How To Protect Your Business from Scams & Cyber Threats

Man and a woman working at their business

Between 2020 and 2022, cyber attacks on small businesses increased by 150%. In today’s world, even the most routine activities like opening emails or surfing the web leave small businesses vulnerable to criminals. Each year, as cybercriminals perfect their techniques, the risks to businesses continue to grow, making it more important than ever to recognize potential scams and train your employees to do the same.

Let’s explore some proactive ways to block cybercriminals, safeguard your accounts, and protect yourself, your employees, and your business from fraud.

Common scams targeting businesses and their employees

Cyber thieves targeting individual consumers and businesses often use a variety of tactics designed to trick you into reacting quickly. Recognizing some red flags can help you and your team stay calm and reduce your chances of falling victim to common schemes, like those below, frequently used to target business owners.

Threatening phone calls

Scenario: “I'm calling from the IRS, and we are preparing a complaint against your business for failure to pay required income taxes in a timely manner. We are in the process of contacting your bank and having all of your assets frozen.”

Warning triggers:

  • A request from a person of perceived authority, demanding you take action to avoid legal consequences, jail, or inability to access your money
  • The caller asks you for a payment and/or seeks to verify your personal information
  • The caller suggests you give your banking information so they can process a payment, or pressures you for your user credentials

Receiving a call like this can be alarming, but be assured that government agencies will never call, email, or text you to ask for money or sensitive information. However, some impersonation scams may “spoof” the phone number of a government agency or attempt to make it look real on caller ID. If you receive a threat, hang up and locate the agency's number on their official website to verify.

Excess Payment emails

Scenario: “It appears the check I sent to you was for too much. Why don’t you deposit that check and wire the difference to the account number I’ve included.”

Warning triggers:

  • You receive payment for an item that you’re selling for more than the amount of the product or service
  • You receive a request to deposit the payment and then wire the difference, or send it in the form of a gift card or other transaction

Any time a company asks you for payment via wire transfer, gift card, or cryptocurrency, there’s a good chance it may be a scam. Remember, the amount of the payment or difference in price doesn’t have to be significant to constitute fraud.

learn and plan

Learn about recent scams targeting Citadel customers.

Avoid Fraud
A restaurant owner taking a call in the kitchen

Tech Support chat message

Scenario: “We've detected malware on your computer. Let's get this fixed for you. Click on the link below or respond to this message to get started.”

Warning triggers:

  • A sudden, unanticipated pop-up message claims your computer has malware
  • Payment is requested to fix the defects
  • Access to your computer is requested to look for problems

This type of attack is known as social engineering; a practice cybercriminals use to trick employees into doing something that gives them access to systems or data. Malware is the most common type of cyberattack attempt on small businesses, followed by targeted emails.

Keep in mind that cybercriminals must access your device first in order to plant malware and/or take control of your machine. Never click on a link in an unsolicited message, as it may activate software that encrypts all or a part of your data, drives, and/or systems. Your web activity and log-in credentials could also be captured, enabling criminals to act as you or your employee online.

If you believe you have a legitimate issue, contact your tech support team or preferred third-party vendor directly.

Business Compromise email

Scenario: “There's been a change in the transfer details for a purchase I’m trying to complete. Please wire $450,000 to the following account.”

Warning triggers:

  • You receive an unexpected request from a person in a position of authority, such as a CEO
  • This person is asking you for assistance in redirecting payments or making a surprise purchase
  • You’re asked to make account changes or provide sensitive data

Business compromise emails ranked second among the costliest cybercrime methods in 2023. If you get a suspicious email asking for assistance, verify the sender’s address and look for misspellings or other clues that may raise suspicion. If it's not a request you were expecting, contact your colleague directly using their usual phone number or address to double-check.

5 steps to help keep your accounts secure

  1. Keep contact information current. Log in to Online Banking regularly and update your contact information. This not only ensures your financial institution can contact you quickly but also limits the exposure to your account if suspicious activity or transactions occur.
  2. Enable extra security features. Turning on security features such as multi-factor authentication, individualized user credentials, and complex passwords can provide a critical extra layer of defense against fraud.
  3. Set up alerts and card controls. Enabling custom alerts and controls in the Citadel Mobile App allows you to turn your credit and debit cards off if they're lost or stolen, set spending limits for authorized users, manage travel locations, set up transaction alerts, and prevent fraud by disabling certain types of activity. You can also choose when and how you receive notifications, decreasing the likelihood that imposters can use your account without your knowledge. If you have accounts at other financial institutions, look for similar settings in each online banking platform to maximize security across platforms.
  4. Control access to your accounts. Allow only trusted employees access to your accounts and be sure to monitor their activity regularly. If you're a Citadel member, you can add additional users and roles in Online & Mobile Banking with custom permissions for each team member. Remove anyone who should no longer have access on a monthly or quarterly basis.
  5. Create a cyber security awareness program. Despite the ongoing rise in cyber-attacks, over half of small businesses still haven’t implemented measures to protect themselves. Be sure to educate your employees about potential fraud tactics and double down on your efforts by implementing a detailed incident response plan.

The rising cost of cybercrime

Cybercrime costs are estimated to reach $10.5 trillion by 2025, and no business is safe from becoming a potential target. In addition to the immediate financial impact, cybercrime can cost your business its reputation, loyal customers, employees, and projected revenue. However, you’ll considerably lower your odds by providing cybersecurity training to employees, recognizing red flags, and having a documented defense strategy or incident response plan in place.

And remember, one of the most effective ways to help combat cybercrime is to simply trust your instincts if something doesn’t seem right. If you think you may have been the target of a potential scam or are seeing fraudulent charges on your account(s), please contact us immediately at 800-666-0191, visit a branch, or chat with us via Video Connect so we can help.

Safeguard your credit cards against fraud or theft.

Safety Tips