Common business scams: how to protect your company

person entering credit card details on computer

From fake government grant phishing attempts to technical support scams, fraudsters are continuing to use the Covid-19 pandemic as an opportunity to target individuals and businesses. It’s more important than ever to stay vigilant and to be able to recognise the warning signs. In this blog post we give an overview of some of the most common types of scams and some tips on how to protect yourself and your business.

5 common scams to watch out for

A scammer’s goal is to deceive you into giving them money, valuable personal details, or access to your computer. They may approach you by email, text, phone call, social media, or in person. Here are five types of scams to be aware of:

1. Impersonation scams

Cybercriminals often impersonate a trusted organisation such as the government, the bank, or the police, and try to trick you into making a payment or handing over your company’s financial information. Throughout the pandemic many businesses have received fraudulent emails and texts purporting to be from the government or HMRC, telling them that they’re owed a tax refund or are eligible for financial support. These messages usually link to a fake website to enter your personal details.

How to stay safe: always be wary when you’re contacted unexpectedly and asked to provide your personal information. If in any doubt, verify the message by contacting the organisation directly with the phone number or email address on their official website. To report scams, forward texts to 7726 and scam emails to [email protected]. And remember, never open attachments or click on links in suspicious messages, as they may contain malicious software.

2. CEO fraud

This is where a fraudster impersonates the CEO or another senior member of staff by hacking into their email account, spoofing their email address, or using a look-alike email address. They send an email to an employee, often someone who works in the finance department, asking them to transfer them money or to reveal confidential information.

How to stay safe: educate your employees, particularly those in the finance team, about CEO fraud. Ensure that they are cautious of any unexpected emails requesting urgent payment. Put policies and procedures in place that make proper documentation and approvals mandatory before money can be transferred or sensitive data shared.

3. Investment scams

A scammer emails, phones, or sends you a social media message about an investment opportunity. This might be completely fake, or the scammer may impersonate a real investment firm. The fraudster may sound knowledgeable and have a website, testimonials, and resources that appear legitimate. Often they will try to pressurise you into making a rushed decision by saying that the opportunity is only available for a short time, or offering a bonus or discount if you sign up before a certain deadline.  

How to stay safe: reject any unsolicited investment pitches. Visit the FCA register to see if the firm or individual is authorised and check the warning list of firms to avoid. Always use the contact details on the FCA register rather than the details the firm gives you, and check for subtle differences, as it might be a ‘clone firm’.

4. Invoice and mandate scams

Criminals can find out about supplier relationships in various ways, including hacking email accounts or researching publicly available information. They may send you an invoice that appears to be from a genuine supplier but has their own account details. Or, posing as a regular supplier, they may ask you to update the bank account details you hold on file. You’re then tricked into sending money to the criminal’s account instead of that of the genuine supplier.

How to stay safe: if you receive a request to change payment details, contact the supplier to verify the request using contact details you have on file or from its official website. Make sure your employees, especially those responsible for making payments, are aware of this type of scam and check invoices carefully. Compare them to previous invoices you know to be genuine, and look for subtle differences in logos, bank account details, or contact information.

5. Tech support scams

A tech support scammer may phone you and claim to be a computer technician from a well-known company. They’ll tell you that there is a problem with your PC, and will try to gain remote access in order to steal personal or financial information or to install malware. Another method they commonly use is pop-up windows. These appear in your web browser as alert messages, warning you that your computer is infected.

How to stay safe: having technical support, either in-house or outsourced, is a good idea for all companies. Make your employees aware that they should only trust your tech support team to fix their IT issues, and that they shouldn't click on any links in pop-ups or call any listed numbers.  


Tips to protect your company

Here are a few ways in which you can protect your business:

  • Employee training – your employees play a critical role in keeping the organisation safe. Provide training so that they’re able to identify cybersecurity threats and report them.
  • Make sure you have the right technology – consider getting an antivirus software package with extra features to prevent scams. Always keep your antivirus software, operating system, and browser up to date.
  • Think about what you share in the public domain – if you have information about your suppliers on your website, for instance, then you might want to think about removing this to reduce the risk of invoice scams.
  • Have clear rules and procedures for paying invoices, bringing on new suppliers, and updating their bank details – ensure that your employees are aware of these, and regularly review your internal processes.