The economic stimulus programs during the pandemic buoyed small businesses as the economy faltered, but the relief packages also introduced new opportunities for criminals looking to game the system. Acknowledging that we are “facing unprecedented times,” the US Small Business Administration (SBA) sent out a warning to small businesses alerting them to fraud schemes related to the coronavirus relief loans: “Fraudsters have already begun targeting small business owners during these economically difficult times. Be on the lookout for grant fraud, loan fraud, and phishing.”
The targeted online scams using coronavirus relief efforts typically manifest as phishing emails. Phishing emails appear to come from a trusted source, and they will seek to get payments, personally identifiable information, banking access, or sometimes contain ransomware in links or attachment downloads. For example, the email might use an SBA logo requesting your personal information for your loan application. Some may promise to get approval for an SBA loan but require payment upfront or offer a high-interest bridge loan. Sometimes, even clicking on a link in the email is enough to grant criminals access to sensitive information or allow them control over data and devices. They will use victims’ information for identity theft and financial theft, or they can sell the information to others for a high price. With the coronavirus, the stolen information has been frequently used to apply for PPP loans and Economic Injury Disaster Loans, as well as unemployment benefits.
One con took victims to a fake SBA website requiring them to use credentials to log in, which the fraudsters then stole. The email was from disastercustomerservice@sba[.]gov with a subject line that read “SBA Application – Review and Proceed” and a message that urged recipients to click on the link. The website mimicked the SBA’s almost exactly, so business owners were none the wiser. Astute users would have spotted the brackets in the email address and a shady URL on the website, but other than those subtle red flags, nothing else indicated foul play.
These scams have become sophisticated enough to imitate very specific businesses you have relationships with, like vendors. Many of them will use some coronavirus spin, such as offering or helping with loans or grants, warning that you’ve been compromised by another scam, or even asking for donations. Pharmacies should be alert and become familiar with signs of fraud and should have protocols in place to protect the business. We’ve put together a couple of lists to help.
Tips to Protect Your Pharmacy
- Don’t ever give passwords or personally identifiable information in response to an unsolicited call, letter, or email.
- Always verify the email address of the sender. Many false emails will have a single misspelling, like an extra letter or an extra “.com.” (All SBA inquiries will end with @sba.gov)
- Never click on links or download attachments from senders you do not know.
- If you are taken to a website, verify the URL.
- Avoid untraceable payment methods, such as cash, prepaid debt cards, or cryptocurrency.
- Use cybersecurity software.
- Include warning banners for all emails external to the organization.
- Limit employee access to data and information.
- Train employees. All it takes is one click from one employee to jeopardize your whole pharmacy.
- Don’t respond to emails about 7a or Disaster loans—the SBA does not initiate contact for these.
- Do the math on the fees for loan processing. Here is what the SBA charges: 3% for loans $50,000 or less and 2% for loans $50,000 to $1,000,000 with an additional ¼% on amounts over $1,000,000. If the fees are higher, suspect fraud. • Sign up for CISA’s free vulnerability scanning and testing services.
- Offers sounding too good to be true
- Promises to speed up loan acceptance
- Offers of bridge loans
- Demands for upfront payment
- Any message with urgent or time-sensitive requests or threats
- Emails or texts from official government organizations
- Requests to click on links or download attachments
- Messages with poor spelling and grammar
- Requests or demands to confirm or update personal information
- Messages claiming there is a problem with your account
- Emails with invoices you don’t have record of or weren’t expecting
From the Magazine
This article was published in our quarterly print magazine, which covers relevant topics in greater depth featuring leading experts in the industry. Subscribe to receive the quarterly print issue in your mailbox. All registered independent pharmacies in the U.S. are eligible to receive a free subscription.
Read more articles from the December 2020 issue:
- Covid-19 and childhood vaccines: everything independent pharmacies need to know
- These are the most common Covid-19 fraud schemes targeting small business
- How Covid-19 relief will affect this year’s taxes for pharmacies
- How to bring in big revenue with a gifts and cards section
- Proven tips to resolve prior authorizations quickly and easily
- This pharmacy saves thousands on its cost of goods
- Why debt can be a valuable financial tool for independent pharmacies
- How to prevent the most common and most expensive pharmacy lawsuits
An Independently Owned Organization Serving Independent Pharmacies
PBA Health is dedicated to helping independent pharmacies reach their full potential on the buy side of their business. The member-owned company serves independent pharmacies with group purchasing services, expert contract negotiations, proprietary purchasing tools, distribution services, and more.
An HDA member, PBA Health operates its own NABP-accredited (formerly VAWD) warehouse with more than 6,000 SKUs, including brands, generics, narcotics CII-CV, cold-storage products, and over-the-counter (OTC) products.
Want more pharmacy business tips and advice? Sign up for our e-newsletter.