Small Business Advice

How to protect yourself and your business from scammers

With online scams on the rise, make sure to protect your business, your clients, and your finances with this helpful guide.

Jump to:

Table of Contents

Online scams have been common in the digital age, but with the COVID-19 pandemic, fraudsters are finding more opportunities to conduct scams than ever before. One of the best ways to protect your financial interests and your business is to not only be aware of traditional scams, but newer scams that may use sophisticated emotional and technical tactics to gain access to your private information. 

Together, these tactics are referred to as Social Engineering, because although tech is an important part of an online scam, it can be easier to get someone to volunteer information as opposed to “hacking” it. Using your trusting nature against you is crucial to making the scam work.

Common Tactics

Scammers use a variety of tactics to victimize businesses and individuals, typically posing as vendors, sending fake invoices or offering fake services. 

“The five best-known business scams are: tech support scams, government agency imposter scams, directory listing and advertising scams, fake check scams and bank/credit card company imposter scams.” -- Better Business Bureau Scams and Your Small Business Research Report

Within these tactics, scammers are primarily looking for the same two things: money and/or personal information. Money can come in the form of cash/wire transfers, gift cards, cryptocurrency, etc. Information like your SSN, EIN or bank information can be equally valuable to scammers, as it can be used to access your finances or used to sign up for financial products (such as credit cards, bank accounts, etc). Regardless of how official or secure something appears, if you get an unexpected request for sensitive information, make it a habit to double check for signs of a scam.

What Counts as Sensitive information?

Anything that personally identifies you. Business information that you commonly share like your SSN/EIN or bank account number may not seem like enough to do any damage, but when used with other tools, scammers can steal your identity and/or finances. A scammer may send fraudulent emails or text messages to trick a target in giving out their personal information. This is known as a phishing scam, and it is a common tactic used to get a target’s passwords, account numbers, etc, in order to gain access to their email, bank or other accounts. Be wary of any links you receive from unknown sources, especially if they have a false sense of urgency.

Be Aware of Emotional Manipulation

Someone operating a scam will commonly use emotional tactics to engage their victims,  sometimes tempting them with fake awards, non-existent advertising services or work from a mysterious new “client” who’s willing to pay double. They may also try to use fear or desperation by convincing you that they represent one of your utility companies, the IRS or even disaster relief. 

In either case, they will attempt to create a false sense of urgency to get you or one of your employees to act quickly without thinking it through. This is why it’s a good rule of thumb to...

Verify Everything

If something even seems a little bit fishy, trust your gut, and verify what you’re looking at. Remember that institutions like the IRS have available information about how they contact individuals and businesses. If someone calls you claiming to be your bank or utility company, ask them if you can call them back using their listed company number. Don’t be afraid to Google something you experienced to see if someone else has encountered a similar scenario. A lot of scams use common tactics to target as many people as possible and possibly reach multiple members of the same team. If you encounter something suspicious, you’re probably not the only one. This means you also want to verify things within your business. If you get an email from a coworker with a suspicious request or attachment, follow up with them directly to see if they meant to send you that email. Business email compromise or BEC scams works using three methods: 

  • Using a random email address with a sender name that you recognize
  • Setting up a domain name similar to your company domain name (for example: vs 
  • Getting access your boss or co worker's real email account and contacting you directly

 Make it common practice to double check vendor relationships, communicate suspicious messages as well as using the company directory to call a coworker and verbally verify a request for payment or information.

“These scams typically involve a criminal spoofing or mimicking a legitimate email address. For example, an individual will receive a message that appears to be from an executive within their company or a business with which an individual has a relationship. The email will request a payment, wire transfer, or gift card purchase that seems legitimate but actually funnels money directly to a criminal.” -- Internet Crime Complaint Center, FBI

In addition to keeping your team up to date, make sure that you…

Keep Your Tech up to Date

This doesn’t mean you have to go out and buy a new computer, but there are things you can do to improve your computer’s security and how your computer works:

  • Consider a trusted VPN, ad blockers and an anti malware program to help bolster your security.
  • Update your operating system and web browser regularly so they stay up to date on security. 
  • If you provide computers to your employees, make sure there are no weak links in the chain by keeping their software updates current.  
  • It’s important for everyone on your team to use different passwords and to change them regularly. That can feel like a lot to remember but using a password manager can help keep your passwords organized and up to date. 
  • Even if someone discovers your password, you can add a layer of login protection with 2FA (Two factor authentication). 2FA basically allows you to have your system double check with you if someone tries to use your login information and has become so common that Google has added it to their stable of free services

Know the Resources Available to You

Many of the sources cited in this post come from places like the Better Business Bureau or government offices like the FTC that offer lots of free resources you can use to inform yourself and your team. You can take steps to block automated calls and texts and you can even sign up for scam alerts!

The people who work to track and stop scams are also interested in hearing from you if you have encountered a scam. Reporting scams helps them to learn more about how they can help to protect your information and financial security.

According to the Better Business Bureau, 82% of the small businesses they surveyed think that other businesses are more likely to get scammed than their own, while 63% of the same survey group said that, to their knowledge, their business had been exposed to at least one scam attempt in a three year period. 13% claimed to have been harmed by a scam, primarily citing losing money as well as lost information, damaged reputation and loss of customer trust. Depending on the damage, money can often be replaced, but re-building your reputation or the trust of your clients can be much harder. Even if you have measures in place to protect your business, it’s important to remember that scammers are constantly evolving and trying new things. Proactively protecting your interests can save you a lot of effort in the future if a scam is able to get past your defenses.

Free report and guide
How COVID-19 Impacted Incomes of the Self-Employed Workforce
How did the pandemic impact the income of  gig workers and entrepreneurs? Download to learn more.
Get The Report

Frequently asked questions

No items found.