Risk Management: Avoiding Scams
Vol. 11 No. 2
A large shipment of toner shows up at your school. Scratching your head, you try to remember the last time you placed an order. Did you order this much toner? Was it that afternoon you were fighting off a nasty head cold?
You search through invoices and your accounting records. Nothing. No record of placing any orders for toner with a new company out of California—and thank goodness for that, because this is really a lot of toner. So, you call the company and tell it there must be a mistake, that no one in your administration placed an order with them. But, instead of dealing with a reasonable customer service representative, you’re told there is a return and restocking fee that is nearly as much as the shipment invoice is! Now what do you do?
Scams like this are common. In fact, this very story comes from our Business Manager e-List. When the school refused to pay, the company began harassing them with collection and legal threats. Finally, the Business Manager did a little digging and discovered 72 pages of complaints on the Better Business Bureau (BBB) Web site. Frustrated, she turned to the ISM e-List for insight. The responses were unanimous—contact your lawyer! Several others had encountered similar, if not the same, fraudulent shipment. It’s a well-planned and executed scam that targets small organizations that are more inclined to pay than to take action.
What practices do you have in place to reduce your school’s risks of becoming victim to such a scam? We turned to the BBB for tips. Here is what we found on its Web site.
Basic Scam Avoidance Practices
- Get all promises and claims in writing. Ask for proof of claims.
- Require references and check them. Be aware that people may falsely give good references on a company. Try to get many references, not just one or two. When checking references, ask detailed questions about business procedures and performance that only a person with real experience in that industry could answer.
- Before signing any document, read it carefully. Sometimes items such as checks and purchase orders contain legal agreements that you might not realize you are authorizing. Never sign a contract that contains blank spaces.
- Be sure you understand a written business agreement completely, and, if possible, get a lawyer's help. If you can't explain the agreement to someone else, don't sign it. Keep asking questions until you get answers that satisfy you.
- Screen all of your employees before you hire them.
- Set up a tightly controlled system for authorizing purchase orders and payments.
- Keep control of your mail; it is full of valuable items, such as checks and private financial information.
- Change passcodes for telephone, voice mail, and other billable communications systems frequently. Use complex passwords at least six characters long or longer. Passwords should never consist of character combinations that can be guessed easily, such as phone numbers, birthdays, or names.
- Review all financial statements and bills to make sure there are no unauthorized amounts on your accounts. Keep these sensitive documents in a secure place. Destroy or shred any such items that you do not want to store.
Dos and Don'ts
- Do not pay for goods or services that you did not order. If fraudulent charges appear on bank statements, credit card bills, or other invoices, send a letter disputing the false charges right away. Notify the BBB and appropriate law enforcement agencies, such as your state's Attorney General and the FTC, about the problem.
- Do not respond to unsolicited e-mail business offers from strangers, especially messages from persons in foreign countries that request the use of your bank account (the classic "Nigerian letter" scam, which may also seem to come from other troubled countries).
- Do not confirm or provide private financial information by e-mail. Some e-mail frauds look like a message from your own Internet service provider, bank, credit card company, or other vendor, requesting e-mail confirmation of financial data. If you are concerned, print out the e-mail and send it with a written inquiry to your vendor's fraud prevention department.
- Do protect your company's financial data and any data about your customers that could be used for identity fraud purposes. You may wish to hire privacy and security consultants to review your company's operations and advise you.
- Do investigate an unfamiliar business before you buy. Find out its street address, phone number, whether it is licensed if required, names of key contacts, and its business reputation. Check on it with the Attorney General of your state, your local Department of Consumer Affairs, or the Better Business Bureau.
TIP: When in doubt, check it out with the BBB, the FTC, your state's Attorney General, or your local Department of Consumer Affairs.
Additional ISM resources of interest
ISM Monthly Update for Risk Managers Vol. 3 No. 1 Building a Risk Management Team (RMT)
ISM Monthly Update for Risk Managers Vol. 3 No. 1 Crisis Planning–It’s Your Job