Cybercrimes happen more often than we think. As home inspection business owners, we used to think of cybercrime as someone getting a hold of our credit card number. Today, cyber thieves are more sophisticated and small businesses are being taken advantage of more than ever. Most times, these losses are never reported in the news.
According to PurpleSec, in 2018 cyberattacks cost small businesses an average of $34,000. For many businesses like ours, a loss like this could cause the business to go under. Most of the attacks are now akin to a high-tech burglar knocking at our front door and waiting to see what happens.
Top 10 Cyber Scams
1. Bank Account Takeover.
According to the Small Business Administration, the most common and dangerous scam for small businesses is account takeover. I wrote about this in an article titled, “Cyber Security for the Home Inspector,” published in the April 2013 issue of the ASHI Reporter. Most of these scams start by sending fake emails and using fake websites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts. The best protection is vigilance. Be suspicious of any online solicitations and monitor your bank accounts daily to make sure no unauthorized electronic transfers are being made. Talk to your banker and ask what anti-fraud alerts they offer.
2. IRS Scams.
Recently, someone claiming to work for the IRS called our office. This had all the signs of an IRS imposter scam. The reality is that the IRS won’t call out of the blue to ask for payment, won’t demand a specific form of payment and won’t leave a message threatening to sue you if you don’t pay right away. The IRS will usually mail you a notice that you are delinquent. A quick check with our tax accountant confirmed our suspicions.
3. Stolen Identity.
Scammers often pretend to be a legitimate company to trick small businesses. Scammers set up fake websites and “hijack” your company name and address. They may also use “brand hijacking”—the blatant copying and misuse of company logos and website content—to impersonate a business and deceive unsuspecting visitors. In this con, the company doesn’t necessarily lose money; however, their reputation is tarnished when angry customers who were ripped off by scammers think the real company is responsible.
4. Charity pitches.
Most businesses are regularly asked to donate funds to charitable causes. While many requests are legitimate, every year small businesses become victims of fraudulent or deceptive charitable solicitation schemes. Research charities and see more giving tips at Give.org.
5. Phishing Scams.
Phishing scams attempt to steal sensitive information about your business. These scams often appear to be legitimate emails or text messages. However, when you click on the link, you download a virus that captures personal information or loads a form that asks for bank account or credit card details. Be leery of unsolicited messages and don’t click on links. Instead, hover over the link with your cursor to see the real address first. Also, be sure your computer has the proper firewall and current protection software.
6. Office Supply Scams.
In these scams, a business receives an unexpected telephone call from someone claiming to represent a reputable company with which the firm often does business. Sometimes scammers will even call in advance to find out what brand of supplies or printer supplies the business uses. The scam caller will try to sell the business surplus merchandise at a reduced price, citing a cancellation or over-order by another purchaser. The merchandise doesn’t exist. Don’t be fooled.
7. Coupon Books.
Often, small business operators are approached to participate in coupon book promotions. The business has the opportunity to offer discounts or extras in the coupon books that are sold by promoters to consumers. Problems occur if the promoters change the terms of the coupons, oversell the books or distribute them outside the company’s normal business area. In my experience, this type of marketing has little return for home inspectors, scam or not.
8. Vanity Award Scams.
A vanity award scheme capitalizes on a company’s excitement for an award that essentially holds no value. This con typically targets business owners through email campaigns. The scam email congratulates the owner on their selection for the award and invites them to click a link for further details on how to claim the prize. But, of course, claiming the honor involves paying a fee of several hundred dollars. I get approached annually, being called the “Best Inspection and Testing” company in my town and, for $150, I can get a plexiglass award to prove it.
9. Overpayment Scams.
In this scam, the person you are doing business with sends you a check for more than the amount they owe you. Then, they instruct you to wire the balance back to them. Or they send a check and tell you to deposit it, keep part of the amount for your own compensation and then wire back the rest. The results are the same: the check eventually bounces, and you’re stuck, responsible for the full amount, including what you wired to the scammer. I’m not sure a home inspection company would be a target for this scam, but as inspectors see more clients remotely, it is a possibility.
10. Valuation Fraud.
Business owners may receive a call or email from a “business broker” offering to find a buyer interested in purchasing their company. This will work with home inspectors who are looking to get out of the business in a few years. If you take the bait, they say they will send out someone to give you a proposal and charge a down payment for the valuation, but that's the last you’ll hear from this fake company. If you’re thinking of selling your business, contact a reputable business broker and make sure to get references before making payment.
Vigilance is the Answer
What can home inspectors do to protect ourselves? Be vigilant. Never click on a link that you are not expecting. As I am writing this, I received the DocuSign email bellow. The email looked very legitimate, but I had no reason to be getting it. A curious person would open it to see what it contains and most likely, malware would infect their computer. Would the antivirus software catch it? Maybe, maybe not. Why take the chance?
Back in 2013, when I first wrote about Cyber Security for the ASHI Reporter, my business was receiving spam calls daily, but we had almost no phishing phone calls. Today, that is not the case. Businesses are being targeted, and the scammers are using social media and information from the internet to make their pitch all the more believable. If the call or the pitch is too good to be true, then stop everything to do your due diligence. Scammers want you to act, but by slowing down and looking at the offer, you can save yourself from financial hardships.