Watch out for these Scams and Spam Targeted to Small Businesses

As a Small Business Consultant, our team and I work with clients on their marketing efforts.?We have noticed an increase in Facebook phishing emails, Google My Business Scam Messages, and other scams targeted towards small business owners. ??

We couldn’t find a lot of information online on these specific scams, so we thought we needed to write a blog on our experiences.?If you have any additional examples, please let us know, so we can add those.?

Scammers are becoming more sophisticated...

Make sure you review online best practices with your team on a monthly basis and have a plan if something does happen.?In my corporate years, the company would constantly educate and test employees by sending fake emails to see if you would click on them.?I had years of training on what signs to look for – we understand that some business owners may not have that type of training.?If you aren’t sure if you are protected, reach out to a local computer consultant to test your security and vulnerabilities + review this blog for tips and resources.

We all hate to be scammed.

We hate that feeling of being tricked by someone we thought was genuine, resulting in us being cheated out of money, time, and/or effort. In the end, we are left feeling uneasy and wondering how we could have ever fallen for it.

How could we have ignored the signs? Well, most of the time we don’t notice the signs, or we don’t know what signs to even look out for. Some we know are a scam, such as calls about your car’s extended warranty or random calls from an organization that makes no sense for us to get.

Others are less obvious, and we may not even realize they are a risk, such as social media scams. Yes, those exist, and they can be a big danger to individuals and businesses.

This blog is to help you understand what to look out for to try and protect your business from these types of scams / spam + some general things to do to help protect you and your business online.

?

Facebook Spam and Phishing

Social media scams vary and can include people creating fake accounts or using compromised accounts to gain access to someone else’s social media account or personal information.

Spam occurs when people send bulk messages of unwanted content, normally a result of a scam. Check out Facebook's blog on how to avoid scams.

Here are some things to look out for to see if an email might be fake.

• Pay attention when there is a claim to be a large organization or public figure, for example, Facebook itself. The screenshot below looks like it is from Facebook, but upon further inspection - it is not from Facebook.
• As shown in the screenshot below - the actual email address is an Outlook address, the web preview of the link shows a Facebook url, but it doesn't go to Facebook (just looks that way), and the threat in the last paragraph is another sign. Facebook doesn't threaten you when they tell you things. They don't care if you take action - they are just letting you know.

• Check out the email address (if the email is from Facebook, it will have Facebook in the address - this could change as they transition to Meta). The actual email address is an outlook email - not Facebook as it appears.

• Facebook’s official email will have facebook.com in the address (such as [email protected] or [email protected]) and they won’t ask for your passwords through email or messages.

• Facebook will notify you within the app or through email if there are any serious notifications, although this will depend on a user’s settings so make sure to check your Facebook notifications after receiving an email like this.

• Facebook won’t threaten you as shown in the last paragraph of the screenshot above - "Contacting us too late, respectively more than 48 hours after this email is received might not be taken into consideration."

• Keep in mind that some links in emails are previews and will redirect you to a different link when you click on it (the facebook.com link in the screenshot is a preview), be wary and don’t click on anything you aren’t a hundred percent sure on.

Emails may appear to be from legit companies but that does not mean they actually are.?

• Keep watch of your login history in cases of any suspicious activity. Have two factor authentication setup to make sure you are in control of who can login to the account.
• If you see any suspicious emails, report those to the respective company.
• In general, be cautious if people you don’t know start asking you for money or asking to give you money without knowing how much it costs.
• Scammers may ask you to move to a less secure form of communication. Or will try to avoid talking on the phone.

Google My Business Scam Messages

There have been a lot of scam attempts through Google My Business. We recently had way too many messages from scammers through clients' Google My Business Profiles. They usually follow the same patterns and say the same things but just with another name. Here are a few screenshots of those messages and tips on what to look for. You can also view more examples on Google Community Support.

What to look for:

• In the screenshot below, notice the flow of their (the scammers') sentence structure, how check (cheque) was misspelled, this is the first message from them and they talk about payment, and ask for specific information about the business owner.

• In messages, scammers try to get a company to collect their payment and they will then report the card as stolen or ask the business to pay a contractor from their funds (the card used is stolen). The business has “accidentally” committed fraud and the scammer is no where to be found.?They will also try to collect information that they can use to phish for additional info.

• There are usually spelling errors or poor grammar use in messages. In some cases, the person writing the message isn't writing in their first language, so grammatical flaws are illuminated.

• Check the display name and make sure it matches the name they use. As shown below - Mr. Joseph, but the name actually shows as Jessica - the hacker is using another person's account and forgot to use the right name - we guess? LOL. Also, notice how the date is stated - most, not all, people would say April 26th not the 26th of April.

• Are you able to talk to or meet this person or are they avoiding it? Always ask to talk if you have a doubt, a lot of times - scammers will say they have some form of illness or disability (cancer/deaf) to get out of talking.

• In the screenshot below, the person states they are messaging from a hospital, which is already a red flag because let's be real - this person is suffering in a hospital but wants to message you about a service? That would be very unlikely. Scammers may say that they are deaf - you can ask if they want to speak on a TTYL line. Scammers do not want to use this, and they will try to get out of it, stating that they want to stay in messaging, have cancer, ignore your question, or just want to get right to an estimate of payment, which most real people don’t want to do immediately.

• They want to give money for a service and tell you everything needed, but not discuss details of the job? That's usually a flag.

• If they are unwilling to cooperate or are avoiding your questions - then, that is a major flag. This doesn’t mean that every message that asks about payment or things related to what we reviewed are scams, it merely means that you should be cautious and ask more questions to be sure you are not wasting your time on a scam.?

Google My Business (GMB) Ownership Request

Spammers are trying to learn information for phishing purposes or to help them hack into applications or sites the business uses. For example, they learn the business owner's name and call the office and say the business owner asked for payment information or something along those lines.

They are also trying to take over Google My Business Profiles by sending an ownership request through Google. If you receive an email like the one below - don't panic - just need to login and decline the request. Make sure to review what we covered earlier to determine if the email is what it says it is!

If someone takes over your GMB or tries to multiple times, then report it with a 3rd party google violation report. If it happens on a regular basis - contact google support.

Here are some links to other places to learn about scams and ways to avoid those.

• FTC (Federal Trade Commission): ?Scams | Consumer Advice (ftc.gov) https://consumer.ftc.gov/scams
• FBI: Scams and Safety — FBI
• Other: 6 Ways To Spot A Blogging Scam - The Blog Societies

?

Today is unlike any year before us...

In terms of a hacker's ability to extract our information without us knowing it.?Network attacks can happen, and we need to make sure our companies have taken all necessary precautions.??

Hackers try to scan your computer to find a vulnerable port to break into.?You will not know – unless you have a system that detects the infiltration into your system.?Once they have access – they can take over your computer and have access to everything you have accessed.?

Many larger companies have been hit with ransomware, but they have teams of people with much larger budgets – most small businesses don’t.?

According to Kaspersky, “Ransomware is extortion software that can lock your computer and then demand a ransom for its release.”

This is scary.?Very scary.?If only these folks used their power for good…

They don’t - so let’s make sure we have assessed risks, have a plan, trained employees on the plan, and practiced the plan.?

Let’s hope it is not needed – but let’s be prepared – just in case it is.?

As we mentioned, if you don’t know what protections you have in place – reach out to your computer or IT person/team to find out. ?This is important stuff.

?

Here are a few tips:

• Virus protection and malware are very important and work together to minimize threats.?
• Make sure to change passwords often and don’t use the same password on every site.?
• ?Malware protection focuses on stopping Malware or “Malicious software” from stealing your data; it is the second vital layer, while virus protection focuses on doing a similar thing it is altogether better for you to get both and have the extra protection.?Both are vitally important as only virus protection isn’t enough.
• Some possible systems to add for protection could include Malwarebytes, Avast, and Kaspersky to name a few. Here is a possible list from PC Mag to help you figure out what protection options are out there.

?

As mentioned, scams and online security can be a big danger to you and your business. Make sure you are prepared.

We hope this article was helpful.?To review, let’s make sure to look for signs of scams as illustrated above, ask more questions to see if a message is real, change passwords often, verify information before clicking on a link or giving information to someone that called you (phone numbers can be spoofed easily too), and check your online security plan (or contact a computer consultant and create one). ??

NOTE:?This information is provided for informational purposes and is not and endorsement or referral of any person, company, or websites mentioned.