receives compensation from some of the companies listed on this page. Advertising Disclosure
World's Best Boss

Do you have the world's best boss?Enter them to win two tickets to Sandals!

BDC Hamburger Icon


BDC Logo
Search Icon
Updated Mar 15, 2024

10 Scams That Prey on Small Businesses

author image
Jennifer Dublino, Contributing Writer

Table of Contents

Open row

Cybercriminals often target people with identity theft scams, credit card fraud and myriad other schemes designed to steal their money. Yet, as a small business owner, you are just as much a target. The stakes run high – cybercrimes can put your livelihood at risk and potentially close your business. 

As scammers get smarter, their methods of attack become trickier. They may use convincing emails or messages to bait crucial details. So, it’s essential for you and your team to stay alert and understand the potential risks. 

Here’s a look at 10 frequent scams that target small businesses. We’ll also provide some useful guidance on how to sidestep such threats. 

Did You Know?Did you know

Cyber insurance can protect your business if it becomes the victim of a scam, data breach or other type of cybercrime.

10 scams that prey on small businesses

Even the savviest professional can fall victim to convincing business scams. Here are 10 cyber risks to watch for

1. Spear phishing

Phishing is basically a common scam where swindlers trick individuals, via email, into sharing confidential data or transferring money. Spear-phishing is a more advanced version, where the scam is personalized and aimed towards certain individuals or groups, often resulting in substantial financial rewards for the criminals. 

In a typical spear-phishing situation, the perpetrator disguises themselves as someone familiar to the victim, such as a co-worker, boss or business partner, asking for money or payment details. It can be tough to tell apart a spear-phishing email from a normal one. 

A classic example is a scammer posing as the company’s CEO emailing an urgent money request to the accounting department. If the team doesn’t confirm the sender by checking the email details, they may do the money transfer immediately, not realizing they’ve been duped. This kind of fraud often goes uncaptured in numerous firms until the money has already been transferred. 

Scammers can also pretend to be vendors, suppliers or partner businesses, basically, anyone who could realistically ask for payment. 

To steer clear of spear-phishing attacks, make sure your staff never fulfill money requests without confirming them. You should know, many scams resort to fear tactics or give a false urgency, so having a standard verification process for financial requests is key. 

Also, it’s crucial to check the details of the sender’s email, specifically if the message asks for any private details or money. A spear-phishing email often looks legitimate, but a click on the sender details often reveals a weird or unknown address. 

2. Fake invoicing

If a scammer gains access to an email account, they can intercept and edit incoming emails from companies you work with, like suppliers and vendors. Business coach Robin Waite described a common scam affecting businesses in the U.K. where hackers edit invoices from supply companies.

“Typically, all they change is the bank details on the PDF document,” Waite said. “The target then … unwittingly sends the payment to the criminals instead.” This scam can also occur through the mail. Scammers may send invoices for supplies that were never delivered, or they may even request money for web domain name charges.

“Business owners should train anyone who opens the U.S. mail to not fall victim to fake invoices for internet domain renewals,” said Jacob Ackerman, an engineer at Pure Storage. “Domains are purchased and renewed online. There are marketing companies who use the U.S. mail to send renewal notices for domains in hopes of getting that unknowing business to make a payment.”

TipBottom line

Antivirus software is a fundamental first line of defense against cyberthreats. Check out our reviews of the best antivirus and internet security software to find a solution your small business can easily implement.

3. Unsolicited services or products

Scammers often send products or provide services and then issue an invoice for an inordinate amount of money. This scam is like fake invoicing, except small businesses may be getting a “product” from the criminal.

A typical example is fake phone book companies. Scammers will call or email businesses and ask for basic information to update a phone book. After receiving the info, they’ll send an invoice along.

“The companies attempt to use your verbal confirmation – if over phone – or signature – if through mail – as proof [that it’s] OK to initiate a billed contract with their company,” said Ben Huber, co-founder of DollarSprout. “In reality, you were duped into thinking your telephone number was listed free of charge.”

4. Fake SEO experts

Running a small business, you understand the fierce competition for visibility on search engines such as Google. A good Google rank makes it simpler for clients to discover your business and ultimately become a customer. Genuine SEO experts have the tools to craft digital marketing plans that enhance your business’s digital footprint. Remember, real digital marketing agencies won’t suddenly drop you an email asking for payment. 

Beware of an emerging trick where a so-called “SEO expert” contacts your small business with a comprehensive proposal to boost your Google ranking, all for a price. 

According to Ian Wright, the founder of Merchant Machine, there’s a high possibility this is a scam. They could simply take your payment without doing any work, or worse, steal your payment information. Alternatively, they might do the work but continue billing you for a sustained period. And on attempting to halt the payments, they threaten you with negative SEO assault. 

When you receive a solicitation email from any company, it’s crucial to approach it with healthy skepticism. 

TipBottom line

Clearly outline your IT department’s role in cybersecurity, empowering it to be proactive about security measures like secure passwords, ongoing training and vulnerability scans

5. Fake calls

Businesses often receive solicitation calls from other companies trying to advertise or sell their services. However, some calls, especially those with automated voice recordings, are scams. These automated callers claim to work for companies like Google. Generally, they’re advertising services and requesting payment or vital business information. These calls are almost always a scam.

“Neither Google nor any reputable SEO agency on earth will robocall an office, yet [these scams] are extremely active,” said Josh Loewen, co-founder of The Status Bureau. “The scam is to get you onto the phone, then pair you with an overseas salesperson that will guarantee you higher Google rankings.”

6. Stolen identity

You probably know that scammers can steal an individual’s identity, but did you know criminals can steal a company’s identity? In this scheme, scammers set up a fake website using an existing company’s name and address. Customers and vendors think the company is one they’ve worked with and trust and unknowingly switch to the clone business. 

When they end up not getting the product or service they were promised, the actual company’s reputation is tarnished, and your company may even get into legal trouble.

7. Fake charity solicitations

It’s quite common for genuine charitable groups to reach out to businesses for contributions. However, bear in mind that not every request may be genuine. Unfortunately, there are dishonest individuals who pretend to represent charities, capitalizing on the goodwill of businesses willing to provide support. Be cautious and always verify the legitimacy of every request for donations. 

8. Office supply scams

Every office needs office supplies, making them a target for this scheme. Scammers call business owners saying they’re selling business surplus merchandise at a reduced price, often due to an order cancellation. The business agrees to buy the supplies, but they never materialize – and their money disappears.

9. Vanity award scams

With this scam, your business receives an email congratulating it on winning some kind of award along with a link to claim the award. Once you click the link, you find out that to get the award, you must pay a fee that is often several hundred dollars.

10. Overpayment scams

This hustle seems like a normal business relationship at first. However, the “customer” sends you a check for more than they owe you and asks you to wire the difference back to them. Then, the check bounces, and you are out the money you wired plus any of the check proceeds that you spent.

TipBottom line

If you’re wondering if you’re at risk of cybersecurity threats, conduct a cybersecurity risk assessment to see how vulnerable or protected your business is.

Tips for avoiding business scams

Protect your business’s sensitive information, reputation and finances by implementing these tips and best practices:

  • Educate your team. Share this article with your employees so they know what to look for. Consider implementing a data loss prevention policy so that everyone is aware of internal and external threats.
  • Communicate about scams. Encourage employees to talk to each other when they discover a scam. Scammers often target more than one person in the organization.
  • Set email protocols. Train employees never to send sensitive information via email.
  • Verify receipt of goods and services. Have accounts payable staff review invoices closely and verify that the company received the products and services for which it’s being billed.
  • Limit invoice approval. Limit invoice approval to a key individual or small accounting team, and ensure there’s a clear approval process.
  • Scrutinize payment methods. Avoid paying by wire, reloadable card or gift card, which are common ways for scammers to demand payment.
  • Verify caller and emailer identity. Scammers sometimes clone the number that shows up on your caller ID, so they look like they’re calling from a legitimate company or government agency. They may also send emails from a domain that looks similar to one you trust. Instruct staff to be skeptical of all callers and emailers until verifying their identities. Consider setting up an identity and access control system to identify individuals.
  • Set email behavior protocols. Instruct employees not to open attachments, click links or download files from unexpected emails. These links or files may be sources of ransomware, viruses or cyber extortion.
  • Investigate partners and vendors. Before doing business with a company for the first time, search the company’s name online with the word “scam” or “complaint.”
  • Research charities. If a charity solicits your business, research it to be sure it’s legitimate. You can do this at websites like Charity Navigator or 

Matt D’Angelo contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.

author image
Jennifer Dublino, Contributing Writer
Jennifer Dublino is a prolific researcher, writer, and editor, specializing in topical, engaging, and informative content. She has written numerous e-books, slideshows, websites, landing pages, sales pages, email campaigns, blog posts, press releases and thought leadership articles. Topics include consumer financial services, home buying and finance, general business topics, health and wellness, neuroscience and neuromarketing, and B2B industrial products.
BDC Logo

Get Weekly 5-Minute Business Advice

B. newsletter is your digest of bite-sized news, thought & brand leadership, and entertainment. All in one email.

Back to top