3 Business Scams Targeting Small Business Owners Online

If you run a small or medium-sized business, you know how important it is to protect your business and its reputation. But if you have a website for your business, scammers see opportunities. There are many business scams that can lose you money and cause a lot of stress and anxiety. Learning what to watch out for can help you spot them.

See Scams Targeting Website Owners with Liz Eisworth for a complete transcript of the Easy Prey podcast episode.

Liz Eisworth is founder, partner, and lead web developer at SangFroid Web, a web agency in Atlanta, Georgia. She and her husband have been running it for fourteen years. They work primarily with small and medium-sized businesses, and primarily offer web design, online presence, social media, and search engine optimization services. In this role, Liz has seen her clients – and even her own business – targeted by many different scams.

Any business with a website can be targeted by these scams. Small and medium businesses are especially targeted. Liz thinks that it may be because many people running smaller businesses tend to know a lot about their business but not have much experience with potential scams. And they’re very invested in their business’s reputation and success, which can make it easier for scammers. There are three major business scams that you need to know about.

Business Scam #1: Domain Slamming

In a “slamming” scam, the scammers try to get you to switch from your current service provider to them. Their service is often worse and almost always more expensive. This can happen with utility scams, but it can also happen with your website domain registrar. These scams used to exclusively come through snail mail, but now they can also come through email. And they’re technically not illegal.

These business scams come as an advertisement, but they don’t look like an advertisement at first glance. They look like a legitimate invoice or legitimate notice from your registrar telling you to renew your domain immediately. Often, they threaten that if you don’t act immediately, your domain will expire, you’ll lose your website, or other bad things will happen. They’re trying to scare you into renewing your domain with them and not your actual domain registrar.

They try to get you to enter into a contract with them where they will take your money.

Liz Eisworth

Somewhere on the document or in the email will be small text that says it’s an advertisement and not an invoice. Because it has that disclaimer, it’s actually legal to do this. But even though it’s not illegal and not technically a crime, it’s very unethical and very scammy.

Behind the Scenes of Domain Slamming Business Scams

When you register your domain, your registration information is available publicly unless you choose to register with a privacy proxy. In Liz’s experience, about 90% of small business owners don’t choose to (or don’t know to) use the privacy option. Domain slamming scammers can go to those public databases and get your information to send you those tricky advertisements.

We actually recommend that most businesses register with privacy … because you get inundated with these types of scams just from scraping public data from the registrars, the ICANN, or wherever.

Liz Eisworth

Switching your domain to the new registrar is almost always more expensive than renewing with your regular registrar. And this business scam can cause even bigger issues. Depending on how your DNS is set up and what settings they change when they switch it over, it could cause issues with your email or even cause your website to go down entirely.

The International Domain Variation

A variation on domain slamming business scams doesn’t try to take over your current domain. Instead, it tries to convince you to buy a new domain you don’t really need. The scammer will contact you saying that someone registered the same business name as yours in another country. To protect your business, they claim you need to register your domain with a country-specific extension (e.g. YourBusiness.cn for China or YourBusiness.au for Australia).

Everybody is afraid when they hear their business is in jeopardy or that they might lose out on business. Scammers are always trying to feed that fear. In these particular business scams, they are trying to use that fear to convince you to pay them for something you don’t need.

Business Scam #2: Phishing with Fake Copyright Claims

Liz started seeing this particular phishing scam just over a year ago, and it targets small businesses. It sometimes comes through email, but more often comes through a contact form on your website. The core of these business scams are copyright infringement threats. Often they claim to be from a photographer or illustrator claiming you used their photos or illustrations on your website without permission and they’re going to sue you for copyright infringement. The message includes a link, which they tell you goes to proof of your copyright infringement.

Liz has never clicked on the link, so she doesn’t know where it goes. It might install malware on your device. It might lead to a fake website trying to steal your login information. Or it might just request a few hundred dollars so they don’t sue you.

Essentially, it is a basic phishing scam. But business scams are getting smarter. This scam has evolved to use sophisticated legal language and reference DMARC copyright laws. It causes a lot of panic in business owners. About a fifth of people Liz sees click the link just to see what images they’re using in this threat. In many cases, they know the threat isn’t true, but they click because they want to disprove it. Liz always advises not to react immediately to any email that causes an emotional reaction. Just stop, let it sit for a bit, and come back when you’re not panicking. Otherwise you risk making an emotional decision and making your business vulnerable to business scams.

Business Scam #3: Third Party Payout Scam (aka Payment Reversal Scam)

These business scams target businesses that provide services, not products. In this scam, a potential client reaches out to you about a new project. This comes almost exclusively through email or a contact form on your website. The initial email can contain project details, but mostly it’s to see if you’ll contact them back. Once you do, they provide details about the project. They provide an excessive amount of details. Liz has seen a lot of these messages, and she’s noticed some similarities. They all use similar turns of phrase and provide a lot of details without saying anything meaningful. It feels like a distraction. The scammer wants you so focused on the details that you don’t notice it’s a business scam.

Once you get all the details, they want to know more information. They want to know if you’re the company owner, they want your cell phone number, and they especially want an invoice. Once you send them an invoice, they pay you. That’s when the scam part starts.

“Accidental” Overpayment

With this method, you send them an invoice for your services, and the scammer overpays. Then they reach out to you and say that they overpaid and they would like a refund for the difference. So you issue them the refund. At that point, they completely disappear.

What happened? The credit card that they used to pay you was stolen. When the owner of the stolen card sees the charges, they will reverse the charges. All the money the scammer paid you will be taken out of your account. But the refund you gave them also came out of your account. So not only does the payment they sent you get reversed, you lose the amount you refunded them on top of that.

Paying Contractors via Overpayment

In another variation, the scammer asks if they can overpay on purpose and have you pay subcontractors on their behalf. They usually have some sort of logistical excuse when they ask for your help. They overpay your bill and ask you to send the extra to someone. If you do, you’ll never hear from either the “client” or the subcontractor again. The rest of the situation is the same. The credit card is stolen, so the payment gets reversed. You lose not just the payment they made, but also the money you sent to the “subcontractor.”

Be Cautious

There are a lot of factors that can put you at risk of this business scam. If you most of your work online, for example, or if you’re just starting out and excited about a new project. Especially if you’re just getting started, you may be eager for a new client and not have the experience to realize something is fishy.

In most cases you know who your customers are … and you’ve spoken to them. But it can happen easily in the world of Zoom and everything online that you don’t know the person that you’re working with, so you have to be super careful.

Liz Eisworth

These business scams always provide a lot of details to keep you focused on that. They don’t want you looking any deeper. Frequently, they provide a company name that’s similar to a legitimate company. If you Google the fake company name, the real company comes up, and you may assume it’s genuine if you’re not paying attention. Liz has seen this type of scam many times. Every time someone goes back and forth with the scammer, something doesn’t seem quite right. She hopes people will become suspicious enough not to fall for it.

Time to Think is the Best Defense

There’s an element of social engineering in all of these business scams at some level. Because your information is probably publicly available, it could be as audacious as calling your domain registrar pretending to be you to execute a domain slamming business scam. But more commonly, they use social engineering to manipulate you. Humans are wired to respect people in authority, so they send authoritative-sounding emails pretending to be a lawyer or your domain registrar. Or they try to manipulate your emotions, driving your sense of fear and urgency to get you to act now, without thinking it through.

Whenever you get anything that is trying to elicit an emotion from you, they’re trying to get you to act really quickly without thinking. The first thing you do is just stop.

Liz Eisworth

Always pause. Take the time to let the emotions cool down and think rationally about the situation. Nothing is so urgent that a few minutes will destroy anything. Liz tells her clients that if they ever get something that stirs an emotional reaction, they should stop. Don’t react, but take the time to think. Come back to it when you’re no longer freaking out.

Always just take a pause if somebody sends you something that makes you feel panicked and worried about your business’s reputation.

Liz Eisworth

Liz is a business owner herself. She has been in that situation and received those worrying and threatening communications. But when you receive them, stop and think. Is it real? Or is someone trying to take advantage of you? If you can do that, it will stop a lot of business scams that prey on emotions.

Learn more about Liz Eisworth and SangFroid Web at sangfroidwebdesign.com. You can also find them on social media @SangFroidWeb.