Incidents of business fraud and identity theft continue to rise, costing business owners time, money, credit, and potentially, their reputation. Massachusetts is no stranger to reported business fraud and identity theft incidences. In 2021, according to the Insurance Information Institute, Massachusetts ranked as the fifteenth hardest-hit state for business identity theft.
The best way to protect your business against fraud and identity theft is to understand the scams and how they work. Once you know what to look for, follow our six tips below to protect your business and learn how to report any suspicious activity.
Most Common Types of Business Fraud
Whether it occurs due to a stranger or by a member of your staff, "business fraud" happens when someone disguises their theft as a legitimate transaction. It is considered fraud when someone intentionally misrepresents the truth or withholds information that results in harm, including monetary loss. Money Fraud, Return Fraud, Invoice Fraud, and Payroll Fraud rank among the most common types of business fraud.
Money Fraud
With so much illegal cash making its way around, businesses must be careful when accepting bills of any size. Fake bills, or counterfeit money, are completely useless when you try to deposit them into your business checking account. The most common counterfeit bills are those with a higher value, like the $100 bill. You can protect your business by learning to identify legitimate and fake money. Many security features can help you identify real currency, but other options, such as pens, UV lights, and scanners, exist to help make your job easier.
Return Fraud
If your business sells goods, you most likely have experienced some form of return fraud. Return fraud can be as simple as a customer purchasing a product, using or breaking it, then trying to return it, stating nothing is wrong in an attempt to get a full refund. Or you may come across a criminal who steals items from you and hopes to return them for a profit. Adapting your policies can help you reduce potential return fraud, and requiring receipts and limiting your return period may help curb additional loss.
Payroll Fraud
One of the oldest known types of business fraud, this scheme typically involves paying non-existent workers. An internal member of your team who controls the company’s payroll system may add one or more employees who do not perform tasks yet still receive a paycheck. Other payroll fraud schemes include submitting false timesheets and issuing unauthorized bonuses. Although payroll fraud is usually an inside job, hackers have been known to breach systems and pull off this scam electronically.
Invoice Fraud
All businesses need supplies to run the office. Whether it is paper, printer cartridges, or cleaning supplies, fraudsters take advantage of this by sending fake invoices in hopes that they'll be processed and paid without being questioned. If these fake invoices are paid, your money may be gone.
Another version of invoice fraud is directory listings and advertising scams, where someone asks an employee to confirm information for a service that your business requested. They may ask the employee to verify a name, telephone number, or address (information easily obtained online) to process the order. Once confirmed, they send an invoice for a service that was never authorized or provided in hopes that it will get paid. Worse, they use a recording of the employee who confirmed the information to pressure you to pay.
What is Business Identity Theft?
Business identity theft occurs when thieves impersonate owners, officers, or staff members for illegal gain. Sensitive data, such as a tax identification number and an owner’s personal information, can be leveraged to orchestrate the following business identity theft crimes.
Financial Fraud
If a criminal gets ahold of your business information, they can attempt to secure a business line of credit, take out loans, and open credit cards. Although reporting business identity theft may alleviate financial responsibility, your business' creditworthiness may be impacted.
Tax Fraud
Tax fraud is when a fraudster impersonates your business to file false tax returns and get your hard-earned refunds. Keep your financial records and information secure and shred any paperwork immediately instead of disposing of them in the trash.
Website Schemes
Customer data has become increasingly valuable in wide-reaching ways. One of the more subtle fraud schemes involves rerouting customer traffic from your legitimate online platform and acquiring your customer information.
Trademark Scams
Criminals may register a variation of a company’s name or logo and later demand a payoff. This trademark scam is often used when franchises open in new cities or states.
Now that you are aware of the ever-changing types of fraud and identity theft, here are some steps you can take today to protect your business.
Tips to Protect Your Business From Business Fraud & Identity Theft
It’s important to understand the mindset of hackers and fraudsters when considering business protections. By hardening your defenses and remaining vigilant in the following ways, criminals are more likely to try elsewhere.
1: Monitor Activity On Your Business Credit Report
For a relatively nominal fee, business credit reporting bureaus such as Dun & Bradstreet, Equifax, and Experian provide companies with ongoing access. Periodically checking your credit report allows business professionals to identify any errors or suspicious activity. For example, an unauthorized credit pull or loan application would point to potential business identity theft in progress.
2: Verify all Invoice Payments
Never pay a bill that you can't verify. Identify employees that can place orders and approve invoices. If you're a business owner and don't process payments, consider requiring your approval on invoices over a set amount.
3: Keep Business Records Secure
It’s crucial to shred paper documents to ensure they don’t fall into a criminal’s hands. By that same token, many business identity theft cases result from hacks. Investing in robust cybersecurity remains an excellent way to protect sensitive and valuable digital assets. One of the hot-trending defenses involves zero-trust networks. This strategy limits the information each staff member can access on a need-to-know basis. Should a cybercriminal learn someone's username and password, they, by default, are restricted.
4: Train Employees
- Regularly educate your employees. Explain how scams happen and how to spot a scam. Include in your training the importance of not sharing passwords or sensitive information.
- Offer fraud reporting options. Consider providing a confidential pathway for employees to report fraud or suspicious activity.
- Develop cybersecurity awareness. Employees represent the company's front line of defense against data breaches, making them the target of relentless efforts to breach a business system. Providing the entire staff with cybersecurity awareness training and ongoing alerts ranks among the best ways to protect against business identity theft.
- Incorporate efforts into your daily culture. Implement policies that regulate access to confidential data and help you spot fraudulent activity before it happens. Audit your processes to ensure adherence.
5: Avoid Online Business Chatter
Online thieves monitor professional networking platforms to learn about an organization and its endeavors. When a team member expresses enthusiasm about a lucrative project on a site such as LinkedIn, hackers can use this and other online information to make a play on business resources. Professionals are often surprised at how much of their seemingly personal and business identity information has accumulated across platforms.
6: Exercise Computer Network Vigilance
An organization’s cybersecurity posture is only effective if it is up-to-date and fully secure. That’s why patching software, employing enterprise-level firewalls, and encrypted transmissions are essential. It’s also crucial to create daily backups and keep at least one offline, where hackers cannot access it.
How To Report Business Fraud and Business Identity Theft
If you suspect your company has been subject to business fraud or identity theft, notify your bank immediately. It's also important to report fraud or identity theft to the Federal Trade Commission.
At Middlesex Federal, we take your security seriously. Providing you with information that can protect your business from fraudulent activity and identity theft is important to us. Check out our alerts and safeguards page; it's filled with helpful tips and information you can use now.