Don’t Get Hooked
Business Insights
How to avoid a new slew of small business scams where con artists employ a variety of new methods to access sensitive information.
When the phone rings in a hardware store, it’s typically a customer asking if a certain mower is in stock or how late the store is open. Sometimes, though, there is a scammer on the other end of the line trying to access information to hack systems or dip into bank accounts.
In recent years, such scams have affected single stores and retail chains to national co-ops. For example, a scammer falsely claimed to be a U.S. Marshal investigating a particular business because of counterfeit money. At a higher level, a few years ago, a mid-sized distributor had its computer systems held ransom as part of a cyberattack that demanded money for restoration of service. This past October, Ace Hardware was also hit with a cyberattack.
Both large and small businesses are increasingly seeing an uptick in malicious cybersecurity attacks. A recent Skybox Security report showed a 25 percent year-over-year increase from 2021 to 2022 in the number of reported cyberattacks in the United States.
However, the threat goes beyond the keyboards of hackers. Now, the number-one most common threat vector is imposter scam.
“This includes social engineering attacks by malicious actors attempting to gain access to information by pretending to be a trusted source such as your bank, government institution, or well-known supplier,” says Sean Carr, Epicor vice president of information security.
How Scammers Reach Out
Especially when pretending to be a business or government agency, email was the number-one way scammers attempted to contact potential victims, according to a recent report from the Federal Trade Commission.
Phone calls are another method that can trick hardware retailers into a sense of urgency, especially if the scammer is pretending to be a POS supplier with vital information or warnings.
“Retailers should always follow their local process and procedures to confirm the identify of any vendors who make an unsolicited attempt to contact them,” Carr advises. “Investing time and effort to train frontline employees in how to identify suspicious activity will help reduce the likelihood of a successful attack by a malicious actor.”
The quickest, surest way to thwart that kind of scam attempt is to hang up and call your POS representative.
“Always get a name of the contact, then reach out to them through a standard phone number or website, not an address or phone number that they provide,” Carr says. “In the case of a callback, always have them reference a specific ticket number—every legitimate activity should be tracked this way.”
Red Flags to Detect Potential Scams
Hardware store owners and employees should know the red flags to recognize potential scammers.
“It’s critical that businesses adopt and reinforce strong cybersecurity hygiene practices,” Carr says. “From a social engineering standpoint, never reveal information to an unknown entity that calls you.”
In addition to gathering information, scammers will try to get retailers to conduct fraudulent credit card transactions under the guise of testing or diagnosing problems. Scammers will often ask for payment in specific ways, such as through wire transfers, cryptocurrency or (like that fake U.S. Marshall) gift cards.
While in contact, scammers may create a sense of urgency, intimidation, or fear. They urge potential victims to act before having the chance to verify claims.