Menu
Business.com aims to help business owners make informed decisions to support and grow their companies. We research and recommend products and services suitable for various business types, investing thousands of hours each year in this process.
As a business, we need to generate revenue to sustain our content. We have financial relationships with some companies we cover, earning commissions when readers purchase from our partners or share information about their needs. These relationships do not dictate our advice and recommendations. Our editorial team independently evaluates and recommends products and services based on their research and expertise. Learn more about our process and partners here.
Scammers could be targeting your business. Be prepared.
Cybercriminals often target people with identity theft scams, credit card fraud and myriad other schemes designed to steal their money. Yet, as a small business owner, you are as much a target. The stakes are high — cyberattacks and stealthy schemes can put your livelihood at risk and close your business potentially.
As scammers get smarter, their attack methods become trickier. It’s critical for you and your team to stay alert and understand the numerous potential risks. Here’s a look at 11 frequent scams that target small businesses and how to sidestep them.
Even the savviest professional can fall victim to convincing business scams. Consider the following schemes your business may face.
In phishing scams, swindlers use email messages to trick individuals into sharing confidential data or transferring money. Spear phishing takes things to a new level, personalizing attacks and directing them toward specific individuals or groups, often resulting in substantial financial rewards for the criminals.
In a typical spear phishing situation, the perpetrators disguise themselves as someone familiar to the victim, such as a co-worker, boss or business partner, and ask for money or payment details. Scammers can also pretend to be vendors, suppliers or partner businesses — any entity that might seek payment from a business.
Here’s an example: A scammer poses as a company CEO and emails an urgent money request to the finance team. An unsuspecting team member may transfer the money immediately and not realize they’ve been duped.
Differentiating a sophisticated spear phishing email from a genuine message can be quite challenging. To help your business steer clear of spear phishing attacks, take the following measures:
If a scammer gains access to an email account, they can intercept and edit incoming emails from companies you work with, like suppliers and vendors. Business coach Robin Waite described a common scam affecting businesses in the United Kingdom where hackers edit invoices from supply companies. “Typically, all they change is the bank details on the PDF document,” Waite explained. “The target then … unwittingly sends the payment to the criminals instead.”
This scam can also occur through the mail. Scammers may send professional-looking invoices for supplies that were never delivered or request payment for services like web domain name charges. “Business owners should train anyone who opens the U.S. mail to not fall victim to fake invoices for internet domain renewals,” advised Jacob Ackerman, an engineer at Pure Storage. “Domains are purchased and renewed online. There are marketing companies who use the U.S. mail to send renewal notices for domains in hopes of getting that unknowing business to make a payment.”
Scammers often send products or provide services and then issue an invoice for an excessive amount of money. This scam is like fake invoicing, except small businesses may get a “product” from the criminal.
A typical example is fake phone book companies. Scammers call or email businesses and ask for basic information to update a phone book. After receiving the information, they send an invoice for a listing you never wanted or asked for.
“The companies attempt to use your verbal confirmation (if over the phone) or signature (if through mail) as proof [that it’s] OK to initiate a billed contract with their company,” explained Ben Huber, co-founder of DollarSprout. “In reality, you were duped into thinking your telephone number was listed free of charge.”
Business owners understand the fierce competition for high search engine rankings. If you appear at the top of a Google search results page, potential customers can find you more easily. Genuine experts — and a little research on your own — can help you build an SEO strategy to drive web traffic to your site. However, fake “SEO experts” may try to entice you with a comprehensive proposal to boost your Google ranking for an exorbitant price.
Ian Wright, the founder of Merchant Machine, cautioned business owners to watch out for this scheme. These SEO scammers often take your payment without doing any work — or worse, steal your payment information. Alternatively, they might do the work but continue billing you for a sustained period. If you try to halt the payments, they’ll threaten you with a negative SEO assault.
When you receive a solicitation email from any company offering business services, it’s crucial to approach it with healthy skepticism and thoroughly research any potential vendor.
Businesses often receive solicitation calls from other companies advertising or selling their services. However, some calls, especially those with automated voice recordings, are scams. These automated callers claim to work for companies like Google. Generally, they advertise services (including SEO services, as described above) and request payment or vital business information. These calls are almost always scams.
“Neither Google nor any reputable SEO agency on earth will robocall an office, yet [these scams] are extremely active,” explained Josh Loewen, co-founder of The Status Bureau. “The scam is to get you onto the phone, then pair you with an overseas salesperson that will guarantee you higher Google rankings.”
You probably know that scammers can steal an individual’s identity, but did you know criminals can steal a company’s identity? In this scheme, scammers set up a fake website using an existing company’s name and address. Customers and vendors think the company is one they’ve worked with and trust and unknowingly switch to the clone business.
When they end up not getting the product or service they were promised, the real company’s brand reputation may be tarnished and it may even face legal trouble.
While you can’t entirely prevent someone from stealing your business’s identity, you can be vigilant about monitoring your company’s reputation and communicating with customers.
It’s quite common for genuine charitable groups to reach out to businesses for contributions. However, not every request is genuine. Unfortunately, dishonest individuals may pretend to represent charities, capitalizing on the goodwill of businesses willing to provide support. Be cautious and always verify the legitimacy of every request for donations.
Every office needs office supplies, making them a target for this scheme. Scammers call business owners and say they’re selling surplus merchandise at a reduced price, often due to an order cancellation. The business agrees to buy the supplies, but the supplies never materialize — and the business’s money disappears. The only way around this scam is to do your due diligence on any vendor you purchase from.
With this scam, your business receives an email congratulating it on winning some kind of award, along with a link to claim the award. Once you click the link, you will learn that to get the award, you must pay a fee that is often several hundred dollars. Be aware of vanity scams and understand that you’ll never have to pay for a true honor.
This hustle seems like a typical business relationship at first. However, the “customer” sends you a check for more than they owe you and asks you to wire the difference back to them. Then, the check bounces and you lose the money you wired and any of the check proceeds you spent. To avoid this scam, always know who you’re buying from and never accept an overpayment for products or services. If you accept checks, ensure they clear before delivering your product or service.
The ERC is a legitimate COVID-19-era tax credit designed to help eligible businesses that retained employees during the pandemic. Although the credit is no longer available for recently paid wages, businesses can still apply retroactively until April 2025 to benefit from paying qualified wages between March 13, 2020, and December 31, 2021.
However, unscrupulous individuals and organizations are attempting to deceive businesses into believing they are entitled to the credit when they do not meet the qualifications. These scammers use aggressive marketing campaigns, promising an easy application process and insisting that many businesses have missed out on money they’re owed.
These scams often involve significant upfront fees for “assistance” with applying for the credit while downplaying or ignoring its strict eligibility requirements. Businesses that improperly claim the ERC could face severe consequences, including audits, penalties and hefty repayment costs. It’s critical to consult with a qualified tax expert to ensure compliance with ERC regulations before applying.
Protect your business’s sensitive information, reputation and finances by implementing the following tips and best practices: