Skip to content

Small Business, Big Scam

Beware of 4 ways that crooks can target your company

If you operate a small business, you have big cause for concern — beyond the state of the economy. Scammers have quietly been increasing their focus on companies like yours.

Some of the crooks target specific types of small businesses. Others use a one-size-fits-all ruse.

So watch out for these four leading lures:

“Deaf” callers. Since last autumn, there’s been a new wave of scammers who pose as deaf customers and place large orders for merchandise via telephone relay services.

The basic tool is the so-called TTY device, which allows authentically hearing-impaired people to communicate over phone lines by typing messages. A relay operator then reads the message to the call recipient.

What scammers do is purchase TTY devices on the Internet and, usually with stolen credit cards, order thousands of dollars in goods from businesses. Your company ships them the goods, which are then fenced for a profit, but you never get paid.

In the past, this ruse made for easy pickings because federal law dictated that the relay operator could not disclose the origin of the call, allowing crooks to mask their identities and location.

In an attempt to crack down on this abuse, the Federal Communications Commission ruled in 2009 that relay callers must register their phone numbers or Internet addresses.

But crooks now just register numbers from “pay-as-you-go” disposable cellphones or use public access computers to get around these protections.

The impact on a company can be devastating — although credit card liability law protects individuals from paying more than $50 of fraudulent charges, businesses may be on the hook for the full amount.

Your protection: Realize that telephone relay service scammers often make their orders with stolen credit card numbers — but may not have the actual cards.

So ask these callers, via relay operators, to provide the card’s three- or four-digit verification code — as well as their full name, address, telephone number and issuing bank and its phone number. Then verify that information with the card issuer before dispatching the order.

BBB complaints. Your company receives an email that seems to come from the Better Business Bureau and has the subject line “Complaint from your customers.” Click on the attachment for details, you’re told.

However curious you are, don’t! The attachment contains  “malware” that can provide cybercriminals with remote access to your company’s sensitive files. At one company where this bogus BBB attachment was opened, scammers were able to order up a fraudulent bank transfer after accessing company bank numbers and passwords.

Your protection: Delete this email without opening the attachment. And with email in general, don’t open any attachment you don’t trust — if in doubt, contact the supposed sender to confirm it’s legit.

The BBB now recommends that all company computers be scanned with anti-virus software at least several times a week, and that website domain owners set up a sender policy framework (SPF), a system that automatically evaluates incoming email for authenticity. You can get instructions at this Microsoft webpage on how to do that.

Also beware of attachment-containing emails purporting to be from the Internal Revenue Service or other government agencies offering “Business Grants”; these also typically contain malware or other kinds of scams aimed at small businesses.

Directory deception. Scammers claim to be calling from the Yellow Pages or an online phone directory. They ask your business to “confirm” its address and phone number. For online directories, they might request “search term” keywords supposedly to use on search engines.

Employees often assume that an existing listing is being updated and provide the information. Later the company is billed hundreds of dollars for supposed requested listing services.

In another variation, the supposed listing company sends your firm solicitation paperwork that’s meant to look like an invoice.

Your protection: Tell your employees not to respond to these kinds of calls. Know that in most legitimate directories, a simple line listing is free, but there are costs for phone directory advertisements and bold-face listings.

And scrutinize your invoices. Under U.S. postal regulations, any mailing that looks like an invoice but is really only an invitation for an order or service must include a prominent disclaimer, such as “THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE UNLESS YOU ACCEPT THIS OFFER."

Report any suspicious invoices to the U.S. Postal Inspection Service.

Office supply scams. These cost American businesses millions a year, according to the Federal Trade Commission. The basic goal is to generate high bills for frequently ordered supplies such as paper, toner and printer ink.

The scammer may first visit your company’s website or simply call to get the name and title of an employee who is then designated on billing paperwork as an “authorized buyer” for recurring shipments of unnecessary supplies. The scammer’s hope is that your accounts payable department, recognizing the employee’s name, will pay the bill with no questions asked.

Other tricks: Crooks pretend to be with a current or previous supplier, quoting a reasonable price — say, “$19.95 for a carton of 10” — but then billing for a per-unit price ($199.50). Or they may offer to send free or sample merchandise … followed with an inflated bill.

Your protection: Don’t fall for the name game. Instead, ensure that any invoice you pay has a recognizable account number (both that of your vendor and your company). Phony bills often don’t contain the sender’s phone number — that’s a way for scammers to prevent you from getting in touch. Also be wary of bills requesting payment to a P.O. box number rather than a street address. 

Sid Kirchheimer writes about consumer issues for