What would you do if your business lost $25,000 to a scammer? How about $75,000? Would that be a serious setback, or perhaps even put you out of business? It’s a question every small business owner should contemplate because that’s the average amount lost by Arizona small business owners in just one identity-theft-related scam: Business Email Compromise (BEC). The FBI warns there has been a dramatic rise in these scams in recent years that have resulted in “massive financial losses totaling more than $2.3 billion.”
Unfortunately this is just one example of the ways crooks can steal from a business without ever setting foot in it. Here are six ways an identity thief can compromise your small business.
1. Hold You Hostage
We all know how frustrating it is when our Internet connection isn’t working well. Now imagine you can’t get access to your computer files— maybe any of them— unless you pony up hundreds of dollars in ransom. It happens all the time; the WannaCry ransomware attack that affected more than 300,000 computers around the world recently is just one example of how businesses of all sizes may be vulnerable.
In a ransomware attack, a scammer generally manages to insert malicious code into a user’s computer that locks files or prevents the user from booting up. According to a CyberScout white paper, “Nasty ransomware strains will threaten to delete data permanently if the ransom isn’t paid quickly.” Unless the victim has a complete unaffected backup she can use, she’ll probably pay the ransom in order to regain access to her computer or files.
2. Drain Your Bank Account
“Whaling” is an often-sophisticated phishing attack that targets a high-level executive with the goal of getting access to important data. In one popular version, the scammer will impersonate the executive to create fake wire transfer instructions. Those instructions will be sent to an employee who, thinking they are coming from top brass, complies. If the money is transferred, it ends up in the hands of the crook. Since cash flow problems are a top concern for small business owners, any missing money or funds lost to a scammer can be bad news.
A Mimecast survey of 500 organizations in the U.K., South Africa and Australia found that 54.5% of organizations saw an increase in the volume of whaling attacks at the end of 2015. And executives are a common way in for scammers, as 72% of whaling attackers pretended to be the CEO, while 35.5% were attributed to the CFO.
3. Get Credit in Your Business Name
It can be surprisingly easy for an identity thief to open accounts in the name of your business. Successful scammers fill out information using your business credentials. They may get business credit cards or get lines of credit, or purchase goods they can then resell. Many of the business details they need to commit fraud are publicly available through Secretary of State websites and other public information sources. And because many business owners don’t check their business credit reports, this crime can go undetected for a long time.
That’s a good reason for business owners to regularly monitor their business credit. A sudden change in a business credit score, new accounts or inquiries, or an unauthorized address change can all indicate potential fraud. You can check your business credit data for free every month at Nav.
4. Steal Your Business
While they say imitation is the biggest form of flattery, a scammer who hijacks or imitates your website can literally steal your business. They may direct your legitimate traffic to spammy offers, trick visitors into handing over personal information, or even collect payment from people who think they are purchasing from you. Losing a few customers can be the least of your worries here; if your customers become victims of identity theft or lose money, they may blame you. “It can destroy your reputation,” warns Adam Levin, founder of CyberScout and author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.
5. Compromise Your Customers
Data breaches— where an unauthorized person or company accesses confidential information — often in order to then use that information for malicious purposes, is on the rise. In 2016 there were a record 1,093 data breaches tracked, according to a report by the Identity Theft Resource Center and CyberScout.
If your customer data is compromised in this way you’ll need to take immediate action. Your business may be required under state or federal law to notify authorities. You may need to also notify those affected or potentially affected; they may expect you to pick up the tab for identity theft monitoring services. All these steps can be costly. Can your business afford it?
6. Use You to Get to Someone Bigger
It’s not just your own data that’s at risk, warns Levin. “You could be the gateway into hacking for a big businesses,” he says. He points out that the massive 2013 Target data breach that compromised the credit and debit card information, as well as personal information, of millions of customers was the result of a hacker who got into Target’s POS system via an HVAC contractor’s credentials.
Having solid data security practices can help you maintain good relationships with your biggest clients too. No business owner wants to be the contractor that costs a big business like Target a PR nightmare and potentially millions of customers — its not great for business.
Watch Out
With so many different types threats it is essential for small business owners to “create a culture of privacy and security,” says Levin. He urges small business owners to be especially vigilant about devices that may be connected to other devices, or used both at work and outside of work. If you share your computers or tablets with your kids, for example, make sure they aren’t unknowingly putting the business at risk by downloading apps or files that can carry malware. “Kids can become weapons of mass destruction,” he warns.
This article was originally written on May 18, 2017 and updated on February 15, 2019.
Have at it! We'd love to hear from you and encourage a lively discussion among our users. Please help us keep our site clean and protect yourself. Refrain from posting overtly promotional content, and avoid disclosing personal information such as bank account or phone numbers.
Reviews Disclosure: The responses below are not provided or commissioned by the credit card, financing and service companies that appear on this site. Responses have not been reviewed, approved or otherwise endorsed by the credit card, financing and service companies and it is not their responsibility to ensure all posts and/or questions are answered.