be a request for money transfer from PayPal or another institution. The employee, intending to report fraud, calls the toll-free number provided (which turns out not to be that of the institution, but the scammer will answer the phone as if it were). The scammer is off and running.

-Employee gets a phishing email saying that Amazon (or another company) has been unable to deliver a package. The employee opens an attachment and allows scammers full access to a computer and perhaps a whole network.

-A pop-up for virus protection appears on a computer screen, claiming it has detected a virus or malware. Believing this to be the case, the user clicks it… and in comes the real malware.

-A “company” demands payment in cryptocurrency. The Federal Trade Commission cautions, “Only scammers demand payment in cryptocurrency. No legitimate business is going to demand you send cryptocurrency in advance – not to buy something, and not to protect your money. That’s always a scam.” (Note that scammers like to move money via crypto, because it is nearly impossible to track and recover.)

-Scams are so common that it is critical that your employees feel safe telling you if they have fallen for one. If they are afraid to do so, your company stands to lose a lot more money than if the employee tells you right away.

Let’s say that your company does get scammed. What next?

-Act fast!

-Contact any involved institutions (banks, credit card companies, PayPal, etc.) and follow their advice on securing your accounts (sometimes closing them and opening new ones). Any chance you have of recovering your money or the safety of your data depends in part on contacting affected institutions promptly. This checklist will help in the process.

-Change company passwords – potentially all of them. Scammers who have gained ingress to company computers, phones, or networks may have more information and access than you expect.

-If you know or suspect that scammers have gained remote access to your company or personal devices (phones, computers, pads), disconnect the device(s) from the internet. Use a different device to update all your passwords. Potentially, you will need to back up your data to another device (still offline), and then clear out the data on any impacted devices. You will want to secure your internet router as well. Work with a trusted professional as necessary.

-If your personal credit may have been affected, contact one credit monitoring service to set an alert; contact all three (Equifax, Experian, TransUnion) if you’d like to freeze your credit for a period of time.

-Report the fraud to the Federal Trade Commission, FBI, your state’s attorney general, and local law enforcement. Even if the losses cannot be reversed, you will help these agencies protect you and others like you from future scams.

-Check your business insurance to learn if you can file a claim for any loss. Typically, you would need to have cyber liability insurance to be able to make a claim.

-Unfortunately, once you or your company have been scammed, scammers may increase their contact, hoping to get at a known target again. Your company or an individual becomes a “mark.”

-Beware of the growing “scam recovery” business as well. Companies pledge to help you get lost money back, but they charge you. Most likely, any money a bank or other major institution will not refund to you has traveled many cryptocurrency transactions away, and you are not going to see it again. Worse, some of the funds recovery companies are scams as well.

-The emotional impact of fraud is significant. It is common for victims to feel embarrassed, foolish, stressed, depressed, and as if they cannot trust anyone. Take steps to care for any involved employee in the aftermath of victimization.

Are you discouraged yet?

That’s a valid response. Arm yourself and your staff with knowledge, keep it current, and quash any inherent trust in the reliable honesty of strangers. 2023 and beyond promise to be rife with more and more clever ways to scam small businesses and individuals out of money, data, and identity. You and your team have to be ready.


Michelle van Schouwen is principal of Q5 Analytics, providing advocacy and communications for climate change mitigation and adaptation. For 32 years, Michelle was president of van Schouwen Associates, LLC (vSA), a B2B marketing company. In 2017, van Schouwen Associates was acquired by Six-Point Creative Works, Inc. of Springfield, MA. Michelle is available for speaking engagements on topics including her work on climate crisis mitigation and Florida coastal water issues. She speaks to business and student groups about marketing launches and entrepreneurship and works with start-ups to support their development.

Leave a Reply

The Self-Employment Survival Guide can help you succeed. Learn all about it here.

Self-Employment Survival Guide book cover