Don’t let tabnapping or phishing leave you on the hook!

By now we’re all aware of the dangers of opening e-mail attachments or clicking links from unknown sources – but what about e-mails which appear to be legitimate? When fraudsters pose as a company, brand or e-mail address you recognize, it’s called phishing. A play on the word fish, the perpetrators are fishing for someone to fall for their scam by sending e-mails (usually with a link to a website) purporting to be from a reputable company. They’re hoping to trick people into giving out personal information or making payments.

How to prevent phishing:

  • Make sure you have a spam filter on your e-mails
  • Look for tell-tale signs such as typos, grammar errors or poor image quality
  • Check the e-mail address – businesses and organizations don’t use hotmail or gmail accounts
  • Don’t assume people or businesses are who they say they are
  • Don’t give out personal/business information unless you’re absolutely sure of who you are dealing with.
  • Trust your instincts – if you’re not comfortable, contact the company directly to find out if the message is legitimate.

Now, look at your browser – how many tabs do you have open? And how long have they been that way? Using code, fraudsters can change the content and label of an open but inactive tab to look like the log-in for a bank, an online store, or even your e-mail provider. When you click back to the tab and find the log-in screen you assume the session has timed out and so you log back in – giving your personal information to the hackers. This is called tabnapping and it’s a more sophisticated version of phishing.

How can you stop it happening?

  • Install anti-virus and anti-spyware software on your computer – and keep it updated!
  • If you’re not sure of the legitimacy of a log-in site, close the tab, open a new one and type in the address of the site you wish to visit.
  • Keep an eye out for transactions in your name that you did not make.

Keep anti-malware software installed and updated, and always second-guess before sharing personal information to help protect you and your business from cyber crime.

_______________________

Emma Speagell is a Bilingual Business Counsellor in the Atlantic Region, where for the past three years she has helped members with a range of issues from CRA audits, to Occupational Health and Safety Compliance, to finding a financing program to help grow their business. Emma enjoys being a helping-hand and a listening ear to our members, and loves hearing their success stories!


Is someone stealing your refunds?

When we hear of fraud we mostly think of counterfeit cash, or scam calls. We tend to forget about return fraud, and that is because we don’t necessarily notice it. Let me tell you, I have worked a lot in customer service and have witnessed my fair share.

Return fraud?

Retail establishments are one of the three business establishments that suffer from this kind of fraud (alongside banking and health & property insurance) (Canada, 2008). A customer may want to return a stolen pair of jeans, or might say they never purchased from your online store but their credit card was charged. If you fall victim to return fraud, you may have to face chargeback’s. The key to minimizing return fraud is to be aware of all transactions made face-to-face and online:

  • If an authorization is declined for the full amount, request another form of payment.
  • When processing a refund, process it on the same form of payment it was previously purchased on.
  • For any credit or debit return, compare the signatures on the back of the card and on the receipt.
  • Make sure your return policy is visible to customers at the cash, and is pre-printed on your receipts.
  • Accept store exchanges or make store credit part of your policy.
  • For online purchases made to your shop, ensure the address is accurate.

Who can help me?

You can submit a fraud report to your local police or to the Canadian Anti-Fraud Centre. For chargeback’s you can contact the FCAC for guidance. However CFIB does provide help to its members who need assistance.

Train your staff

Make your staff aware of the following:

  • Organizing your receipts (weekly).
  • Train your staff on inventory; make sure it is done daily.
  • Comparing signatures when processing a payment or a return.
  • Accept only signed cards.

______________________________

Cassandra Beaugé joined CFIB’s Ottawa team as the National Affairs Assistant in 2016. Behind every small business hides a human who may need help but doesn’t know where to begin. That’s why Cassandra enjoys giving a hand in Business Resource. She enjoys reading and is a fan of the WWE!


Fraud is everyone’s business!

Although March is dedicated to Fraud Prevention across Canada, CFIB is committed to fraud prevention year round.

Did you know:

  • one in five small businesses has been victimized by fraud?
  • small businesses, on average lost $6,200 to scammers last year per incidence?
  • small businesses spend an average of $2,900 on fraud prevention per year?
  • more than half of business owners impacted by fraud say the stress and hassle associated with fraud is worse than the financial losses?

That is why CFIB wants to create awareness about small business scams and provide you with fraud prevention tools that you can use. Visit our webpage www.cfib.ca/BeFraudFree for a collection of our extensive fraud prevention materials. Including….

  • Our research report Fraud – A big threat to small business that shares findings on how fraud affects the small business owner. Be sure to check out our infographic that features some of the report’s findings.
  • A free credit card fraud prevention poster that we encourage business owners to print out and share with their staff to limit payment fraud. We believe the key to preventing fraud losses is knowledge, awareness and staff training.
  • Videos we co-created with the RCMP on credit card fraud and small business phone scams.

CFIB cares about your business. If you have questions about fraud or want to help improve fraud prevention in your business contact our team of Business Counsellors by calling 1 888 234-2232 or by emailing us at cfib@cfib.ca

_________________

Jocelyn Rhindress is the Regional Team Leader of Business Resources for Atlantic Canada. In her more than six year career with CFIB she has answered thousands of member inquiries. She grew up in a household supported by a small business and understands the joys and challenges of entrepreneurship. Jocelyn thoroughly enjoys finding answers, solving problems, giving advice, and supporting members. She is proud to be a part of CFIB where she promotes the vision to be the most courageous, connected and influential voice committed to the growth of Canadian Entrepreneurs. 


Just say no to third party delivery on three separate cards

There is an old saying “If it seems too good to be true, it probably is”. This brings to mind an inquiry I had from a member in the auto parts industry.  The member called me after receiving an order from outside of Canada asking for a large order of parts to be drop shipped to Mongolia. The buyer had requested to pay for the order with three separate credit cards. Understandably, the member was too excited about the size of the order and the dollar figure associated with the sale to think in a sufficiently rational and pragmatic way.

I had to tell the member not to engage with the purchaser on the order. This is a scam I have heard about many times before, and usually after the member has already lost a lot of money, and the equivalent in inventory as well. Having an order delivered to a third party is a typically fraudulent move, and paying with three separate credit cards is no less common a ruse.  In almost every case I have ever heard of, the credit card charges are charged back to the issuing credit card provider. The vendor is not only left with a big hole in their bank account but with just as many goods missing from their inventory as well. While this particular member was not all that happy with what I told him, he had just been saved over $100,000.00.

So beware, if something seems too good to be true, it probably is. At the very least, it warrants a second thought.

________________________

Nancy Forsyth is a Business Counsellor with CFIB and has been serving its members for over 28 years.

Fraud is a serious concern for Canada’s small business owners. In fact, one in five has been a victim of fraud in the last year. And the threat is not going away. As part of Fraud Awareness Month, we invited our Business Counsellors and others to share some cautionary tales about common scams and to provide tips on how our members can further protect their businesses.


Your account has been closed! (and other messages to simply ignore)

You may have noticed that the fraudsters who frolic on the internet have been getting much better at tricking even savvy users.  One such display of their skills has been to fool email users that they are getting a serious email – one that demands immediate reply – from their bank.  Or their credit card company. Or the CRA. Or….well, the list keeps growing.

“So what’s new?” you might ask. “I’ve been getting shyster emails from the dark side since I’ve had email, and I’m on to them.  No worries.”

Well, I wish it were so.  The difference over the past while has been in the sophistication the crooks use to garner your attention.  In the past you would receive an email from your ‘bank’, but the subject line would give it away as not being from your bank at all.  The crooksters weren’t very good with language, period.  They would put something in the subject line like, “Call you Bank – account be closed!!!!”  You would smile since you had just been to your bank, all was working well, and the note came in several hours before your bank visit.  You would cringe to think someone believing himself to be a sophisticate would send an email with poor grammar, one ending in four exclamation marks.

Lately, many of the up and coming young fraudsters have taken classes in the language they want to use.  Their subject lines have become better, more believable.  What is most troublesome is they have gotten very good at having you believe their note really is from your bank, the RCMP or the Canada Revenue Agency.  They replicate a bank’s web site page, or use a very close approximation.  If you’re not careful, and are in a rush, you may just click on “your account” to “fix” the glitch your “bank” has been so eager to bring to your attention.  And then it’s over.  Money starts seeping out of your account, and your data is compromised.

The best way to avoid falling for the scenario above is to develop a rather cantankerous attitude towards everything ‘web’.  Don’t feel compelled to be kind to a stranger.  If your bank is sending you an update, don’t feel the need to respond right away.  If anything – and I mean anything – is sent to you that a curious, or even half-suspicious, mind might in any way think is not absolutely kosher, trash it.  Even if it is an email threatening a tax bill.  Even if it is from your bank warning you your account’s about to be shut down.  Even if it is your mother claiming that if you do not click on her birthday card RIGHT NOW, she will disown you.  Better to have the taxman, your banker and your mom mad at you than find yourself without funds or a business to fall back on.

___________________________

Nathan Mean completed his undergrad and law degrees at Dalhousie University. He loves to help CFIB counsellors ensure small businesses succeed in his role as Director, Business Resources at the Canadian Federation of Independent Business. Over the course of his 16 years at CFIB, Nathan has helped hundreds of members overcome unfathomable regulations and government-imposed expenses, solve issues that relate to day-to-day operations and, most recently, hosted webinars for CFIB members and the small business community on important business issues.


Digital Main Street Forum: Embracing Bricks and Clicks

Businesses on Main Street are increasingly realizing the importance of embracing online tools to build and grow their businesses.

From online marketing and leveraging data to better engage customers, to adopting ecommerce to reach a broader customer base, Main Street businesses are leveraging a range of digital technologies to realize new business opportunities.

At the City of Toronto’s Digital Main Street Forum on April 6th attendees will learn more about the “Why” and “How To” of embracing digital technologies, while also getting connected to the online tools they need to build their business.

The Digital Main Street Forum will include a range of content, including a morning of keynote and panel discussions covering everything from ecommerce and trends on cloud technologies for small businesses, as well as an afternoon of tactical breakout sessions focused on helping businesses activate the solutions they need.

The details are on the Digital Main Street Forum are as follows:

Date: Thursday, April 6th, 2017
Time: 9:30 a.m. to 4 p.m.
Location: Toronto City Hall – 100 Queen Street West – Council Chambers
Cost: No Cost

Main Street businesses can register here – https://goo.gl/qxOVcJ.


Protecting your business

We have arrived at the seventh and final edition of our multi-part series on the topic of tasks you should be adding to your “start up to do list”. In past weeks we have discussed starting your small business checklistorganizing your startup, are you sure you need to hire now?, when do you need a lawyer? the importance of small business accounting advice and organizing your family business.

This week’s topic: Protecting your business

Often, people will mention to me that their business is like their baby. Not only that, but often their business location is like a second home. You spend countless hours planning, executing, strategizing and re-strategizing your business to achieve optimal success and end up being the first one to come in and the last one to leave.

To ensure your efforts are not in vain, you want to protect your business. Of course there are practical security measures that you could have in place. However as a business owner you may not know what’s up ahead that can make your business vulnerable.

Protecting your business is an intentional effort to identify risks that could delay, harm or derail your business from achieving its goals. Be proactive. We do not have a crystal ball to know what tomorrow may bring. Taking measures to protect your business will remove the stress if and when an emergency occurs.

So what are you protecting your business from?

  • Potential scams and fraudulent situations
  • Fines and penalties
  • Natural disasters
  • Records management
  • Weather conditions such as severe storms

Identifying the risks is an activity to expose what could potentially weaken your business and finding a solution.

Here is your final checklist. Take some time to share it with your business friends and hashtag #MyStartUp #SmallBizChecklist

☐ Emergency preparedness: Is your business ready?
☐ Not sure which permits are related to your business? Click here for BizPal.
☐ Are you aware of the rules of playing music at your business?
☐ Have you read through the countless tips that our business counsellors have written on fraud prevention?
☐ Click on Email marketing to learn to avoid the spam box with these do’s and don’ts.

This is Fraud Prevention Month. Stay tuned to read more blogs on how you can protect your business!

If you have been in business less than two years, sign up today for six months free membership to CFIB through the CFIB My StartUp program.

______________________

Cesar Gomez-Garcia has been with the Canadian Federation of Independent Business for six years. His current role at the CFIB is helping members with their questions on compliance. These questions can range from employment standards to health and safety, as well as complicated red tape situations that small businesses face. His passion is reading and writing about entrepreneurship. Learn more about Cesar via LinkedIn and follow him on Twitter @josuegomezg.


Email marketing: Avoid the spam box with these do’s and don’ts

Every day scammers send 156 million phishing emails globally. Falling victim to one of these scams can cost you, or your business thousands of dollars. To help keep emails safe, hosts are building more and more sophisticated spam filters, which can save your bottom line, but also puts up a serious road block to your email marketing efforts.

All you may be trying to do is keep in touch with your clients, but little did you know that a few small errors might be sending your emails right into your customers’ spam folders.

Did you know, you have a “sender reputation” to protect? Certain factors will affect it, just like a credit score. Below are a few examples of do’s and don’ts to avoid a dwindling sender score and being tagged as a spammer.

The don’ts

1) Don’t forget to keep your list up to date

Email bouncebacks

A hard bounce is caused by an invalid, cancelled or non-existent email address. Bounce rates are one of the key factors Internet Service Providers (ISP’s) use to determine an email sender’s score. When you start sending too many emails that fall into spam, your reputation will dwindle, and your emails will automatically go to the spam box.

Re-engage inactive or infrequently active subscribers

Inactivity will affect your spam rating as well. Keep track of your inactive (inactive means that emails are being received but not opened) and infrequently active subscribers, and develop re-engagement campaigns for contacts who have stopped engaging with your messages.

2) Don’t buy or rent an email list

Even though buying or renting a list is not illegal, it’s definitely not part of ethical practices. Sure, email list providers will say that the people on their lists have opted-in to receiving email correspondence, but that doesn’t mean they agreed to receive your correspondence. You have no idea how many times these email addresses have been used, and if they are even still active. Which means that you might get a few hard bounces. Not to mention maybe even getting complaints which also affects your score. And it goes even further, not only will this affect your deliverability score, if you are reported, you could be fined a significant amount of money. To give you a better idea, since the law has taken affect, one company in particular has been fined a little over a million dollars.

As a Canadian business owner it’s your responsibility to know if you are operating within the parameters of the Canadian Anti-Spam law (CASL). If you are using a U.S. based email marketing platform you could be at risk of not being in compliance with the law, because the Canadian, and American anti-spam laws have different rules.

The main difference is that the American Anti-Spam law has adopted an opt-out model, while Canada has adopted an opt-in model. Under an opt-out model, businesses can send promotional emails unless the recipient states otherwise, or “opts out” of receiving them with the famous unsubscribe link.

Under an opt-in model, which is what we have here in Canada, the recipient must affirmatively give the business permission to send promotions, newsletters etc.  Yes the opt-in model makes it a little harder to build a mailing list, but it’s not impossible.  With the right tools, and the right information you will still be able to build a nice quality mailing list.

 3) Don’t scrape websites for email addresses

Scraping websites for email addresses is the equivalent of a telemarketer making a cold call. And we all know how much people LOVE those. Don’t email people you haven’t connected with through either an enquiry, or at a networking event. Your time would be better invested on building a list of people that will actually be happy to hear from you. Think quality, not quantity.

4) Don’t overlook the importance of the subject line

Don’t use all caps anywhere in your email or subject line

IT’S NOT NICE TO YELL AT PEOPLE! Using all caps in your subject line may seem spammer-like, because they frequently use them. It may get a negative reaction. Using catchy, polished  language may get a better reaction.

Don’t use exclamation points!!!!!

Exclamation points make your subject line and/or email look unprofessional and spammy, and can dilute the message.

Don’t use spam trigger words

One of easiest ways to avoid being tagged as a spammer is by carefully crafting your subject line. A good rule of thumb is this: If it sounds too salesy, it’s probably a spam trigger word. Think “free, guarantee, no obligation, etc.” (google spam trigger words for more examples).

Instead of using trigger words, be creative in describing what the email actually contains. Think something informative and fun. Something that will entice your readers to want to read what’s inside.

5) Don’t use weird fonts, too many images and broken links

Font

Don’t use red, invisible or irregular fonts. Same goes for using invisible text, such as a white font on top of a white background. These are common tricks spammers use, so it will be an instant red flag for spam filters.

Don’t use too many images

Using one large image as your entire email, or too many images in general, tends to end up in recipients’ spam folders. The text to image ratio should be higher.

Double check your links
Be weary of broken links. If your email contains broken links it may also be a spam trigger.

The DO’s

 1) Do use double opt-in

The double opt-in is when new subscribers receive a follow-up email with a confirmation link ensuring that the email address actually belongs to them. When using double opt-in, your email lists will be naturally be more qualified, which will make them more engaged. Furthermore you’ll be able to provide proof of consent which is required by the CASL.

2) Do ask your subscribers to add you to their address book

Spam filters are more aggressive than ever, sometimes even emails people want in their inbox still end up in spam. When subscribers add you to their address book, spam filters will back off.

3) Do include a clear unsubscribe link and a physical mailing address in your email footer

Allowing people to unsubscribe is important for the compliance of the CASL. Also it’s great for list hygiene because, again, anyone receiving your emails should actually want to receive them. Not doing this may get you reported.

4) Do offer both an HTML and a plain text version of your emails

Plain text emails are simply emails without the formatting, images and colors. Cyberimpact allows you to easily create plain-text versions within the email editor. Most spammers don’t take the time to do this so it will make your email look more legit. Plus it will increase your delivery rate because believe not, not everyone has the technology to receive those fancy images on their devices.

___________________________

Cyberimpact is a simple and efficient email marketing solution designed to help small business owners in Canada reach their full potential. Think of Cyberimpact as a partner who will help you achieve your business goals, while maintaining good email marketing practices Try it now, it’s free for CFIB members!


Organizing your family business

We are now on our sixth edition of the multi-part series on the topic of tasks you should be adding to your “start up to do list”. In past weeks we have discussed starting your small business checklistorganizing your startup, are you sure you need to hire now?, when do you need a lawyer? and the importance of small business accounting advice.

This week’s topic: Organizing your family business.

Often I hear from business owners that they are being “helped” by family members when they start their business. That’s perfectly fine, however you must know that most government offices consider your family member a regular employee. That means you must follow the same rules such as the Provincial Employment Standards Act along with registering with your provincial workers compensation board.

In a previous blog I wrote titled: “Hiring a family member? Here’s why you need to consider using Employment Insurance rulings”, I identified my top five reasons why business owners hire family members:

  • Family members are available to you beyond traditional working hours or days.
  • You may be comfortable leaving your business with them for a day or two.
  • They may have a specific skill you need (e.g., a cook, graphic designer, assistant).
  • You give them an employment opportunity and experience.
  • You may be passing off your business to a family member in the future.

As part of organizing your business, identify the talents of those within your family to assess which individual you will need support from.

Determine the following factors:

  • The “need”: what tasks do you need to be completed.
  • The “who”: whom within your family holds the skills/talents/credentials to get it finished.
  • The “time”: be clear and honest on the commitment level you require (i.e. part-time/full time basis).
  • The “frequency”: If they are not required unless “by project”, say a graphic designer, understand the employees vs. self-employed rules, perhaps they are considered their own boss.
  • The “how much”: Any employee, especially family member, want to ensure they are receiving the right compensation. The Government of Canada has a great tool to ensure you’re as competitive as the job market.

Be intentional when describing each of the factors above. You will soon realize you have enough details to create a job description, and provide a letter of offer. If you require a template for these, review our CFIB site by clicking here. Employees, regardless if they are family or not, do require clear instructions to understand their role.

So to set you on the right track, here is your weekly checklist. Remember to share your checklist with your social media entrepreneur community by using: #MyStartUp and #SmallBizChecklist

☐ Have you categorized your family or friends based on skills that can help your business?
☐ Keep this in mind: EI for Family Members from Service Canada
☐ Have you considered who will be on payroll and who will be on contract? Perhaps you need a refresher Employees vs. self-employed.
☐ Do you require workers compensation?
☐ If you wish to know how much the job should pay, click here.

The Canadian Federation of Independent Business has a variety of webinars available, including one that provides you with information on the EI rulings process.

Lastly, read our Tips and tools to help manage your family business as well to get further insight.

_______________________

CesarCesar Gomez-Garcia has been with the Canadian Federation of Independent Business for six years. His current role at the CFIB is helping members with their questions on compliance. These questions can range from employment standards to health and safety, as well as complicated red tape situations that small businesses face. His passion is reading and writing about entrepreneurship. Learn more about Cesar via LinkedIn and follow him on Twitter @josuegomezg.


Free Webinar: Fraud, Cyber Security and the Cloud: What your business needs to know

To celebrate Fraud Awareness Month 2017, CFIB has teamed up with Microsoft Canada to bring CFIB members and guests a free webinar. In this webinar, hosted by David Ludiciani, Product Marketing Manager, Microsoft Canada, we will explore 3 areas of cyber security: 

Part 1: Security Check-Up You hear more every day about cyber hacks and cyber attacks. But what are they, and what risk does your company face? To start off, we’ll show you why you need to think about security regardless of the size of your business.

Part 2: Demystifying Common Threats From phishing to malware, we’ll cover a variety of threats and the changing environment of cyber attacks. The threat landscape today is complex and creative, and the more knowledgeable you are, the better you can protect your most important assets.

Part 3: How the Cloud can Help Secure Small Business Adopting cloud software can transform how you do business, but it also carries more complexity and risk. In order to adapt to changing technology, start your transformation by thinking about security.

Join us for this free 30 minute presentation followed with a 15 minute Q&A session.

Space is limited so register today for your preferred date by clicking a link below.

Fraud, Cyber Security and the Cloud, what your business needs to know
March 14, 2017 @ 1pm EST

Fraud, Cyber Security and the Cloud, what your business needs to know
March 16, 2017 @ 1pm EST