Yuletide, peppermint, Hallmark movies … and financial fraud and cyber scams. They all pick up during the holiday season, but various scams are increasing in sophistication and successfully victimizing unsuspecting citizens year-round.

Promo companies, especially small businesses, are just as vulnerable as individual companies. It’s possible that attempts to steal money from your company have already been made. If they have not yet been successful, that doesn’t mean you are safe.

One Connecticut-based distributor spoke with PPAI Media about a PayPal fraud attempt that nearly victimized the company earlier this year.

Via Yahoo! Finance

What Happened

Last July, Promomento’s (PPAI 339294, D2) founder Jennifer Katus received a deposit of $0.01 to the company’s business account. That’s when she knew something strange was going on.

  • Katus linked the PayPal account to her business account when she started the company, but it had been dormant for over 10 years.
  • PayPal’s customer support was unable to confirm that the money entered her business account through PayPal but advised her to let them shut down her inactive PayPal account.
  • Next, Katus contacted her bank, which advised that she close the Promomento business account and open up a new account – a time-consuming inconvenience.

“Like, any business, I had transactions in progress,” Katus says.

What Might Have Happened

The one-cent deposit was very likely a test in an intricate series of moves to maximize a theft.

  • Hoping to confirm that the PayPal account is indeed linked to the account they are aiming to steal from, thieves will initiate a transfer of mere cents and wait to see if the account owner takes action.
  • The choice to make a deposit – rather than a withdrawal — is deliberate in order to keep suspicion down, disguising the move to resemble a common minimal interest payment in a savings account.

“The thing that really surprised me about this one is that the initial transaction was not an attempt to withdraw money,” Katus says.

  • Most banking accounts will have a maximum amount that can be withdrawn without a warning being triggered via email or text, so thieves will strategically withdraw an amount as close to that number as possible multiple times, sometimes successfully stealing tens of thousands of dollars over the course of a few days before the victim is even aware.

There are two possible ways the criminals got access to Promomento’s business account:

  • They hacked into Katus’ dormant PayPal account, perhaps accessing an old password that she commonly used years ago.
  • They hacked into the business account through other means, and they disguised the name of their own account to make it appear as a legitimate PayPal account.

“I feel very fortunate,” Katus says. “I never lost any money. But I think only because I happened to catch it right away.”

Protect Yourself Against Constant Attacks

As both an individual consumer during the holidays and a promotional products business trying to navigate the busyness of Q4, you are likely to be targeted by scams involving app-based payment methods or actual hacks into banking accounts.

  • Most of these attempts will fail, but it only takes one successful attempt to potentially cost your company thousands of dollars.
  • The most important thing that Katus learned from her experience is to make sure there are no dormant accounts linked to her business account.
  • Clients have asked Katus recently about accepting ACH payments. As a small business owner, she must factor in that it is another “access point” for thieves. She plans to reach out to more clients to ensure that it is worth the risk.

“It’s now part of the business calculus of that decision,” Katus says.

BeenVerified, a website dedicated to helping citizens understand how to use public data, provides some catch-all advice to avoid the most common tactics.

  • Do not reply to messages: Any concerns should be addressed by looking up the number of the company and calling directly.
  • Do not click links: Ransomware or malicious software can enter your computer through links.
  • Do not provide personal information: Every bit of information a criminal has will increase their chances of more intricate fraud and will maximize the attempts on your accounts.
  • Do not give anyone outside your company remote access to your card.
  • Be wary of anyone bringing up “gift cards”: This is the beginning point of a scam. If such an email comes from within your company, confirm with the sender in-person, via phone or in a separate email.

Large Companies Are Not Safe

These scams are not exclusive to companies under a certain size. PPAI Media has covered large-scale scams that have affected some of PPAI’s larger members.