Canada
US
You are now leaving our website and entering a third-party website over which we have no control.
With so much of life and work happening on the Internet, it’s crucial to stay vigilant about online safety. Small business fraud is a very real threat. According to a Florida Atlantic University study, in 2018 small businesses worldwide experienced an average loss to fraud of $200,000 while larger businesses averaged $104,000.1
Why the disparity? Smaller businesses are more likely to have fewer fraud prevention restrictions, controls, and processes in place.
“That’s why it’s so important to discuss it with everyone in an office, shop, or wherever your small business operates,” says Charles McClafferty, Senior Manager of Fraud Risk Management at TD Bank.
“Every employee must know the risks and what to watch for,” he adds. “You’re much less likely to be victimized if everyone’s aware, and it’s kept fresh in their minds with periodic reminders and discussions.”
What are some of those risks, and how can we be better prepared to face them?
Watch out for urgent requests
Charles offers this fundamental tip to prevent email fraud: “Whenever you see an email asking you to act fast, slow down.” The most common type of small business fraud is email “phishing,” when a fraudster claims to be from one business and requests something be handled urgently.
Other red flags include unexpected “change of payment” instructions; suspension notices if accounts aren’t paid immediately; and urgent calls for immediate contact at a special phone number. Never click on links within emails or open attachments, even from people you know, if you’re not expecting them to email you such links or content.
Watch for bogus domains and poor grammar
“If you encounter an email that seems ‘off,’ look closer,” Charles advises. “Scammers try making their emails look as official as possible, often changing just one letter on an email domain’s suffix, such as changing @td.com to @tb.com. Many people will notice the slight difference, but all the perpetrator needs is just one person to miss it.”
Poor grammar and phrasing that’s inconsistent or off-brand are also clear tip-offs. “Be wary of official-looking emails that lack the professionalism you’d expect if the sender was legitimate,” Charles warns. “And, of course, TD Bank will never email you asking for personal information of any kind.”
If you doubt an email’s authenticity, it’s a great idea to call the purported sender, such as a vendor, courier, or financial institution, and speak with someone in person. “But don’t use the phone number in the email you got because that could be bogus, too,” Charles says. “Instead, use a contact number you find on the company’s official website.”
Train your employees to spot and report email fraud
Again, most small business fraud involves email scams that prey on emotional vulnerability. That’s why one of the most effective ways to train employees to recognize an issue is simply to talk about it and show them examples. You can find those and more information on the How to Recognize and Avoid Phishing Scams† from the U.S. Federal Trade Commission (FTC).
Teach them to look for the telltale signs of fraudulent emails, and if you find your company has been victimized, report it to the local police as well as to the FTC†. It’s unlikely the fraud is originating in your jurisdiction, so by reporting it at the federal level, there is a higher chance of successfully stopping it.
Consider implementing email security tools
Antivirus software and firewalls can’t protect you from small business fraud, but secure email encryption software may be an option for some businesses. Encryption scrambles a message upon sending and can only be decrypted with a software decryption key supplied to the recipient. It’s standard practice for financial institutions like TD Bank to use email encryption to keep client data and communications secure.
Practice good password hygiene
What is good “password hygiene?” “It starts with not putting sticky notes with passwords on your PC,” Charles says.
While most office personnel wouldn’t do that, many do make equally troubling mistakes with their passwords. They may be compromising their online security without knowing it. Consider these guidelines:
- Use a unique and different password for every online account you have
- Change passwords often, at least twice a year
- Don’t use numbers or dates that could be associated with you like birthdays or anniversaries
- Give all your passwords at least 8 characters, mixing letters, numbers and special characters
- A password manager is a good option, and there are several available for small businesses
Stay informed and diligent
Preventing online small business fraud, depends on staying informed about potential threats and watching for them. Password managers and email encryption are helpful, but employee awareness and training are critical. Make the latter part of new employee orientation, too.
Read on to learn more
No matter where you are on your financial journey, we’re here to help. Explore our financial education tips, tools and resources so you can feel prepared for it all.
Small Business Resource Center