Scam Blog Header

ICAT Blog: Article Protecting Yourself and Your Business from Scams and Fraud

October 5, 2022

Fraud and scams are everywhere, and they come in many forms—by phone, via email, and even through text messages. While there’s no escaping the malicious intent of these potential incidents, there are ways you can protect yourself if you ever find yourself in the midst of one.

What is fraud and how common is it?

“Fraud” is any activity that relies on deception to achieve a gain. It becomes a crime when it is a “knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment.” Basically, if you lie to deprive a person or organization of their money or property, you’re committing fraud. This also includes the scams you hear about all the time.

Fraud and scams are so common that one in ten adults fall victim to them every year in the U.S. alone. That’s about 25 million people! And to put it into the business perspective, 82% of organizations were victims of payment fraud in 2018.

What are the most common types of fraud or scams that target businesses, and how can you protect yourself and your business?

Unlike individuals, who can be affected by an array of fraud schemes (i.e., adoption fraud, health care fraud, holiday scams, skimming), businesses are targeted using several types of scams, including:

  • Business and Investment Fraud
  • Business Email Compromise
  • Phone Scams
  • Ransomware
  • Spoofing and Phishing

Business and Investment Fraud

Business or investment fraud schemes try and lure you in with the promise of a low or no-risk investment. Scammers will often ask for cash upfront in exchange for guaranteed future returns. Some common schemes you will see include advance fee schemes, Ponzi schemes, pyramid schemes, and telemarketing fraud schemes.

  • Be sure to always do your homework and research any investment opportunity independently no matter the information provided to you.
  • Never rush into an investment opportunity.
  • There is no such thing as a “guaranteed return” on any investment.

Business Email Compromise

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most common and financially damaging online crimes. A BEC scam appears to come from a known source making a legitimate request.

Some examples include:

  • A CEO asks someone at the company to purchase dozens of gift cards to send out as employee rewards. He asks for the serial numbers so he can email them out right away.
  • A vendor your company regularly deals with sends an invoice with an updated mailing address.
  • A customer reaches out letting you know their company has updated their banking information and sends you a different account number to wire money.

Criminals carry out BEC scams in many ways. They can spoof an email account of website by making slight variations on legitimate addresses, send phishing emails that trick victims into revealing confidential information, or use malware (malicious software) to infiltrate company networks and gain access to legitimate emails regarding billing and invoices.

  • Be careful who you share information with online or on social media. By openly sharing things like pet names, schools you attended, and your birthday, you’re basically giving scammers all they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message, especially those asking you to update or verify your account information. Look up the company’s phone number on your own (do not use the one the potential scammer provided) and call the company to ask if the request is legitimate.
  • Examine the email address, URL, and spelling used in the correspondence.
  • Never open an email attachment from someone you don’t know.
  • Set up two-factor (or multi-factor) authentication on any account that allows it.
  • Verify payment and purchase requests in person, if possible, or call the person to make sure it’s legitimate.

Phone Scams

Phone scams can include voice calls or SMS (text) messages. Over the years, scammers have figured out countless ways to get your money over the phone. In some scams, they act helpful and friendly. In others, they may threaten or try to scare you. Some examples of phone scams include business and investment scams, extended car warranty scams, timeshare scams, and charity scams.

  • If you think you’re on a scam call, hang up. When you receive a robocall, don’t press any numbers.
  • Consider call blocking or call labeling if you’re receiving unwanted calls.
  • Don’t trust your caller ID. Scammers can make any name or number show up so even if it looks like it’s a government agency calling, it could be a scammer calling from anywhere in the world (this is considered spoofing, which we’ll discuss in one of the next sections).


Ransomware is a type of malicious software, or malware, that prevents you from accessing computer files, systems, or networks and demands you pay a ransom for their return. These types of attacks can cause costly disruptions to operations and the loss of critical information and data. You can unknowingly download ransomware onto your computer. Once the code is loaded onto the computer, it can wreak havoc on your local drives, attached drives, and even networked computers. Most of the time, you don’t even realize your computer is infected.

The best way to avoid ransomware is to be a cautious computer user. Keep operating systems and software up to date and make sure anti-virus and anti-malware solutions are installed and set to automatically update and perform regular scans.

Spoofing and Phishing

Spoofing and phishing are very common and key parts of business email compromise (BEC) scams.

Spoofing is when someone disguises an email address, sender name, phone number, or website URL (often just by changing one letter, symbol, or number) to convince you that you are interacting with a trusted source. Criminals who use spoofing count on manipulating you into believing these spoofed communications are real and that you will ultimately disclose personal, financial, or other sensitive information.

Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. They’re designed to trick you into giving sensitive information to criminals. In this type of scam, you may receive an email with a link that looks legitimate but really isn’t. Once you click the link, you’re sent to a spoofed website that may look almost identical to the real one and asked to enter sensitive information like passwords, credit card numbers, or banking PINs.

Phishing has evolved over the years and now has several variations that use similar techniques, including:

  • Vishing – These happen over the phone, voicemail, or VoIP (voice over Internet Protocol) calls.
  • Smishing – These happen through SMS (text) messages.
  • Pharming – These happen when malicious code is installed on your computer to redirect you to fake websites.

Protecting yourself from these scams is possible! In addition to the tips listed under the Business Email Compromise section, remember that companies generally don’t contact you to ask for your username or password.

How can you better position yourself and your team to recognize fraud and stop it before it happens?

1. Train your employees.

Your first line of defense is educating your workforce. Train employees how to spot fraud and speak up when it’s discovered. The Federal Trade Commission (FTC) offers great resources for educating your employees.

2. Remain vigilant.

Always review your emails, invoices, and outside requests. Pay attention to the details when anyone is requesting payment or sensitive information. Know who you’re doing business with and always research a company’s history and reputation if you plan on working with them.

3. Be tech conscious. 

Scammers use fake emails, website, and phone numbers to lure you into a scam. Pause to think before you click on any links, open attachments, or download files to your computer.

Take the time to educate yourself and your employees and always be on the lookout for the next scam.

And ALWAYS remember…

If it sounds too good to be true, it probably is.