How to Identify Business Scams


Cautionary tales to avoid disrupting your practice

By Stephen Rapposelli, PT

In the early 2010s, I was trying to print out a home exercise program from my desktop, to my company’s printer. It wasn’t working.

Since I was in a rush, I did it another way, not using the printer. I didn’t think anything about it.

Two days later, I tried to print out everyone’s paycheck. (Ah, the days when I did everything!)

Again, could not print, but now this was an emergency.

I emailed my IT guy, who called me right back, saying all my company data was being systematically encrypted as we were speaking.

I then got “the email.”

Someone sitting in a café in Estonia had inserted a virus into my network that was locking up all my data. All I had to do was pay them two bitcoins ($500) to their electronic wallet, and they would be nice enough to send us the encryption key. Since it was the early 2010s, I had to have my IT guy explain to me what a bitcoin was, and what was an electronic wallet — although now I wonder why I didn’t buy 100 bitcoins at that price!)

Welcome to one of the top five business scams waiting to disrupt your business, and how to identify them! Read on to arm yourself!

  1. Opening attachments inside your network

    That’s how my teachers in that Estonian café did it. I opened an attachment.

    How to identify: Usually, the subject line just doesn’t sound right. If you know the sender, it just doesn’t sound like they would write that way. Or, it sounds too vague. Or, it is coming from your own email address (yup, I get that). Don’t open any attachments that you don’t expect, even if it is from your mother! The weakest part of your computer system’s security is the human part. If you think you are a security risk, you are correct. The only person worse than you is your staff. Regularly train them to not trust any email sent to them, especially if it has a link or attachment, even from their mother. When in doubt, simply forward to your IT professional and ask. (You do have an IT professional, right?)

  2. The copier guy scam

    Your “copier guy” calls your front desk people, needing your copier’s model and serial number. Bob, who just started last week, happily complies. Two weeks later, you get an invoice for toner and other unordered goodies. If your accounts payable person is not suspicious, it gets paid.

    How to identify: Anyone calling your office asking for any information about any of your equipment. That counts for emails as well.

    Pro Tip: Simply training all staff to ask for a call back number usually results in a hang up, amazingly.

  3. The well-meaning patient who wants to meet for coffee to discuss a ‘business opportunity’

    This person capitalizes on your giving nature to proceed and give you a 45-minute presentation on Amway, Longaberger baskets, phone service, Pampered chef, or any other multilevel marketing (MLM) scam. They know that you are a nice person, so you will listen to the entire pitch, unable or unable to stop it. Look for major red flags when someone wants to “bring someone with them” to the talk. That is their trainer, who is even more polished in giving you a pitch.

    How to identify: If someone is cagey about why they want to meet you. You may be tempted, or guilted, into a vague sounding meeting, but stay strong! This scammer is trained to overcome objection, using the veil of their relationship with you, as well as your kindness, to get access to your time and money. My favorite script in response to these characters is, “I just nicely told you no, but if you don’t understand that, I can use other language.” You may risk whatever relationship you have with them, but didn’t they risk it first?

  4. Buying or selling equipment online

    You have some equipment in one of your clinics and decide to sell it online. It might be Facebook marketplace, eBay, or a number of sites. Someone is interested! Yay! They want to pay you via Western Union or Zelle. They want to pay you over asking price and ask you to simply send the difference back to them.

    How to identify: Generally, online conversations that indicate poor understanding of English, poor grammar, urgency, and asking to take the conversation offline to another platform.

    Ideally, transactions for buying or selling online are safest at your office, or if you are shipping, a way to confirm the person or business.

  5. Spyware caught you watching explicit material or another unfavorable activity

    This criminal says that they have been tracking your online habits, they took screenshots of all the explicit material you have been watching or activities you’ve been participating in, and they are going to send it to your family, your neighbors, and Anderson Cooper. You can’t delete them, so all you have to do is pay them. They even emailed you from your own computer to prove they have control of it.

    How to identify: You get an email from yourself with a subject line of “unfortunate news” or “you have been caught.” The good news is that none of this is true, and you should just delete it.

  6. FedEx, UPS, USPS package tracking

    You’re expecting a package, but it’s running late, or there’s tracking info. Be very suspicious of links in emails. If you really want to know the status of your package, log into your account manually and check there, or make a phone call.

  7. IT is doing security checks

    You get an email from IT support or IT admin that they are doing security checks and want you to insert your username and password. This is clearly false (unless the company is doing their own phishing test) and should be reported to IT immediately.

  8. A company calls saying that they’ve found an issue on your network and need remote access

    NEVER EVER let anyone have remote access to your computer UNLESS YOU INITIATED THE CALL. Even if they are calling you back, make sure you call in and get that person on the phone.

Scams run rampant in the business world. While skepticism is usually not a favored trait, in some instances it may protect you and your business from foul play.

Copyright © 2018, Private Practice Section of the American Physical Therapy Association. All Rights Reserved.

Are you a PPS Member?
Please sign in to access site.
Enter Site!