New Business Direction LLC
We’ve heard more than a few horror stories in the past few months of business owners falling for phishing scams that compromise their company, cost them thousands of dollars, and put their customers and contacts at risk. Hackers are getting more sophisticated by the day, and it’s becoming harder to tell a malicious threat from an ordinary email.
We share this insight to empower, not scare. The good news is that most threats are avoidable with a vigilant eye. In 2021, think of a phisher as more of a vampire than a heister: you have to invite them in before they can cause any harm. Below, we’ve pinpointed a few common threats for 2021 and 2022, along with best ways to avoid them. These suggestions should help keep your sensitive data secure from current phishing trends.
Common Threat 1: QuickBooksⓇ Impersonation
One common trend we’re seeing involves solicitations from QuickBooksⓇ impersonators falsely notifying you that your QuickBooksⓇ file is corrupt, your automatic payment is about to expire, or your version of QuickBooksⓇ needs to be updated. These phishers will try to get you to pay for a phony upgrade over the phone or grant them access to your desktop to “fix” your accounting software. Here’s the thing: if you work with an accounting company like New Business Directions, we’ll probably be the first ones to know if something is wrong with your QuickBooksⓇ file. And if you’re a New Business Directions customer, QuickBooksⓇ knows you’re working with a QuickBooksⓇ Solution Provider and will often notify us of any issues your account may be experiencing, too.
How to dodge the threat: If an email appears to come from QuickBooksⓇ, check the email addresses for the correct website. If it doesn’t end in “@Intuit.com” or “@QuickBooks.com” the sender is fraudulent (even if the name before the @ symbol looks convincing). Always contact your accountant before engaging with a solicitation like this and never provide payment information or authorize remote access to your computer or QuickBooksⓇ file to anyone besides your accountant or IT solutions provider.
Common Threat 2: Download this Attachment
Another major threat to watch out for involves an email from an address you recognize (say, a customer, vendor, or team member), but asks you to enter your Microsoft credentials to view the attachment. This scam comes from a person you know, and their email address matches the one you have on file. The MicrosoftⓇ log-in screen looks legit, but the web address is not. Do not enter your Microsoft credentials. As soon as you do, the hackers have access to your email and all sensitive information you have ever sent or received via email. The phishers will then send the exact same email that you fell for to every contact in your address book.
How to dodge the threat: never enter your log-in credentials to view an attachment. If an email includes a hyperlink, hover over the link with your mouse (don’t click) and watch for a link preview to appear in the corner of your screen. In Outlook, this will be the bottom left corner. You’ll be able to see a preview of the web address the hyperlink is trying to send you to, and if it’s different from the one typed out in the email. In this case, if the domain isn’t “office.com” the email is fraudulent. This is a fast and simple step you should always take before clicking a hyperlink in an email. And when it comes to sharing sensitive information like bank statements and government IDs, you should always use a secure, encrypted file sharing application like SmartVault instead of sending the document as an email attachment.
Common Threat 3: “You Have a Voicemail” emails
Are you surprised to be receiving an email notifying you about a new voicemail? Does it have an attachment? Is the sender posing as RingCentral or another VOIP phone system provider you use? Remember: if it seems suspicious, it probably is.
How to dodge the threat: don’t download the voicemail. If you want to be sure you’re caught up on your voice messages, navigate to your voice mailbox the way you usually do and avoid interacting with the email in question.
Common Threat #4: The QR Code Swap
QR codes have become so mainstream that we interact with them weekly, if not daily. From restaurant menus to sign up forms, they make accessing the information you need quick and simple. But there are emerging trends in which bad actors will replace a QR code with their own – by overlaying a sticker. They may also come in the form of seemingly-legit emails. But as soon as you scan these phony codes, you could be putting your sensitive data at risk or downloading malware.
How to dodge the threat: Review the preview of the web address when you scan the code, and before you click on the link that appears. Make sure it’s spelled correctly, and seems like it’s coming from the correct person or business. When dealing with QR codes that exist in a public space, take a second glance to make sure the QR code hasn’t been tampered with, such as replaced by a sticker. When in doubt: don’t scan that code!
Best Practices
There are so many ways to avoid phishing scams, but the most important thing to do is stay observant. If something seems off about an email, it probably is. Below, we’ve outlined a few specific best practices that should help you avoid scams:
- Set-up two factor authentication. Do this for all websites/applications you have log-in credentials for. It might seem inconvenient to go through one more step to access your online accounts, but this practice is still more convenient than dealing with a successful cyber security attack. Apps like LastPass Authenticator or Google Authenticator are an option. These apps provide a six-digit code for you to enter once you’ve logged in to your desired online account. Many other web-based companies offer the option to have an authentication code sent to your personal cell phone or the email associated with the account. How does two factor authentication help? Even if a phisher gets your credentials, they still need access to your email, text messages, or authenticator app to get the authentication code and hack your account, making it significantly less likely they’ll be successful in their attempted breach.
- Keep up with phishing scam trends. Check for updates from Forbes.com, PCMag.com, or your favorite trusted business news source for updates on phishing trends and recent cyber security threats.
-
- Don’t open the door for strangers. Never grant access to your computer to someone you don’t personally know, even if they look like a QuickBooksⓇ rep. Your accountant and your IT Support vendor/employee are the only people you should ever allow access to.
- Watch for inconsistencies and typos. Are there misspellings in a marketing email? Does the subject line have five exclamation points? Is your name or the name of your company spelled wrong? When it comes to emails, if it smells like a phish and looks like a phish…well, you know the rest.
- Double-check the sender. Always check the sender’s email address. If the name associated with the email address says “Rhonda Rosand” but the email address differs from the one you have on file for Rhonda Rosand, the sender is a fraud. In cases like this, you should check with the individual through another previously established method of communication, be it a phone call to a number or email you already have on file to confirm your contact actually sent the email you’re looking at. Don’t reply to the questionable email with, “Rhonda, is this really you?” If you were a hacker, how would you respond to that email? Red flags include a professional email that includes an @gmail.com (or similar) domain, a slightly misspelled name, or a domain that differs from that of their company’s website.
- Train your Team. If you received a sketchy email, chances are your team received it, too. Send out an all-company message about the threat and tell employees to notify you or your IT professional immediately if they interacted with the threat. Share trends in cyber security threats, and host frequent training on cyber security best practices.
- Trust your gut. Even if the sender looks familiar, if they’re asking for weird information or are trying to send you an attachment in an unusual way and it seems suspicious, trust your gut. Look for other clues that they might be an imposter: is a hyperlinked web address different from what it should be? Is their email address different from the one they typically use? Is their tone or communication style different than usual?
- Keep your passwords strong and secure. LastPass is a great solution for dual factor authentication, generating complex passwords, and storing sensitive information securely. You can read more about this helpful cyber security solution in a recent blog post of ours here.
- Don’t send sensitive information via email. Avoid sending credit card information, banking information, W-2s and 1099s, pictures of vital documents like drivers licenses, social security cards, etc. via email altogether. Instead, use a secure document management system both parties are already aware of.
When in doubt, don’t click that sh!t
When it comes to Cyber Security, It’s always better to be safe than sorry. Be suspicious of communication that seems a little off. Avoid unusual emails and contact your IT security provider (or accountant, if it’s related to accounting) to ask for their insight right away, especially if you’ve already accidentally interacted with the phishing attempt. New Business Directions is well versed in phishing scams, and we have a keen eye for malicious emails. If you’re a current customer and feel unsure about an email or solicitation you recently received involving your accounting software, reach out to us.
What Does 2022 Have in Store for You?
The last two years have been unlike any other in our lifetimes. As we close out 2021 and enter 2022, it’s an excellent opportunity to reflect on the lessons we’ve learned, how life looks today, and what we want to accomplish in the next 12 months. Here are some things to consider.
Celebrate Your Successes
Give yourself time and permission to review what you have completed in 2021. When you zoom out to your 30,000-foot view, you’ve likely learned and accomplished more than you think. Compare your status on January 1, 2021 with today, and celebrate the changes you’ve made and projects you’ve finished.
Monetize These Trends
Several trends will continue from 2021 into 2022 and beyond. How can you monetize them in your business?
- The move to remote work is likely to continue in many industries, including financial services and technology, where the work is delivered digitally. Hiring virtual workers also benefits employers by giving them access to a larger talent pool and the ability to reduce overhead costs associated with a physical office.
- Expanding your online presence, including ecommerce if it’s relevant, is paramount. Most businesses allocated resources to improve the online interface between company and customers, as the shift toward online spending increased due to the pandemic. Some brick-and-mortar businesses adapted their business model to develop new digital services, enhancing their current product line.
- Climate changes affected many businesses this year in at least two different ways. Some were victims of extreme weather disasters. Some became more visibly supportive of climate initiatives, working them into their mission and offerings.
- Accelerated automation using artificial intelligence will continue to move through the technology adoption curve. If you haven’t considered adopting the technology yet, now is a good time to ask yourself: can your business benefit from AI-driven tech solutions?
- Diversity and Inclusion initiatives will continue to be a central focus in 2022 and beyond.
- Workforce demographics are finally changing. More young people are working in 2021 compared to pre-pandemic numbers, while workers over 50 are retiring at a faster-than-normal rate. Millennials are starting businesses in large numbers, and one statistic shows that 80 percent of those businesses are profitable.
- Staffing struggles are real in many industries. Many business owners who can no longer find employees have had to resort to outsourcing, contract, part-time, virtual, and many other capacity options to keep their businesses afloat.
- Social responsibility has been prioritized by the Millennial and Z generations, leading business owners to ask how they can do their part in their businesses.
- Life-goal realignment is something that has swept the world as people experience a collective wake-up call as a result of the pandemic. The search for purpose and meaning is one of many side effects of this trend. Be sure to consider how this shift in mindset is affecting your customers and employees.
Set 2022 Intentions
If a resolution feels like an empty promise to yourself, consider reframing your goals as intentions that you can always realign yourself to. The New Year is often one of the best times to reflect on how you can incorporate the trends above with the personal and business successes you’d like to complete by the end of 2022.
Make your list, then schedule milestones on your calendar so you can track your progress.
Above all, we want you to have a healthy, happy, and prosperous New Year in 2022.
Holiday Shopping: 2021 Trends and Opportunities
With 2020 came a significant migration from exclusively brick-and-mortar retail to a hybrid model with inventory available for purchase online. The 2021 holiday sales season will require businesses to continue their online migration from 2020 trends, with opportunities for more refinement and improvements. The key to a successful holiday sales season? Bring as much inventory as possible online and integrate all of your customer touch points into an omnichannel of positive experiences.
Let’s take a look at some trends in retail that can strengthen your business and position you well for the new year.
Strong E-Commerce Presence
As shoppers increased online purchasing and delivery last year, the trend is expected to continue beyond the pandemic. For this reason, all businesses should strengthen their online presence, especially their e-commerce presence.
Many retail establishments benefit from a complete ecommerce solution, including a storefront, shopping cart, online payment process, and automated fulfillment. They can expand their online effectiveness with these features:
- Enable chat features between customers and store clerks to simulate the conversations customers would experience by shopping in the physical store.
- For clothing, post detailed sizing charts, imitate the dressing room mirror with try-on automation, and use size-inclusive photography featuring models of different body types.
- Create how-to videos that show customers ways to effectively use the product.
- Expand photography so customers can see all angles of the product as well as how it can be used.
- Display and sort user reviews to help customers make the best purchase decision for them.
- Implement clear navigation and search options so customers can find what they want.
- Consider a ‘buy online, pick up in store’ policy. Today, many customers research online, then visit the physical location to finalize their transaction.
Expanding your business’s e-commerce presence doesn’t just apply to retail. For example, businesses in the services space have implemented appointment-setting and payment processing. Real estate agents have enhanced virtual home tours. Many businesses with physical goods and documents have beefed up delivery options and implemented curbside pickup.
Each business has a unique sales cycle that a customer goes through when purchasing goods and services. The question for business owners to ask is how they can bring most of that experience online.
Mobile
The vast majority of transactions are now occurring on mobile devices. If your business’s mobile presence is not optimal, then you’ll want to make that a priority this year to catch up with your competitors.
Social
More and more consumers are using social media channels – Instagram, YouTube, TikTok, Snapchat, LinkedIn, Pinterest, Twitter, Clubhouse, and Facebook — to discover and purchase items that delight them. Wise business owners will invest more budget into attracting customers from this channel.
Holiday Seasons
With the move to online shopping, the holiday season has been extended from just one day or one weekend to entire months. Consumers are shopping earlier and all year long. Retailers and other businesses can benefit by always having some kind of sale or attraction going on.
How does your business fare when it comes to a fully online experience? Use these trends to boost sales growth in 2021 and beyond.
As the holiday season quickly approaches, now is the perfect time to begin considering how you and your business can express gratitude to your customer base, colleagues, and more during the season of gratitude and beyond.
When to Say Thank You
There are many opportunities in business to say thank you:
- When a customer or associate sends you a referral that results in business
- When an employee goes out of their way to fix a problem or make a customer happy
- When a customer makes a large purchase, large from their point of view, as well as yours.
- When a vendor over-delivers
- When someone sends a gift
- After a speaking engagement or an event when someone has hosted you
- When someone provides advice that has been helpful, whether face to face or in a book or article
- When someone does a favor or something nice that you’d like to reward
Keeping thank-you notes top of mind will help you think of more opportunities to use them.
What to Say in Your Thank-You Note
You don’t have to be an excellent writer to pen a heartfelt thank you note. Be concise about what you’re thanking them for and share a meaningful detail about the item or activity involved. And then thank them again.
If you are unsure about what to say, type up a draft first that you can edit. Then rewrite your final draft on your stationery. It’s far more personal to hand-write your thank-you note than to use a computer-generated one.
Thoughtful Details
Personalized stationery for thank-you notes is a thoughtful detail. It adds a formal and professional touch to your thank-you note, enriching the experience for the recipient. If penmanship is a concern, or the sheer volume of thank-you notes you’d like to send has your hand cramping at the thought, Handywritten offers a a fast and affordable option to outsource the effort while still retaining your sentiment and the impact of a handwritten note.
Be mindful, however, to avoid turning your thank-you note into an advertising event for your company. If you want to send promotional items such as t-shirts, mugs, or other items, do NOT include them with your thank-you card, as it shifts the focus from the individual(s) you’re thanking back to yourself. A separate follow-up package with swag is a nice way to compound the impact of your note.
Helping others feel gratitude is the fastest way to experience happiness. Sending thank-you notes is not only good business, it’s good for our health and wellness, too.
If your business model includes granting credit to customers or accepting payment via recurring credit card charges, you need to ensure that you’re prepared for the unexpected. Inevitably, a customer might fail to pay on time, provide you with their updated credit card information, or their check bounces. So, what can a business owner do to spend as little time chasing these items while still collecting the cash? We have four suggestions: re-examine your credit card policy, be proactive, manage payment failures and disputes quickly, and develop a foolproof collections policy.
Re-examine your credit policy
Are you collecting credit card payments for goods or services retroactively? If so, is there any way you can have credit customers pay upfront? For example, perhaps you can collect a deposit to minimize your risk. Alternatively, you could request final payment right before delivering the final product. Or, maybe you can convert credit terms to a layaway situation, similar to the standard retail practice.
The best way to speed up collections is to change your payment terms if at all possible.
Be proactive
To avoid a significant delay in payment, send your customers proactive email reminders before the payment is due. You may also want to consider calling anyone who hasn’t been timely with their payment in the past before their next due date. If a customer is late with a payment, respond quickly.
If the customer pays by credit card, monitor credit card expiration dates, and send reminders to update the card before it expires.
Lastly, you’ll want to ensure that your business’s online support portal allows customers to easily update their credit card information at any time. Again, automating this process will save you a ton of time.
Payment failures and disputes
Inevitably, a customer’s payment will fail, whether it’s an automatic credit card payment, ACH withdrawal, or failed/bounced check. As a business owner, you need to have solid procedures for you or your employees to process these exceptions.
Before any of the above payment failures occurs, make sure your shopping cart, merchant account, or gateway processor is set up to notify you of the failure. When it happens, contact the customer right away to correct the situation. Assess any extra fees and flag the customer account if you want to place a hold on their account or restrict future payment or credit options available to them.
You may also have customers that report disputes to their credit card company. There is always a tight deadline associated with these transactions, so be sure to respond timely and make sure you have all of the documentation you need at the time of sale if this comes up.
Develop solid collections processes
If the payment is late, start your collections routine. Send out friendly reminders at first, then get progressively aggressive as the payment grows later and later.
Follow-up steps are critical. Make sure your customer is getting your notifications, and give them a call before deciding to take legal steps with them.
Finally, if necessary, turn the payment over to a collections agency to impact the customer’s credit report and possibly collect your money.
We hope you do not have too much of this activity in your business. But if you do, being proactive is one of the best ways to reduce it. Check to see if you have all the processes described above in place to handle collections in your business so that your cash continues to flow.
Sign up for our FREE newsletter
Tips & Tricks in QuickBooks®
