The Federal Trade Commission received more than 330,000 reports of impersonating businesses in 2023.
Some of these scammers pretend to be large corporations like Amazon or Best Buy, the FTC says. But small businesses are at risk, too, says Scott Taber, a cybersecurity awareness program specialist at the Michigan Small Business Development Center.
“There has always been the idea that small businesses are too small. But we know that’s not true — that cybercriminals specifically target small businesses because of that fact,” says Taber. “Small businesses typically don’t have the same resources as larger organizations.”
You can take steps to protect your business from fraudsters even without a dedicated risk or security team. Here are some simple ways to spot and address impersonation scams.
How to find out if you are being impersonated
Take half an hour each day to do “online hygiene” by looking for information about your business, suggests Melanie McGovern, director of public relations and social media at the Better Business Bureau. This can help you spot anything unusual.
For example, McGovern says, even businesses that don’t have a website can be listed in third-party directories. Fraudsters can find those directories – which usually include identifying details about your business, such as its address – and create an online presence, then start making fraudulent sales.
“That’s unfortunately how scammers think,” says McGovern. “This is an opportunity for them.”
Monitoring financial data like yours business credit reports it can also show potential problems. For example, Taber says, a fraudster might try to open new lines of credit or make large purchases in your name.
He recommends paying attention to customer feedback as well. If a customer receives a strange email or friend request and reports it to you, take the time to investigate.
“They’re probably going to be one of the best ways to advise you that something’s going on,” says Taber.
How to Respond to an Impersonation Scam
The most common imitation scams reported to the FTC in 2023 included:
-
Fake subscription renewals, such as emails claiming that a particular subscription needs to be renewed. Even if a customer does not have a subscription to that service, they can click on the link asking for more information.
-
Fake giveaways and discounts, where scammers ask customers to send them money to claim their offer.
-
Issues with fake package delivery, such as a text claiming to be from the United States Postal Service informing the customer that there was a problem and they must pay a fee to resolve it.
If a fraudster is impersonating your business and your customers need to be wary, let them know what’s going on and what you’re doing to prevent it from happening again. This is especially important with your most core customers with whom you need to maintain relationships.
“If you know there’s active fraud with your business and you hide it or don’t admit it … you’re going to lose clients and customers that way,” says Taber. “Your business reputation will take a huge hit.”
Then, report the scammer to the authorities. If they are posting on social media, report it to the social media platform and ask them to remove the post or close the account.
In Michigan, where Taber lives, he recommends calling the state attorney general’s office. They may not be able to charge or convict the fraudster, especially if they are based abroad, but it can add to a case the authorities are building. Learn how to file a report with the state attorney general’s office or the FTC in advance so you’re ready to do so if you have to.
How to prevent your business from being used in impersonation scams
Don’t wait until a fraudster targets your business to start strengthening your security and improving yours digital marketing.
of business cyber security The basics are essential, says McGovern. Set up two-factor authentication on all your accounts and require your employees to change passwords regularly. To avoid phishing attempts, always double-check that emails and text messages claiming to be from your bank or a business partner are from a legitimate address or phone number before replying or clicking links.
Beyond that, make sure your business has a website and a presence on whatever social platforms you use to communicate with customers. If there’s an account you no longer use, keep an eye on it to make sure it’s not taken over by a fraudster, says McGovern.
Ensuring cyber security can help protect your business finances if your information is compromised. Your insurer may be able to add cyber cover to your existing cover portfolio – as no business is too small to be targeted by a fraudster.
“If you get payment information, if you have personal information about your customers — everyone is vulnerable,” McGovern says. “Every business needs to be cyber aware and make sure they are protecting not only themselves but their customers.”