NSGA Report: Stay on High Alert for Holiday Business Scams

By Marty Maciaszek 
NSGA Director of Communications 

‘Tis the season to be on the lookout for fraudsters interested in giving small business owners big headaches by taking them for a scam. 

They’re trying to catch you when you’re busy, so it’s important, not just for the holidays but all year round, to stay awake to those hoping to give themselves a big financial gift. It could be bogus emails that look like the real thing or people trying to place fake orders. 

“You should be very careful at all times, but especially this time of year,” said Erik Person, the owner and founder of TeamLogic IT in suburban Chicago. 

Take the case of phishing emails. In the past, someone “offshore” would use screengrabs where the quality of a logo and grammar in the messaging weren’t good. 

Artificial Intelligence (AI) has been a game-changer and not necessarily for the better if you’re a business owner. Person said TeamLogic IT is seeing multiple cases every week of bogus emails enhanced by AI.  

“Today they’re running them through an AI filter that cleans them up and you can’t tell the difference,” Person said. “It’s scary how accurate they are. It allows hackers to create messaging that is spot-on.” 

Names of people who legitimately work at the companies are often used in the fake correspondence. It’s imperative to check the URL address in an email because AI can’t adjust those addresses, according to Person, and if you don’t recognize it, that’s a red flag. 

Requests for payment or changes in the payment method should also be treated with extreme caution. 

“Anything requesting payment details is automatically suspect,” Person said. “If you get an email always voice-verify with somebody you know within the company.” 

But you don’t want to call a phone number that may be listed in an email or attachment where you’re not sure of its validity. The scammers may get you to call a fake number and make it seem the request is real, so you want to use a number you know is legitimate from your contacts list. 

Cybersecurity training for small business owners and their employees is more important than ever. Multi-factor authentication systems may seem like an inconvenience at times but they can prevent a really inconvenient situation. It’s also important to have someone you can trust to contact with questions and concerns. 
 
Person said the stringent security measures a business owner uses for their facility and its contents are just as important for intellectual property or “essentially you have a screen door on corporate data.” 

Other suggested protective measures include: 

• Don’t download or open attachments, applications or zip files from unknown senders. 

• Never click on links embedded in unsolicited emails. Check the source first. 

• Watch for any unusual activity across your accounts. 

• Use strong passwords, change them periodically and don’t write them down. 

• Never share personal data such as birthdates, social security numbers and passwords in emails. 

If you have questions you can contact Erik Person at TeamLogic IT at eperson@teamlogicit.com. TeamLogic IT is the technology partner of NSGA.