Click here to listen to The Top Ten Business Scams podcast

 Small organisations and large organisations face different issues with scams, largely because large organisations usually have better protection for their confidential information.  However, large organisations are more frequently targeted by scammers because they typically have more people to scam and more information to be stolen.

We all know the stories of big banks being defrauded by hackers, having data breaches etc. but most of these scams can occur anywhere at any time and it’s sensible to be aware and to protect confidential information as best you can.  


The most common business scams are:-

1.      Ransomware

This is where malware gets into your computer and encrypts some of your files. It then gives a message on screen demanding a ransom to be paid otherwise your files will be left encrypted or deleted.

This form of blackmail has hit numerous small companies. In some cases they choose to pay up what can be a significant amount of money and in other cases people either abandon hope of getting their files back or seek professional help.

Even if you pay, you may not get the decryption key.

2.      Phishing / Identity Fraud

This is where you receive messages claiming to be from someone trustworthy or in authority such as your bank or HMRC or the local council or even Marks and Spencer or Tesco etc. The message is to get you to divulge confidential information – whether by return email or by clicking on a link which takes you to what appears to be a valid website but was created by scammers. You enter your information and the scammer has got it and can sell that or attempt to scam you or take out a loan in your name etc.

Email is the most common way of doing this, but you might be targeted by text message or by phone. If you’re suspicious, ask to call them back and see if the number matches your bank’s real phone number. Don’t call back immediately or if possible call from another phone, just in case the scammer has stayed on the line waiting to pretend to be your bank.

Scammers got to great lengths to get full identity information from people as that sells at a high price. You may not even know if someone has stolen your identity until you are notified of payments due on loans you did not take out or notice irregularities on your bank statement or credit card statements.

Once your identity has been stolen, it’s a lot of hard work and weeks if not months to get things sorted out. 

3.      Email Spoofing

Most scammer’s emails show the real senders address. So you may get an email claiming to be from Lloyds Bank but the senders email is actually something quite different and that tells you it’s a fake.

However, some scammers are able to ‘spoof’ email addresses i.e. make it appear that an email has come from who they say.  This can lead to you trusting the email so this is dangerous.

For example, a member of the Finance team gets an email that appears to be from the Chief Exec requesting a movement of funds to another bank account. If the scammer picks a day when the Finance boss is away then the scammers request may be enacted without any checks. Some companies have lost a great deal of money by this means.

The email asks the recipient to make an urgent payment to a specified beneficiary, bypassing normal procedures because of exceptional circumstances, e.g. a special deal that is only available for a few hours. In reality, the fraudster has spoofed the email address of the executive.

4.      Tech Support virus scam

This is a very common scam where the caller claims they are calling from Microsoft or your Internet broadband supplier or IT department and tells you that you have a virus on your computer. The caller goes on to take control of your computer, convince you there is a major problem and charge you for removing that non-existent problem. In organisations with an IT department, you would hope that people would not fall for this kind of scam, but it still happens.

5.      Online Purchases – Fake invoices

Action Fraud reported a large increase in the number of fake invoice scams in 2016. You select and pay for an item online but it never arrives. Or you receive an invoice for goods delivered but it’s fake.  Whether or not companies get caught by this scam depend on how well organised their systems are for identifying invoices correctly with deliveries and purchase orders.

There are also many fake websites set up to look legitimate – always be careful when purchasing from the website of an organisation you haven’t dealt with before.

6.      Online Reputation Damage

The reputation of any organisation is important and some scammers try to make money by damaging or threatening to damage that reputation through fake reviews, social media comments and negative feedback.

One typical such scam is where a small business gets messages offering to improve their online reputation. Many think these requests can be ignored but then over a period of weeks things go wrong – social media messages appear from disgruntled customers, fake allegations of impropriety appear on the Internet, reviews appear that show the organisation in a very bad light.

What can be done about this? It is difficult to deal with, as proving who is behind such an onslaught is never easy. Some give in and pay for reputation improvement - which would never have been needed but for the involvement of the scammer.

Companies must ensure their social media and other Internet presences are monitored  and any problems dealt with as soon as possible. 

7.      Advertising and Directories

These scams involve email or calls about updating your company entry in a business directory or about discount advertising available but only for a short period. Neither is value for money.  Small companies are more at risk of these types of scams as they are less likely to have professional Marketers who can avoid these scams.


8.      Government Grant

Government grant scam. This scam comes in the form of a phone call, email or letter informing you that your business qualifies for a government grant. In order to receive the grant, you must first send a processing or delivery fee, usually via Western Union or similar wire transfer.

It's almost impossible to trace this type of payment once it's completed.

9.      Fake Cheques

The fake cheque scam is either simply a fake cheque in payment for goods or a fake cheque that is an overpayment. The scammer then calls and asks for the over payment to be refunded. Many people don’t realise that after 5 working days the money from the cheque will be in your account but for two further working days it is possible the bank will withdraw that money if the cheque bounces. If someone overpays by cheque you need to wait 7 working days before issuing a refund.

10.  Unsolicited Goods


A delivery of goods is received and an invoice. All seems in order so the invoice is paid. Them it is realised that the person the goods are supposedly for did not order them. You have paid (probably much over the odds) for items you didn’t order. Keep a close eye on who can place orders and how invoices are matched up with delivered items. 

Do Share this post on social media – click on the icons at the bottom of the article.