Protect your small business from these top 10 scams

Cybersecurity Panel

Scams can impact every business, regardless of location, size, or industry. But they are especially a problem for small businesses. Local businesses and startups often don’t have the cybersecurity support or established accounting processes of larger companies. This can make them more vulnerable to scams.

According to data released earlier this month by the FBI, more than $43 billion has been lost through business email compromise and email account compromise scams since 2016. Further, check and payment tampering fraud schemes were four times more common in small businesses than in large organizations in 2020, notes the Association of Certified Fraud Examiners. And in the U.S., the average data breach cost companies $9 million and took over 200 days to be identified in 2021, according to data from the Federal Trade Commission.

Fortunately, knowledge is the best protection, advises the Better Business Bureau. If you own or work for a small business, be sure to stay informed about these common scams and report them if your business is targeted:

 Business email compromise (BEC): Business email compromise fraud is an email phishing scam that typically targets people who pay bills in businesses, government, and nonprofit organizations. It has resulted in more losses than any other type of fraud in the U.S., according to the FBI.

In BEC fraud, the scammer poses as a vendor or other trusted source, who sends an email to an accountant or chief financial officer. The email asks them to wire money, buy gift cards, or send personal information, often for a plausible reason. If money is sent, it goes into an account controlled by the con artist.

Phony invoices: Businesses receive fake invoices demanding payment for products or services never ordered or received. The most common scams involve office supplies, website or domain hosting services, and directory listings. Often, if you look closely, you’ll see fine print that identifies the bill as a solicitation. Generally, the amount is small enough to not initially raise a red flag.

Directory scams: This scam has plagued businesses for decades. In it, con artists attempt to fool businesses into paying for a listing or ad space in a nonexistent directory. In some cases, the directory will technically exist, but won’t be distributed to potential customers. Other times, the scammer might lie about being with a legitimate directory, such as the Yellow Pages. Either way, the business is billed hundreds of dollars for listing services they didn’t agree to or for ads that were never placed.

Stolen identity: Scammers often pretend to be a legitimate company to trick consumers. Scammers set up fake websites and “hijack” your company name and address. They may also use brand hijacking — the blatant copying and misuse of company logos and website content — to impersonate a business and deceive unsuspecting visitors. In this con, the company doesn’t necessarily lose money. However, their reputation is tarnished when angry customers who were ripped off by scammers think the real company is responsible.

Charity pitches: Most businesses are regularly asked to donate funds to charitable causes. While many requests are legitimate, every year small businesses become victims of fraudulent or deceptive charitable solicitation schemes. Research charities and see more giving tips at

Phishing scams: Phishing scams attempt to steal sensitive information about your business. These scams often appear to be legitimate emails or text messages. However, when you click on the link, you download a virus that captures personal information or load a form that asks for bank account or credit card details. Be leery of unsolicited messages and don’t click on links. Instead, hover over the link with your cursor to see the real address. Also, be sure your computer has the proper firewall and computer protection software.

Office supply scams: Businesses receive an unexpected telephone call from someone claiming to represent a reputable company with which the firm often does business. Sometimes scammers will even call in advance to find out what brand of supplies or equipment the business uses. The scam caller will try to sell the business surplus merchandise at a reduced price, citing a cancellation or over-order by another purchaser. The merchandise doesn’t exist. Don’t be fooled.

Coupon books: Small business operators are often approached to participate in coupon book promotions. The business offers discounts or extras in the coupon books that are sold by promoters to consumers. Problems occur if the promoters change the terms of the coupons, oversell the books, or distribute them outside the company’s normal business area. Make sure the coupon book is being promoted by someone you trust, and that the terms and conditions are clearly spelled out.

Vanity award scams: A vanity award scheme capitalizes on a company’s excitement for an award that essentially holds no value. This con typically targets business owners through email campaigns. The scam email congratulates the owner on their selection for the award and invites them to click a link for further details on how to claim the prize. But, of course, claiming the honor involves paying a several hundred-dollar fee. Always research the organization offering the “award.”

Overpayment scams: In this scam, the person you are doing business with sends you a check for more than the amount they owe you. Then, they instruct you to wire the balance back to them. Or they send a check and tell you to deposit it, keep part of the amount for your own compensation, and then wire the rest back. The results are the same: the check eventually bounces, and you’re stuck, responsible for the full amount, including what you wired to the scammer.

Tips to avoid small business scams

BBB offers these tips to help small businesses protect themselves:

  • Keep good records. Keep documentation of all orders and purchases. This will help you to detect bogus accounts and invoices.
  • Be extra careful with payment procedures. Establish payment authorization procedures, including a multiperson approval process for transactions above a certain dollar threshold.
  • Avoid some payment methods when possible.Wire transfers, pre-paid debit cards, and gift cards are scammers’ preferred methods of payment. Always confirm that any request for payment with untraceable methods such as these are verified by an authorized source.
  • Double-check vendors. Make sure that the business billing you is a business you’re familiar with and normally do business with. If not, question it. Get the name of the person you speak with, the company name, address, phone, and website.
  • Be careful what information you share. Do not give out information about your business unless you know what the information will be used for. Never provide personal information or financial details to anyone you don’t know.
  • Protect your devices. Make sure you have proper computer protection software and a firewall. Don’t click on links inside unsolicited emails. They could spread malicious software or viruses.
  • Spread the word. If your employees know about the scam, they’ll be more likely to spot it. Tell your colleagues too.

If you spot a scam, report it to Your report can help stop the scam. Also be sure to alert the state attorney general’s office at

Click here to sign up for the free IB Ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.