As if we don’t have enough to be concerned about, fraud is on the rise. In 2020, 34% of Canadians experienced fraud, and 79% of those surveyed noticed an increase in fraudulent activity. Now, more than ever, you need to know how to protect your business from fraud.
What makes a business vulnerable to fraud?
There are many factors that can impact the vulnerability of a business to fraud, but some of the most common include:
- Employees who perform multiple functions or hold diverse roles in the company;
- A lack of company procedures including consistent record-keeping; and
- Inability of staff to recognize fraud due to a lack of education.
This post is the first step toward protecting your business from fraud. It’s a starting place in educating yourself and your staff about fraud and what you can do about it.
4 Myths About Small Business Fraud
If you haven’t thought about fraud and how to protect your small business, you’re not alone. Many Canadian businesses fall victim to fraud because they believe at least one of these 4 common myths.
Myth #1: Fraud is nothing to worry about.
Fraud will cost you both money and time (your most valuable resource). In 2017, fraud cost Canadian businesses more than $30 million. If your business is impacted by fraud, it can cause service disruption, compromise sensitive information, and severely damage your business reputation.
Myth #2: Fraud is easy to spot.
Fraudsters succeed because they’re strategic. Canadian businesses fall prey to fraudsters all the time because of sneaky tactics like:
- establishing trust,
- creating a sense of urgency,
- covertly inserting themselves into normal business processes,
- using fear and intimidation, and
- promising irresistible rewards.
Myth #3: Fraud only targets larger businesses.
Canadian small businesses are not exempt from being targets of fraud. One out of every five small businesses are victimized by fraud. That’s not a ratio to ignore!
Myth #4: I won’t be a victim of fraud again.
What are the chances your business could be a victim of fraud more than once? Actually quite high. Fraudsters refer to past targets as “the sucker list”. If they can trick you once, they’ll attempt to trick you again.
12 Common Types of Fraud that Target Small Businesses
There are many types of fraud, and one of the best ways to protect your small business from fraud is to be aware of the scams currently active out there.
Fraud can happen both internally and externally. Internal fraud is common in the form of employee theft, for example. External fraud is more broad. Fraudsters can be customers, third-party contractors, or anonymous sources like hackers.
Here are 12 common types of fraud that target small businesses.
1. Worker’s Compensation fraud
Some employees make false or exaggerated claims about an injury, even lying about where or when the injury happened so they can qualify for compensation.
2. Cheque fraud
Cheque tampering happens when an employee writes a company cheque to themselves or a fake name or shell company.
3. Revenue skimming
This type of fraud is more common for small businesses that use cash, such as restaurants or retail. If a customer pays with cash and doesn’t want a receipt, an employee might keep the cash instead of adding it to the till.
4. Fraudulent invoicing
Some fraudsters send businesses an invoice for a product or service that you didn’t order or purchase.
5. Payroll fraud
Payroll fraud is basically when an employee falsifies payroll information. For example:
- Claiming to work more hours than they actually did,
- Accessing payroll records and changing their salary, or
- Reporting false sales or orders.
6. Malware and ransomware
Malware is aptly named because it is malicious software that attaches itself to your computer or network. It can access confidential information, adjust the settings on your computer or network (including security settings), send messages from your computer, and even reinstall itself after you have removed.
Ransomware essentially holds your computer hostage by preventing access to your computer unless you provide payment.
See How to Avoid Online Scams for more about this.
7. Office supply or training scam
There are variations on how fraudsters perform this scam.
Typically, they contact your business, presenting themselves as one of your regular suppliers for office supplies. They might say there’s a new government regulation that requires you to replace an “expired” product. Then they ask to verify business information such as address, banking details, or employee information.
Eventually, you’ll receive a realistic invoice (without receiving product) and demands for payment. These demands can be intimidating and aggressive, even threatening to report you to the credit bureaus.
Another scenario involves fraudsters posing as a training company. They offer to provide specialized training for your employees (often something related to government health and safety regulations). Their training isn’t actually authorized, or they simply don’t provide any training at all.
8. Fake CEO scam
This is a type of spear phishing also known as the “business email compromise”. A legitimate-looking email is sent to your employees from a fraudster impersonating a senior member of your staff. The email typically requests payment in the form of money transfers or creates a sense of urgency by saying an important contract is in danger if a certain person or supplier isn’t paid immediately.
9. Business grants and loans scam
Fake websites masquerading as government websites guarantee access to special funding programs for a fee.
10. Directory scam
A fraudulent business directory supplier will contact your business and ask you to confirm your contact information. Later, you’ll receive a confirmation call and an invoice for your online directory listing. If you dispute the charge, they’ll claim to have a recording of you agreeing to their services (which they’ve edited from previous calls with you). Then they’ll threaten to send your file to a collections agency and to report you to the credit bureaus.
This scam is sometimes carried out via email. They’ll send you an official-looking document to sign to secure your directory listing. The fine print states that you’re agreeing to the listing for a certain amount of money (often around $1,500).
11. Phishing, Spear Phishing, Whaling, Vishing, SMiShing…
Phishing is a tactic used to steal information, often passwords, login credentials, banking information, or credit card numbers. Variations of this common scam include:
- Spear phishing – targets a specific piece of information
- Whaling – attempts to catch big targets like leaders or senior executives
- Vishing – voice (or phone) phishing
- SMiShing – SMS text phishing
Typically, these scams appear as a message from a financial institution, service provider, business supplier or partner, or government organization. These messages come as email, social media message, text message, or a phone call.
12. Intellectual property scam
Using publicly available information about your company (like patents, trademarks, contact information, or registration numbers), fraudsters send you a notice stating that your intellectual property (IP) rights are up for renewal. They request payment for processing the renewal.
9 Ways You Can Prevent Fraud in Your Small Business
Protecting your business from fraud doesn’t mean you must be suspicious of everyone. Cynicism isn’t required. All it takes is some intentional proactive steps.
1. Educate Yourself & Your Employees
Provide fraud-prevention training for your entire staff. This should include how to identify fraud, how to prevent fraud, and what to do if they suspect fraud. Understanding how fraud happens and knowing about the common types of fraud targeting small businesses will help protect your business.
2. Implement & Maintain Clear Policies & Processes
Develop clear, detailed policies about fraud and processes for dealing with policy violations. Be direct and specific about what fraud is and isn’t, and what the ramifications of fraud may be.
Policies and processes should include fraud-prevention strategies, such as:
- Approval processes or multi-person sign-off for invoice payments, order placements, expense claims, overtime, cheque writing, and other accounting or payroll functions
- A way to ensure that invoices are legitimate
- An organized filing and accounting system
- Restricted access to financial account information
- Limited access to inventory or stock
- An audit log system
3. Keep Detailed Records
Do you know how much inventory you have right now? Are you sure? Your business needs a record-keeping system that ensures you’re keeping track of inventory, money, and even information.
4. Know Your Employees & Partners Well
Hiring an untrustworthy employee increases your chances of fraud. Naturally, the better you know your employees and business associates, the less likely you are to be victimized. Reference checks, background checks, and pre-employment screening are helpful during the recruitment process.
Never assume that long standing, hard-working employees won’t commit fraud. Financial strain can tempt anyone to “get creative”. And the more responsibility and independence an employee is allowed, the greater opportunity they have to commit fraud.
Fraud can come to light when the culprit is absent for an extended period, so make sure your employees take their holidays.
Knowing your business partners well protects you from being scammed by fraudsters posing as your business partners. Keep up-to-date records of their address, contact names and information, and any other mutual business relationships or references you can use to check if you come across something suspicious.
When entering a new business partnership, an added measure of protection is to confirm that they are a legitimate business, who the owners are, and how long they’ve been in business.
5. Enable Whistle Blowing
You must have a way for employees to report fraud anonymously. Without it, potential whistleblowers may be too afraid of losing their job or relationships if they report anything, especially if their suspicions prove to be unfounded.
6. Set Up Protections for Accounting & Bookkeeping
Always have more than one person handling basic bookkeeping (like receivables, payables, payment processing, managing petty cash, and record keeping). Accounting software with data-integrity tools can minimize any temptation to commit fraud and provide a layer of protection all around.
If any of your employees require access to your business credit card information, stress the importance of security. For example, encourage them to only use secure, online bill payment.
7. Inspect & Audit High-Risk Areas Often
Business owners should check your business registration, PPSA report, and credit report regularly to ensure the information is accurate. If it’s not, you may be a victim of fraud. Catching it early can save you a lot of money and protect your business. Sadly, 36% of Canadians don’t know their credit score.
Your employees should know audits happen regularly and randomly. These routine audits should examine cash, refunds, returns, inventory, bookkeeping, and accounting.
8. Investigate every case—no matter how small
With an anonymous fraud reporting protocol in place, investigate every report. No matter how small or unlikely it may seem, it’s worth looking into.
9. Secure your networks
Set up security systems to protect your business network, computers, mobile devices, and any other sensitive data. Keep software updated on all devices and require passwords to be changed frequently. Schedule data back-ups regularly and store those back-ups in a separate location (offline and offsite).
What to Do if You Suspect Fraud
Fraud reporting is one of the best ways authorities can identify current scams and gather the information they need to shut down fraudsters and protect Canadian businesses. Don’t believe the lie that your situation was too small to involve the authorities.
Authorities keep any information reported about fraud confidential, so you don’t need to worry about the impact on your business reputation if you report it.
Always report fraud! Here’s how:
To report lost money due to fraud, file a report with your local police, contact your bank or financial institution or credit card company, and contact the Canadian Anti-Fraud Centre.
To report identity theft, file a report with your local police, contact your bank or financial institution and credit card company, place a fraud alert on your credit reports with the credit bureaus (Equifax and TransUnion), and contact the Canadian Anti-Fraud Centre.
To report banking information theft, file a report with your local police, contact your bank or financial institution and credit card company, and place a fraud alert on your credit reports with the credit bureaus (Equifax and TransUnion).