Online scams are on the rise, and they are not just targeting individuals but businesses as well. These scams can cause significant financial and reputational damage. A number of SMB owners in Singapore have recently been scammed by malicious actors taking over their business Instagram and TikTok accounts, and in the process lost access to loyal followers.

What can you do to protect your business brand from online scams and ensure that the reputation of your business remains unaffected? Here is a rundown of some basic practices you can adopt to safeguard your business.

1. Recognise common scam tactics

Scammers employ various tactics, and recognising some common ones is the first step of defence against them.

• Deceptive emails: One of the most common methods adopted by scam artists takes the form of deceptive emails. For example, the business could receive an email seemingly from a trusted vendor requesting an urgent payment, with a link to update financial details.

Tip: Look to identify some common red flags in such emails. This could include poorly phrased text, grainy logos, suspicious-looking sender addresses, unsolicited requests for sensitive information or suspicious links. Encourage a cautious approach to email communication, especially regarding financial transactions. In this scenario, questioning the legitimacy of such requests can prevent a potential financial loss.

• Fake invoices: Scammers often send fraudulent invoices, mimicking legitimate suppliers or service providers, to trick businesses into making illegitimate payments.

Tip: Implement a thorough invoice verification process, cross-referencing details with purchase orders, and confirming with known contacts. If you receive an invoice with a slight variation in the supplier's email address, identify the discrepancy and prevent the payment of funds to a fraudulent account.

• Social media account takeovers: Social media platforms are not immune to scams. Scammers may gain control of business profiles, posing significant risks.

Tip: Regularly monitor account activities, enable two-factor authentication (2FA), and educate employees on the risks. If you notice unexpected changes in posting patterns, unusual messages, or unfamiliar access to administrative settings, you can take immediate action to secure the account. 

• Phishing attempts:  Sometimes scammers create fake websites or emails that mimic legitimate entities to steal sensitive information. For instance, you may receive an email claiming to be from a well-known bank, urging you to log in to address an urgent issue.

Tip: There are some common ways to recognise these attempts, such as checking for subtle misspellings in URLs for fake websites or email addresses for phishing emails. Scrutinise such emails for telltale signs of phishing to avoid falling victim to data breaches. 

2. Always verify authenticity of communications

As a business owner, you are likely to receive communications across various channels – email, SMS, WhatsApp and other messaging platforms. In every case, it is important to ensure that you are not tricked into revealing any sensitive information or taking actions that could compromise your business’ security.

Make it a point to verify the authenticity of all communications. For email, this could mean the basics such as checking the sender’s address to make sure the domain names are familiar or if not, legitimate and that there is no ask in the body of the email for revealing any sensitive information. For messaging apps, this could mean sticking to only encrypted communication channels such as WhatsApp or Telegram, especially for sensitive discussions. Even here, it is prudent to avoid sharing confidential information. 

3. Educate employees to spot suspicious online activities

It is important that everyone in the company is aware of these online scam tactics and the dangers that they pose. All it takes is one person who is unaware to be compromised into leaking sensitive business data or inadvertently giving scammers access to the company network.

Thus it is important to educate employees and train them regularly on the latest scam tactics. This could be in the form of workshops on recognising and reporting online scams using real-life examples and phishing scenario simulations; or in the form of company protocols and procedures for reporting unusual activities.

4. Learn from other SMB owners

Since the scam techniques used are always evolving, it is important for SMB owners to keep themselves updated. Aside from reading news articles, you can also tap into your network and interact with other SMB owners. Learning from others' experiences can enhance your awareness and help fortify your business against evolving threats.

Look for industry events and conferences on cyber security to gain firsthand knowledge from experts. Singapore Business Federation (SBF) provides a platform for business networking, offering events and forums where SMBs can discuss challenges, including cyber security. Singapore Cybersecurity Consortium is another community which provides access to a network of cyber security professionals and events aimed at enhancing knowledge and collaboration in the field.  

5. Adopt safe financial practices

Scams can also target SMBs to make transactions from their bank accounts. This is often in the form of scammers impersonating bank staff and targeting SMB owners or employees through phone calls or SMSes, asking for their credit card details.. In this case, you could lose valuable business revenue if precautions are not taken.

Make it mandatory for everyone in your team to adopt Multi-Factor Authentication (MFA) for all financial transactions and sensitive accounts, in addition to a strong password policy.

To add another layer of protection for your financial data against online scams, consider adopting advanced cyber security solutions. Ideally, these should involve real-time threat detection and protection in addition to firewalls and antivirus software. Singtel offers various cyber security solutions for SMBs, including Endpoint Security to secure your employees’ devices, Network Security to defend against advanced threats 24/7 as well as Cloud Protect for protection in a multi-cloud environment.