Pensar Blog

5 online scams every UK small business should be aware of

Written by Mark Williams | 21 November 2017

According to the National Audit Office (NAO) police forces in the UK are not doing enough to combat the growing threat of online fraud. According to their report, fraud cost the private sector £144 billion in 2016 after almost 2 million cyber-related fraud incidents.

‘For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry,’ says Sir Amyas Morse, chief of the NAO. ‘It is now the most commonly experienced crime in England and Wales and demands an urgent response.’

There is not a lot that we can do about the governmental response to increased cybercrime in the UK, but we can keep up-to-date on what threats are out there and be proactive.

Here are 5 online scams every small business in the UK should be aware of.

1. ‘Re: The information you wanted’

Criminals are using a new type of bait in phishing emails.

They disguise their email as a reply to a previous email, like a request for further information, and ask recipients to click a link. The link takes them to a website which then downloads malware onto the recipient’s computer.

The emails appear to come from a legitimate contact or a familiar brand, demonstrating just how creative criminals can be when launching these attacks on businesses. So be careful when opening emails and make sure they’re the real deal before clicking on any links or opening attachments.

2. I just called to say ‘I scammed you’

There have been cases of small businesses falling victim to hacking via corporate telephone systems.

Hackers can gain access to your telephone systems and install software that automatically calls premium rate numbers that they own. This is a lucrative model for criminals, and it costs companies around £1.5 billion per year.

It’s important to make sure that your phone line provider follows IT security best practices, because you may not have an easy legal recourse if you fall victim to this kind of attack – as one small business owner from Lancashire discovered this year.

3. A bargain too good to be true

Businesses spend a lot of money on SaaS applications and enterprise software, like Office 365 and Dropbox. So naturally, when business owners see that they can purchase software for less than half price from an online seller, they’re tempted. But it’s too good to be true.

Criminals are selling software at unbelievable prices, but here’s the catch: the activation codes are invalid. That means the software, however cheap, is useless.

No matter how secure and genuine a seller or a website looks, you can’t be sure that they’re trustworthy. You should only buy software directly from its creators or from authorised resellers.

4. Royal e-Mail

Another recent scam involves emails from ‘Royal Mail.’ There have been reports that phishing emails have been received from ‘yourparcel@championmail.com’ and, more recently, ‘RoyalMailParcelpacketinfo@championmailservice.com’.

These emails inform the recipient that the service is holding an item for them, and that they need to reply to arrange redelivery. A reply to these emails results in scammers installing ransomware on your machines, which they use to encrypt your files and hold them to ransom.

Average payment demands are over £500, but payment doesn’t guarantee the release of your files. As a best practice, you should back up your data regularly and restore your systems from backup if you fall victim to ransomware.

If you need more information on keeping your business safe from ransomware, click here.

5. Getting less than you bargained for

Each year, small businesses in the UK lose £9 billion through invoice fraud.

Criminals use various tactics including viruses embedded in email attachments, unknown invoices sent via post or email, modified bank details and duplicate invoices. They normally use information that’s available online to make their invoice look identical to that of a legitimate supplier or company you do business with.

Both you and your employees need to keep a look out for fraudulent invoices, because otherwise you may lose your hard-earned money. Check invoices for things like spelling errors, incorrect logos or unusual bank details. And if in doubt, call the invoice sender and verify the legitimacy of your invoice.

Be scammer aware

Technology has made vast improvements to our working life, but it also puts small businesses at risk. By staying alert and up-to-date on the latest scams, you can better protect your business and your customers.

Are you able to protect your business from scammers? Book a free IT security valuation today to find out how vulnerable your business is.