Protecting your business and employees from scams is crucial in today’s world. What can you do to protect yourself? If you believe but are unsure if someone is trying to scam you- what steps can you take? One of the best ways to protect your business is to educate your employees so they know about common scams and what to do if they believe they are a target. The following include different scams and how you can defend yourself against them.
Email phishing scams
These types of scams use deceptive tactics to get people to reveal sensitive information. They may disguise themselves as official sources like banks, reputable organizations, government agencies and even the CEO or owner. They rely on psychological tactics such as feigning urgency or warnings to pressure an individual to click on malicious links or provide sensitive information.
- Only open emails from people you know. (But also, be cautious as email scammers can mask themselves as someone you know.)
- Be cautious of suspicious emails asking for personal information or financial details.
- Avoid clicking on unknown links and downloading attachments.
- Check the email address for any signs of alteration or inconsistency. Hackers will often use free email domains instead of the one associated with the organization.
- Examine the ‘from’ and ‘reply’ line. They will often be different if the email is from a scammer.
- Integrate multi-factor authentication such as Google Authenticator for an extra layer of security.
- Have employees report any suspected phishing attempts immediately.
The Federal Trade Commission has advice on how to recognize phishing and how to report suspected attempts. The Washington Hospitality Association also has a Cybersecurity toolkit on our members-only site that has additional resources.
Credit card chargeback scams
There are a couple of different types of credit card chargeback issues: friendly fraud and true fraud. Friendly fraud happens if a consumer disputes a charge with the credit card company. It happens because they may be unhappy with the quality of service, don’t remember making that charge or other reasons. True fraud happens with stolen credit cards or attempts to avoid paying for the service or goods.
- Implement strict payment procedures to confirm the legitimacy of credit card transactions. On larger transactions or suspicious payment patterns make sure you verify the identity of the user. Keep in mind that there are different rules depending on the card networks before asking for ID.
- Keep detailed records of all transactions including signed receipts to dispute any fraudulent chargebacks. This can be helpful for friendly fraud and intentional.
- Stay up to date with Payment Card Industry compliance regulations to protect customer card data.
- Train employees on different methods of credit card payments and the vulnerabilities that can go along with them. Generally, touch to pay and chips are more secure than the magnetic swipe to charge a card.
The National Restaurant Association has a video about how to decrease consumer chargebacks.
Coupon fraud involves dishonest practices such as creating fake coupons, changing real coupons, or using coupons in a manner inconsistent with intended use.
- Clearly outline terms and conditions for all coupons and promotions to prevent confusion or misuse.
- Train your staff to authenticate coupons and identify counterfeit coupons.
- Use barcodes, unique codes or QR codes. These can be verified through the POS system.
- Monitor coupon redemption rates by limiting the amount and look further into any suspicious activity.
There are many more precautions that you can take to avoid coupon fraud.
Fraudulent prepaid bookings:
Individuals may use stolen credit card information to make prepaid bookings and later cancel and request a refund to a different account. This method is also used for money laundering to access “clean” money in the form of a refund. Another form of this fraud happens when people make reservations and resell them at a higher price on another site. This can damage reputation and customer trust. By making fraudulent reservations, scammers can access personal data for further criminal activities such as identity theft.
- Require guests to provide a valid credit card for prepaid bookings to minimize fraudulent transactions and verify identity.
- Implement secure online booking systems that encrypt customer data. Ensure that you are utilizing a reliable third-party payment gateway to process prepaid bookings securely and protect personal and financial information.
- Regularly monitor bookings and cross-check credit card details for any discrepancies.
Canary Technologies has additional tips on how to help avoid this type of fraud.
Phone scams involve a fraudster calling a hotel or restaurant and attempting to deceive staff members or guests. Much like email phishing, this individual may impersonate a trusted entity. These trusted entities may be another hotel chain, restaurant management or a delivery service. The scammer claims that you can only solve their issue by revealing personal or confidential details. Another form of this is when a scammer says they have been overcharged and want reimbursement over the phone. The fraudster may even provide bank account details to convince the staff member. They may intentionally call during peak hours as a tactic to evade detection.
- Educate staff to use caution when receiving phone calls that ask for sensitive information. Employ a policy to verify the identity of any callers before revealing any information to avoid spoofing scams. Keep in mind that official companies or services will rarely ask for confidential details over the phone.
- Educate your team about common phone scams so they know what to listen for.
- Display contact information on your website and social media pages to encourage customers to reach out directly if they have any concerns.
The Federal Trade Commission also provides a guide for identifying scams and other steps you can take.
Staying informed and educating yourself and employees is key to protection. By being cautious, verifying information and implementing security measures, you can minimize the risk of being taken advantage.