How to protect your business against six common scams

Blogs 8 Oct 2024

As cybercrime continues to rise, businesses of all sizes are increasingly vulnerable to scams. From phishing to identity theft, discover how you can protect your small business against scams and fraud with our top tips.

A version of this article was first published here in October 2022

The number of scams designed to trick consumers into handing over their personal details and cash-in on current financial uncertainties has also been on the rise. A 2023 report by Cifas, the UK's leading fraud prevention agency, showed that £7.5 billion was stolen from 1 in 10 Britons over a 12-month period due to scams and identity theft. Pension scams, travel scams, and fake charities are all among the methods fraudsters have been using to dupe unwitting consumers.

It's estimated that as many as one-in-three people have already fallen victim to scams. If you suspect you've been targeted, it's important to know what to look out for and how to respond. We provide some tips below to help you protect yourself.

Cybersecurity threats are constantly evolving, making it essential for businesses to prioritise employee awareness and training. By equipping your workforce with the knowledge and skills to recognize and respond to potential threats, you can significantly strengthen your organisation's overall security posture.

Types of fraud

1. Remote access or computer software scams

This type of scam tries to convince you that you have a problem with your computer or internet connection. You’ll be called by someone who claims to be from your telecoms or broadband provider and they’ll request remote access or ask you to download software to your computer to fix a problem. By providing access or downloading the software, you’re providing the scammer with access to your computer. They’ll then look to compromise your security by accessing your sensitive information or financial accounts.

Our advice:

  • Never provide sensitive or personal information to an unsolicited caller.
  • Don’t be persuaded to download software or allow remote access to your computer or device.
  • Never share online banking login details or passwords with anyone.

2. Safe account scam

You’ll be contacted by someone claiming to be from a trusted organisation such as your bank (typically the fraud team) or the police, who’ll tell you that your account has been compromised in some way and that you need to move your money to a 'safe account'. The details they’ll give you will be fraudulent and once you move your money they’ll have access to it.

Our advice:

  • Your bank or the police will never ask you to move money to a “safe account” or send someone to your home to collect cash, cards or cheque books if you are a victim of fraud.
  • If you’re ever suspicious about any contact, always call the organisation back on a number you can trust (e.g. as detailed on your account statement).

3. Push payment fraud

Push Payment Fraud is where scammers convince a customer to transfer money to them. The scammers may pose as a legitimate business or individual who is known to you, typically via email, to inform you that their bank account details have changed and to make a payment to the new account. The scammer may have intercepted emails and therefore have information to make them appear convincing, such as information about who you are due to make payment to.

Our advice:

  • If you’re expecting to make a payment online or over the phone, always check the details with the person or business you’re paying, via an independently verified source, before you send your money.

How could a fraudster contact you?

4. Email scams (Phishing)

Email fraud is commonly referred to as ‘phishing’. Always be suspicious of unsolicited emails that are supposedly from your bank or some other trusted organisation because the address can be easily faked. The email will typically encourage you to click a link and log into your account, by telling you your account has been locked or that there’s been an unauthorised login attempt. In reality, the link in the email goes to a fake website that collects your information or targets your computer with a computer virus. Another version of this scam involves an email attachment, which is in fact a computer virus.

Our advice:

  • Be sceptical when it comes to your emails – if one looks even remotely suspicious, don’t open it or click on any links.
  • Look at how you’re addressed. Scammers will often use a general greeting such as Dear Sir, Dear Madam or Dear Customer. Poor spelling or formatting can also be giveaways, but you cannot always count on that.

5. Phone scams (Vishing)

Vishing (“voice phishing”) is the same as phishing, but you’ll be contacted by telephone rather than email. You’ll get an unsolicited phone call encouraging you to give out your personal details, such as sensitive financial information. The fraudsters might call you on your mobile phone or landline pretending to be calling from your bank or another mainstream provider offering a ‘one-time deal’ or an unsolicited upgrade. They may already have some of your personal information such as your name, address, or phone number to make them sound genuine.

Our advice:

  • Never give out your personal details (such as your online banking login details) over the phone, even to a caller claiming to be from your bank or the police.
  • If you get a call asking for this information, end the call immediately, wait at least 5 minutes and contact your bank on a trusted number. Never call back on a number that the caller has given you.

6. Text messaging scams (Smishing)

A text message might not be from who you think – Smishing is when scammers pretend a message is from your bank or another organisation you trust. They will usually tell you there’s been fraud on your account and will ask you to deal with it by calling a number or accessing a hyperlink. Please take a moment to stop and think if the message has come from a legitimate source.

Our advice:

  • Don’t click on any of the links, and check the number with your bank or financial institution to ensure that it is genuine.
  • If you click on the link by mistake, run a scan with your antivirus software to check for any malicious software.

Social Engineering: The Human Hack

Social engineering is a technique used by scammers to manipulate people into revealing sensitive information, and will often fall across multiple categories. Scammers often use psychological tactics to trick you into clicking on malicious links, downloading harmful files, or sharing personal details.  

Our advice:

  • Be sceptical: be wary of unsolicited emails, phone calls, and messages
  • Verify information: Double-check the sender's email address, phone number, or website URL before responding.
  • Avoid sharing personal information: Be cautious about sharing sensitive information, such as passwords, social security numbers, or bank account details.
  • Use strong, unique passwords: Create strong, unique passwords for each of your online accounts.

By understanding social engineering tactics and taking proactive measures, you can significantly reduce your risk of falling victim to these attacks.

Protecting your identity

Usually, identity thieves work online, looking for snippets of information about your life in social media posts and profiles, and unprotected email accounts. They exploit the fact that people like to share personal information with their online friends – and can be lax with security. Equally, they can find confidential information like National Insurance and bank account numbers in un-shredded rubbish. It doesn’t take many of these snippets for them to successfully steal your identity and wreak havoc with your life.

Our advice:

  • Never share account details or other information that you use to prove your identity with friends, family or other people.
  • Think about what you share on social media, such as date of birth and family members’ or pets’ names you also use in your passwords. Don’t post details or images of your driver’s licence, passport, NI number or other confidential items.
  • Never reveal private information in response to an email, text, letter or phone call unless you’re certain that the request is authentic. Call to check, on the number you know to be correct.
  • Install the latest software, app, and operating system updates on your computer and mobile devices. Better still, set them to update automatically.
  • Make sure all your passwords are strong and keep them safe. Don’t use the same password for more than one account. Use a strong and separate password for your email accounts.
  • Don’t connect to public Wi-Fi hotspots when doing anything confidential online.
  • File sensitive documents securely, and shred those you no longer need.

Take five to stop fraud

Take Five is an initiative led by UK Finance. Its aim is to encourage people to stop and take time to think before they act. Always remember these five rules:

  1. Never disclose security details, such as your PIN or full banking password
  2. Don’t assume an email, text, or phone call is authentic
  3. Don’t be rushed – a genuine organisation won’t mind waiting
  4. Listen to your instincts – you know if something doesn’t feel right
  5. Stay in control – don’t panic and make a decision you’ll regret

What to do if you suspect you’ve been a victim of fraud

Don’t be too embarrassed to report it – more and more people are being deceived by ever more sophisticated methods. If you believe you’ve fallen for a scam, contact your bank immediately on a number you know to be correct, such as the one listed on your statement, their website, or on the back of your debit or credit card.

Report it to Action Fraud on 0300 123 2040 or online. If you are in Scotland, please report to Police Scotland directly by calling 101 or Advice Direct Scotland on 0808 164 6000.

Free small business resources

Learn new skills with the Federation of Small Businesses. Explore hundreds of jargon-free articles, guides, webinars, training opportunities and more, all designed for small businesses and the self-employed.

Find out more