Cyberhacks and data breaches of big businesses get all the headlines and publicity. Target, Home Depot, Anthem and other hacks have all been widely publicized.
But there’s plenty of money for cybercriminals in the small business racket — and they know it.
The question is, do you?
A recent Wall Street Journal article highlighted how global cyber criminals are engaging in schemes to trick small businesses into transferring large sums of money to fraudulent bank accounts.
The schemes are known as “corporate account takeover” or “business email fraud.” They entail the exploitation of information that’s available publicly as well as weaknesses in the email systems of businesses and corporations, according to the Wall Street Journal article.
The FBI tallied the loss to global businesses from these targeted email scams at more than $1 billion from October 2013 through June 2015, according to the Wall Street Journal. The FBI estimates complaints from businesses have originated in 64 countries, although most are from U.S. firms.
The perpetrators are both overseas organized crime groups and domestic criminals, according to the FBI. As bigger companies and firms beef up cybersecurity in the wake of massive data breaches, mid-size and smaller companies become attractive targets because they may not be investing in protective measures in similar fashion.
In addition to using easily accessible malware, hackers are monitoring the social media of companies, keeping tabs on the websites of firms and using other measures to formulate bogus invoices or payment requests.
Investing in cybersecurity measures is the first step of protection. We also recommend training employees – and that’s true for every size organization, big and small – in recognizing possible cyberscams. Simple things such as looking for misspelled words in emails, an email from someone or a firm you don’t recognize and requests for funds from people you don’t know. If it appears to be from someone you know, but something doesn’t quite feel right, trust your instincts and take the time to verify it.
The verification process when it comes to transferring funds are also critical. Call the company requesting the funds using a number that didn’t come through the unsolicited email. Acquire a number by checking the company’s website or get one via fax.
For small business owners, there’s too much at stake not to take every precaution to protect your investment. After all, cyber thieves think it’s worth their time and investment.