The Fraud Examiner

Five Common Scams That Target Businesses

Ron Cresswell, J.D., CFE 
Research Specialist, Association of Certified Fraud Examiners                                 

Businesses are attractive targets for fraudsters. They tend to have deeper pockets than individuals, and their ability to detect fraud is sometimes hindered by the large number of transactions they engage in. This article discusses five common scams that target businesses and how to stop them. 



Fraudsters use ransomware to extort money from businesses. Typically, there are three steps to a ransomware attack. First, the company’s computers are infected by the ransomware. The infection often occurs when an employee clicks on a malicious link or attachment in a phishing email. Second, the ransomware blocks the company’s access to the infected computers or to specific files. Some ransomware programs also encrypt the targeted data. Third, the ransomware displays a message that threatens to permanently delete the data unless the company pays a fixed amount by a specified date. Increasingly, such messages demand payment in Bitcoin and promise to provide the victim with a “decryption key” upon receipt of the ransom.


Ransomware attacks increased dramatically in 2016. In one case, a California hospital paid a $17,000 ransom after it was locked out of its computer network for more than a week. The hospital’s network access was restored after paying the ransom, and it did not lose its data. In many other cases, however, the companies did not recover their data after paying the ransom. Some fraudsters destroyed the data regardless of the company’s response, and others raised the ransom price after receiving an initial payment. The FBI does not recommend paying ransoms.


The best defense against ransomware is to regularly back up all important files. Companies with reliable backups will not lose their data and, therefore, cannot be harmed by a ransomware attack. To ensure that they are secure, backups should be kept offline or in the cloud. In addition, employees should receive training on the dangers of phishing emails and other common scams. Companies should also use firewall and anti-virus software to protect their computer networks.

Sign In

Not a member? Click here to Join Now and access the full page.