Running a business in the Philippines is tough, but running an online business adds a whole new layer of challenges, especially when it comes to scams. Are you sure your store is protected? We’re going to talk about the common online scams Filipino business owners face and, more importantly, what you can do to keep your hard-earned money safe. Let’s dive in!
Why Philippine Online Stores Are Easy Targets
Okay, let’s face it: online scams are everywhere. But why do Philippine online stores sometimes seem like magnets for these problems? There are a few reasons. First, e-commerce is booming in the Philippines! The Philippines is among the fastest-growing e-commerce markets in Southeast Asia. More people online shopping means more chances for scammers to try their tricks. For example, the Digital 2024: Philippines report shows the immense reach social media commerce holds in attracting internet users in the Philippines.
Second, many small business owners are just starting out online. They’re focused on getting their products out there and might not have thought much about security yet. They might be selling on Facebook Marketplace, Instagram, or even just through Viber groups. While those platforms can be great for reaching customers, they don’t always have the best security features built-in. These smaller, homegrown businesses are more vulnerable, and scammers know it.
Third, sometimes Filipinos can be too trusting. We’re known for our hospitality and willingness to help others. Unfortunately, some scammers take advantage of this. They might use sob stories or urgent requests to trick people into sending money or giving away information.
Common Online Scams Targeting Philippine Businesses
So, what kind of scams should you be on the lookout for? Here are some of the most common ones:
Fake Orders and Payments
This one’s a classic, but it still works on a lot of people. A scammer places a large order from your store, often using a fake or stolen credit card. They might even send you a fake email or screenshot claiming that the payment has gone through. The problem? No money ever actually arrives in your account. The scammer then disappears with your products.
Example: A small bakeshop receives a big order for cakes for a company event. The scammer sends a screenshot of a supposed online transfer. The bakeshop, excited about the large order, delivers the cakes. But when they check their bank account, the money never arrived. The screenshot was fake.
How to avoid this: Always, always double-check that the money is actually in your account before shipping out anything. Don’t rely on screenshots or emails that claim the payment has been processed. Log in to your bank account or payment gateway to confirm.
Phishing Scams
Phishing scams are designed to trick you into giving away your personal information, like your passwords, bank account details, or credit card numbers. Scammers might send you emails or messages that look like they’re from your bank, your payment gateway, or even a government agency. These messages usually contain a link to a fake website that looks just like the real thing.
Example: A small clothing store owner receives an email that looks like it’s from their payment processor (e.g., PayMaya or GCash). The email says there’s been a security breach and they need to update their account details immediately by clicking on a link. The link leads to a fake website that steals their login information.
How to avoid this: Be very careful about clicking on links in emails or messages. Always check the sender’s email address to make sure it’s legitimate. Don’t give out any personal information unless you’re absolutely sure the website you’re on is real and secure. If you’re unsure, go directly to the website of the company in question and log in from there.
Follow us on LinkedIn!
Investment Scams
Investment scams often target business owners because scammers assume they have money to invest. These scams promise high returns with little or no risk. They might involve cryptocurrency, forex trading, or pyramid schemes.
Example: A small restaurant owner is approached by someone who claims to be a financial expert. The “expert” offers an opportunity to invest in a new cryptocurrency that’s guaranteed to make huge profits. The restaurant owner invests a large sum of money, but the cryptocurrency turns out to be a scam, and they lose everything.
How to avoid this: Be very skeptical of any investment opportunity that sounds too good to be true. Do your research and get advice from a licensed financial advisor before investing any money. Never invest more than you can afford to lose.
Romance Scams
This might sound strange, but romance scams can also target business owners. Scammers will build a relationship with you online, often pretending to be someone wealthy or successful. Once they’ve gained your trust, they’ll ask you for money for some supposed emergency.
Example: A small online store owner starts chatting with someone on Facebook who claims to be a foreign businessman interested in investing in their store. After a few weeks of online flirting, the “businessman” says he needs money for a medical emergency and asks the store owner for a loan. The store owner, feeling sympathetic, sends the money, but the “businessman” disappears.
How to avoid this: Be careful about getting too emotionally involved with someone you’ve only met online. Never send money to someone you’ve never met in person, no matter how convincing their story is. If someone is asking you for money, it’s a red flag.
Fake Job Opportunities
Sometimes scammers target business owners by offering fake job opportunities. They might post fake job ads online or contact you directly with a promising offer. The catch? They’ll ask you for money upfront to cover expenses like training materials or uniforms.
Example: A small online store owner needs help with customer service and posts a job ad online. A scammer responds, offering to work for a very low salary. However, they ask the store owner to send them money to buy a special headset and software. The store owner sends the money but never hears from the scammer again.
How to avoid this: Be wary of any job opportunity that requires you to pay money upfront. Legitimate employers will never ask you to pay for training materials or uniforms. If it sounds too good to be true, it probably is.
Protecting Your Store: Practical Steps You Can Take
Okay, so we’ve talked about the bad stuff. Now let’s get to the good stuff: how to protect your online store from these scams. Here are some practical steps you can take:
Strengthen Your Security
Follow us on LinkedIn!
This is the first and most important step. Here’s what you need to do:
- Use Strong Passwords: This might seem obvious, but it’s crucial. Use a different password for each of your online accounts, and make sure they’re strong: at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.&x20;
- Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your accounts. Even if someone manages to steal your password, they won’t be able to log in without the second factor, which is usually a code sent to your phone.
- Keep Your Software Updated: Make sure your website, plugins, and apps are always up to date. Software updates often include security patches that fix vulnerabilities that scammers could exploit.
- Use a Secure Website Hosting: Get your website through a reputable company that is secure. If you are on a shared server and the primary website has an exploit, your site is at risk.
Verify Payment Information
We talked about fake orders and payments earlier. Here’s how to protect yourself:
- Double-Check Payments: Always confirm that the money is actually in your account before shipping out any products. Don’t rely on screenshots or emails.
- Use a Reputable Payment Gateway: Choose a payment gateway like PayPal, PayMaya, or GCash that has strong security measures in place.
- Be Wary of Large Orders from New Customers: If a new customer places a very large order, be extra cautious. Contact them to verify their identity and address before shipping anything. Consider a verification phone call using publicly available information to cross-reference.
- Implement Address Verification System (AVS): If your payment gateway supports it, use AVS to verify the billing address provided by the customer matches the address on file with their credit card issuer.
Educate Yourself and Your Staff
Scams are constantly evolving, so it’s important to stay informed. Here’s how:
- Read Articles and Reports: Keep up to date on the latest scams targeting businesses in the Philippines. Follow reputable news sources and cybersecurity blogs.
- Attend Cybersecurity Workshops: Many organizations offer workshops and seminars on cybersecurity. These can be a great way to learn about the latest threats and how to protect yourself.
- Train Your Staff: If you have employees, make sure they’re aware of the common scams and how to spot them. Teach them to be cautious and to report anything suspicious.
Be Careful About Sharing Information
Here’s how to protect your personal and business information:
- Don’t Click on Suspicious Links: Be very careful about clicking on links in emails or messages, especially if they seem suspicious or unexpected.
- Don’t Give Out Personal Information: Never give out your passwords, bank account details, or credit card numbers unless you’re absolutely sure the website you’re on is real and secure.
- Be Careful About Oversharing on Social Media: Avoid posting too much personal information on social media. Scammers can use this information to impersonate you or target you with scams.
Report Scams
If you’ve been scammed, it’s important to report it to the authorities. This can help prevent others from falling victim to the same scam. Here’s where you can report scams:
- Philippine National Police (PNP) Anti-Cybercrime Group: You can report online scams to the PNP Anti-Cybercrime Group. They have a cybercrime hotline and can help investigate and prosecute scammers.
- National Privacy Commission (NPC): If your personal information has been compromised, you can report it to the NPC. The NPC is responsible for enforcing the Data Privacy Act of 2012 and can help you protect your privacy rights.
- Department of Trade and Industry (DTI): If you’ve been scammed by a business, you can file a complaint with the DTI. The DTI can help mediate disputes between consumers and businesses.
- Banks and Payment Gateways: Immediately report fraudulent transactions to your bank or payment gateway. They can help you recover your money and prevent further losses.
Staying Ahead of the Scammers: Extra Tips and Tricks
Beyond the basics, here are a few more tips to keep your store safe:
Use a VPN
A Virtual Private Network (VPN) encrypts your internet traffic and hides your IP address, making it harder for scammers to track your online activity. This is especially useful if you’re working from a public Wi-Fi network, which is often unsecure.
Regularly Back Up Your Data
In case your website is hacked or you fall victim to a scam, it’s important to have a backup of your data. Back up your website files, databases, and customer information regularly. This will allow you to restore your store quickly if something goes wrong.
Consider Cybersecurity Insurance
Cybersecurity insurance can help you cover the costs of recovering from a cyberattack or scam. This can include expenses like data recovery, legal fees, and public relations.
Create a Security Policy
Develop a written security policy for your business. This policy should outline the steps you’ll take to protect your store from scams and cyberattacks. Share this policy with your employees and make sure they understand it.
Monitor Your Website Regularly
Keep an eye on your website for any suspicious activity. This could include unusual traffic patterns, unauthorized changes to your website files, or strange login attempts. Use website monitoring tools to help you detect these issues early.
Be Suspicious of Unsolicited Offers
If you receive an unsolicited offer, be very cautious. This could be a scammer trying to trick you into giving them money or information. Don’t respond to these offers unless you’re absolutely sure they’re legitimate.
Check Domain Reputation
If someone contacts you using a website link you are questionable about, it is wise to check the reputation for that domain. These can be found online for free.
For example, if a potential business partner introduces their business website, research the site using domain reputation checker tools prior to working with them to reduce the risk of fraud.
Consult Cybersecurity Experts:
It may be best to consult an IT/cybersecurity expert for the best and most effective implementation of security measures. They will be able to identify vulnerabilities on a high and detailed level and can help remediate security patches.
Staying Updated on Philippine E-Commerce Security
The world of online scams is constantly changing. New tricks and techniques emerge all the time. Stay informed and keep up-to-date with reports regarding security and e-commerce in the Philippines.
The Philippine E-Commerce Roadmap 2022 is an important document that gives insights on how the country is approaching e-commerce and how it can boost the economy. This roadmap may contain insights on challenges that are currently faced and how the government is stepping in to strengthen security. Stay informed!
Real-Life Examples: Learning from Others’ Mistakes
We already mentioned examples of the different scams, but looking at real-life cases can drive home the importance of being vigilant. Note, however, that for ethical considerations, this article will modify names and will focus on the scenario and lessons.
The Social Media Seller: A small business owner selling handcrafted jewelry on Instagram gained a large following. A “customer” contacted them with a request for a bulk order, saying she needed bracelets for giveaways at her company event. She sent a screenshot of the payment and pressured the seller to ship the items immediately because the event was the next day. Excited and trusting, the seller shipped the order. The catch? The payment was fake, and the seller lost all the merchandise.Lesson: Never solely rely on screenshots.Always verify payments directly through your bank or payment gateway.
The Online Fashion Retailer: A fashion store received an email from what looked like a logistics company. The email said that multiple customers are having issues with package arrival. The email prompted the owner to click the link and login to his logistics partner’s back end. The link directed him to a duplicate phishing site that stole their credentials, and ultimately, all the funds were drained from their online funds.Lesson: Only trust the official website or app when performing transactions. If in doubt, contact the platform (logistics company) by using a verified contact or phone number online.
Being aware of these stories can make you better prepared to identify and avoid similar situations. Learning from the experiences of fellow Filipino entrepreneurs in the e-commerce space will allow you to be more cautious and protect your hard-earned money.
FAQ Section
Here are some frequently asked questions that you may encounter:
Q: What should I do if I suspect I’ve been scammed?
A: If you suspect you’ve been scammed, immediately stop all communication with the scammer. Gather all evidence you have, including emails, messages, and transaction records. Report the scam to the Philippine National Police Anti-Cybercrime Group, the National Privacy Commission (if your personal information has been compromised), and your bank or payment gateway. You may also want to file a complaint with the Department of Trade and Industry if the scam involved a business.
Q: How can I tell if an email is a phishing scam?
A: Look for red flags like a generic greeting (“Dear Customer”), spelling and grammatical errors, urgent requests for personal information, and a suspicious sender’s email address. Always hover over links before clicking them to see where they actually lead. If you’re unsure, go directly to the website of the company in question and log in from there.
Q: Is it safe to sell on social media platforms like Facebook Marketplace and Instagram?
A: While social media platforms can be a great way to reach customers, they also come with risks. Be extra cautious when selling on these platforms and take steps to protect yourself from scams. Use secure payment methods, verify the buyer’s identity, and be wary of large orders from new customers.
Q: How can I protect my business from investment scams?
A: Be very skeptical of any investment opportunity that sounds too good to be true. Do your research and get advice from a licensed financial advisor before investing any money. Never invest more than you can afford to lose. Look up the company and people involved in the Philippine SEC website. The SEC holds an archive of businesses in the Philippines, if they are missing, there could be a red flag.
Q: What is two-factor authentication (2FA), and why should I use it?
A: Two-factor authentication (2FA) adds an extra layer of security to your accounts. Even if someone manages to steal your password, they won’t be able to log in without the second factor, which is usually a code sent to your phone. This makes it much harder for scammers to access your accounts. Enabling 2FA is an essential step in protecting your business from online threats.
Q: How can I ensure my website is secure?
A: Some of the ways you can ensure your website is secure are by choosing a reliable and trusted hosting service. Hire cybersecurity specialists and implement their guidelines. Keep the web platform’s PHP updated as well as the CMS software to prevent malicious attacks.
Q: What should I do if my business’s social media account is hacked?
A: If your business’s social media account is hacked, immediately change the password. Report the hacking incident to the social media platform. Try to contact their customer service to help get your account back. Warn your followers to be cautious of any posts from the hacked account.
Q: Are there local programs to promote safe e-commerce in the Philippines?
A: Yes, there are local initiatives that promote safe e-commerce among consumers and small businesses, such as consumer education campaigns run by the DTI and other organizations. Stay updated on these programs to strengthen consumer knowledge and trust in e-commerce.
Q: What role does the Data Privacy Act play in preventing online scams?
A: The Data Privacy Act of 2012 requires businesses to safeguard the personal information of their customers. By enhancing data security measures, businesses can reduce the risk of data breaches and identity theft, which are often linked to many online fraud cases.
Q: What is the significance of having a privacy policy on my website?
A: A privacy policy is important as it assures your customers that you are transparent about how you collect, use, and secure their personal information. Adhering to the Data Privacy Act sets boundaries and builds the trustworthiness of customers.
References
- Digital 2024: Philippines
- Anti-Cybercrime Group
- National Privacy Commission
- Department of Trade and Industry
- Philippine E-Commerce Roadmap 2022
- Data Privacy Act of 2012
Don’t wait until you become a victim. Take action today to protect your Philippine online store from scams. Implement the steps we’ve discussed in this article, stay informed about the latest threats, and be vigilant. Investing in security is an investment in the future of your business! So, go ahead, make those changes. Your peace of mind (and your bank account) will thank you for it!






