When Adriana DalSoglio, contract manager with Fisher’s Document Systems, received a call from a customer questioning a bill for toner, immediately red flags started going up.
The “toner scammers” are hitting Fisher’s customers. The scammers are gleaning information from customer’s front desk staff about models and makes of copiers in service, and types of cartridges used.
Then, armed with that information, the fraudulent sales person contacts the company and makes the sales pitch.
“They are calling and saying they represent Fisher’s,” she says. “They say that the price of the toner they use is about to increase dramatically, and they should buy it now, and save money in the end.”
Then, the shipment from the fraudulent salesman is delivered, and billed.
DalSoglio says Fisher’s tries to stay in front of the fraudulent sales by calling customers and educating them on such scams.
Every year, BBB receives calls about phony invoices and attempts to “over-ride” sales contracts. These fake billings are another way to get businesses to pay for materials they did not order or receive. A small business can protect itself against increased liability on its financial transactions by using strong ways to secure the credentials they use to get access to their bank accounts.
Just this week, BBB received an invoice from Maria Decaney, executive assistant at KIVI 6 – On Your Side, in Boise. The invoices were for $425.00 Telecom Maintenance Agreement from UST in La Verne, Calif.
“We received these invoices today but we do not do business with UST’” she says. “When I asked our engineer about them, he said that they are a scam.”
Companies that do not have a payment process can sometimes be caught off guard when official looking invoices come across the desk. Sometimes they get paid.
Probably the best way to uncover such fraudsters is to do extensive background checks, ask for “vender” documentation, and reference.
Also, avoid making quick-pitch decisions. Have a policy in place that clearly states, “We don’t do business over the phone, please send your sales opportunity to ….” And then, make certain staff adheres to the policy.
In addition, BBB recommends these guidelines:
Initiate a “dual control” payment process with your bank and employees. Ensure all payments are initiated from your bank accounts only after two employees approve. One employee will create the payment file and a second employee will be responsible for authorizing the release of the file. This process should be in place regardless of the type of payment being initiated-including checks, wire transfers, fund transfers, payroll files, ACH payments, and etc.
Have dedicated workstations. Restrict the use of certain workstations and laptops to be used solely for online banking and payments, if possible. For example, a workstation or laptop used for online banking should not be used for web browsing or social networking.
Use robust authentication methods and vendors. Make sure your financial service providers allow for “multi-factor authentication.” This means that you need more than just a username and password to get access to your account.
Update virus protection and security software. Ensure that all anti-spyware, anti-malware, and security software and mechanisms are robust and up-to-date for all computer workstations and laptops used for online banking and payments. Implement a process to periodically confirm they stay up-to-date. Security patches are often available via automatic updates.
Reconcile accounts daily. Monitor and reconcile accounts daily against expected credits and withdrawals. If you see any kind of unexpected activity on your account, tell your financial institution immediately.