Visit Us

Data & Trends

How Secure Is Your Online Small Business?


The good news about online businesses is that you can reach anybody, anywhere in the world with an office based out of your home. There’s literally no better model for maximizing profits while minimizing expenses.

The bad news about online businesses is that anybody, anywhere in the world can target your traffic, finances and client information for hacking, phishing and other online scams. Because these attacks can come from anywhere in the world, the attackers can make their attempts with very little risk of discovery, and often do so from places where discovery does not mean any meaningful legal consequences.

It’s up to you to make sure your data is protected. That includes protection on four fronts:

  1. Your finances – Keeping your online bank and credit accounts safe from misuse
  2. Your identity – Personal and credit-related information for yourself, your partners and the business must be kept secret to avoid identity theft.
  3. Your clients – Failing to safeguard the personal information of your customers makes for a splashy scandal. Just ask Target and Experian.
  4. Your reputation – People posing as you on social media or in other spaces can hurt your brand and your bottom line.

Really, this is work for professionals. Hackers, phishers and other scammers work full-time finding ways to defeat your firewalls, malware sniffers and anti-virus software. You already have a full-time job running your business. There aren’t enough extra hours in your day for you to develop the expertise you would need to beat them at their game.

Luckily, there are all kinds of professionally-developed software and professional security services that cost less than you pay for your cable bill. Here at Kabbage, we strongly recommend setting those professionals to the task of keeping the high-tech criminals off your online business.

But that doesn’t let you off the hook entirely. Many online scams use “social engineering” – tricking people into giving away information they shouldn’t – to compromise all four fronts in the cyber-crime war. With that in mind, here are some of the most common for you to be on the lookout for:

Email Phishing

Besides general scams for the gullible, malware and identity phishing has been growing increasingly prevalent over the past few years. Though your spam filters will catch most of them, it’s a near certainty that you’ve read at least one example in the past 12 months. They come in two varieties:

  • An urgent notice instructing you to read a .pdf or similar file attached to the email
  • An urgent notice instructing you to follow a link in the email

In both cases, the email purports to be from a major government agency (like the FDIC) or a company almost everybody does business with (like Citibank or LinkedIn). It will tell you about a change in policy, an update to the EULA or some kind of security threat to your computer, finances or account. All you have to do is download the attachment or visit the website to download a file.

That file is malware, of one kind or another. It could range from an annoying-but-otherwise-harmless pop-under ad generator, to a Trojan horse giving access to your files, to a keylogger that reports everything you type back to the people who sent the file.

That file is bad news.

Generally speaking, you will never get an email from a company like Citibank or any government that asks you to do this. Instead, you’ll get messages via whatever portal you do your internet account access through them with. If something looks truly legitimate, double-check by calling the customer service number on the standard and official website for that entity and asking a customer service representative about it.
The IRS Threat Call

This did the rounds heavily this past fall, and is still ringing phones nationwide. A robodialer leaves a message on your phone claiming to be a “Final Warning From the IRS” about payments due. Some variations include a terrifying estimate of the fines that will happen if you don’t make the payment immediately.

The message includes a phone number to call immediately to square things away. More than 3,000 individuals have called that number and lost $14 million total in two different ways. The scammers collect a credit card payment, which they pocket, and they collect your personal information so they can steal your identity and steal more money later.

Don’t fall for this. The IRS does not make phone calls about money due. Anybody who has owed the IRS knows that they send you letters, and expect you to call in and wait on hold for them to get around to answering. Ignore the call, or report it if a number actually shows up on your caller ID.

Mobile Phone Redirecting

We reported last year on how this scam was big in Poland, and varieties of it have been popping up in Europe and the United States. It goes like this:

Step One: You get a text message claiming to be from a bank. ING bank has been the most common overseas, with no clear “winner” yet in the USA. The message instructs you to enter your telephone number for any number of false security reasons.

Step Two: The victim complies.

Step Three: The phone then begins redirecting all text messages sent to the victim’s phone, sending them instead to the scammer. He can then use that contact – and the perception that the contact is still texting with the victim – to gather personal information for identity theft.

As with most such scams, this falls down fast under even light scrutiny. Why would anybody text your phone asking for your phone number? And when was the last time your bank sent anything important via SMS? Call your bank’s regular customer service line to verify any such communication and you’ll be safe.

Twitter Scammers

Did you know you’re probably following a Twitter spambot right now? You might think you know everyone on your list (including Ashton Kutcher) but that might not necessarily be the case. Security firm Barracuda Networks Inc found that roughly 57 percent of Twitter users were total fakes. With a current membership at 232 million, that puts the number of legitimate accounts at just over 115 million. The other 120 million plus are potential scams waiting to happen.

Twitter scammers use your social media activity to monitor your interests and contact information. At the least harmful, they just keep hammering you with ad content they think you’ll bite on. This is annoying, but not exactly a security threat.

For individuals, the best solution here is to only friend and follow legitimate, confirmed contacts. This is harder for businesses, so you should instead monitor your account for odd activity and respond immediately if anybody mentions seeing “funny” content you never posted.

Which scams has your business encountered? Share your story in the comment section below. And for more information about internet security, check out the resources listed below.

Internet Security Resources

WorldTech24 Security Blog

Google Online Security Blog

ZoneAlarm Blog


Kabbage Team

Kabbage is here not only to provide access to the small business funding you need, but to also help you grow your business through free marketing tips, webinars, tools and more. Is there something you'd like us to cover or want to get your small business featured on our blog? Send us a note at