SMEs and freelancers represent more than 90% of the corporate fabric and are very interesting for those who engage in B2B fraud. Although they spend more time developing and running scams for these profiles, the rewards are also higher than for ordinary users. Google has declared war on it. These criminals pose as the technology giant and have fraudulently made SMEs and freelancers pay for a business profiling service that is originally free.
On this, Kaspersky has detailed the most used social engineering tactics to defraud SMEs and freelancers:Impersonate trusted providers. Large companies have specialized departments and procedures to ensure that the provider they are going to work with is trustworthy, while SMEs may lack these resources with which to identify scams at an early stage. Cybercriminals lure business owners with offers that are too good to be true (and expire quickly), flexible terms, and most importantly, a trusty-looking website that impersonates an authentic brand. However, when the sucker pays the bill, the supplier disappears. Scammers impersonate any type of organization, from travel agencies to wholesalers.false events. Acquiring knowledge, sharing experiences and expanding the commercial network is crucial for business development. This is known to scammers, who do not hesitate to create fake events to profit. They send invitations and sell fake tickets from apparently professional pages for conferences, round tables or awards in which relevant speakers participate in interesting debates. Events that will never take place.
B2B fraud: this is how scammers hunt SMEs and freelancers
Blackmail through bad reviews. Reputation means more profit for the company, and scammers know it. In this way, they write negative reviews of hotels, restaurants and other businesses and then send emails to the victims offering a service to remove those reviews from Google, TripAdvisor and other websites. It goes without saying that the service does not exist.Distribution of spear phishing. Phishing is one of the most popular and simple methods to obtain information necessary for theft from companies (access data to bank accounts, passwords, etc.). In the case of spear phishing, so in vogue lately, scammers send emails to the person in charge of managing the company’s budget (owner, accountant, etc.). They pose as banks, business partners or other companies and request a payment or certain information from employees or company accounts. Different specialized projects, such as GEIGER, in Europe, work on the important task of informing SMEs about cyber risks. In order for companies to be safe from this type of scam, the following basic cybersecurity rules must be respected: Do not give in to manipulation or blackmail. Scammers are always looking to destabilize and force the victim into rash decisions Check spelling or any suspicious signs in emails from new senders Always report scam attempts Educate yourself and your staff. Cybersecurity knowledge can be acquired through online courses