Federal Trade Commission and tax authorities encounter dozens of scams that target small businesses. Know the common schemes and the basic steps you and your staff can take to protect your company.
Top scams targeting small businesses
-
Tech support calls
Scammers call claiming to be from a well-known company and say your computer or email has been compromised. Legitimate tech firms rarely call first; these callers want credit‑card or remote access to your systems—do not provide either.
-
Phishing and malware emails
An email appears to come from a trusted business and asks you to verify account details or install an urgent "security update." These messages can install malware or harvest credentials. Only open attachments and links from verified senders and delete suspicious mail.
-
Directory listing scams
A consultant offers to list or "fix" your online directory entries (Google, Manta, etc.) for a fee. You can claim and edit most listings yourself online; decline unsolicited offers that request payment or card details.
-
Fake invoices
You get an invoice for supplies or services you did not order. Keep clear records and confirm orders before paying; if an invoice looks unfamiliar, contact the vendor using the number on file rather than the one on the invoice.
-
Loan robocalls
Auto-dialed calls or texts promise easy funding or lower rates and ask for personal information. These offers often seek identity or financial data—only pursue loans through verified lenders and official channels.
-
Tax-related impersonation
Someone claims your business faces legal action for unpaid taxes and demands immediate payment by phone. Tax agencies typically mail notices first; do not give social security, taxpayer, or payment details to unsolicited callers.
These are a few of the common scams that can affect small businesses. Train employees to recognize suspicious calls and messages, maintain organized records to dispute bogus charges, and secure devices and accounts with strong passwords and updates.
Consider business insurance options such as Security Providers Insurance, Security Audit Insurance, or e-Commerce Security Insurance to help manage cyber and liability risks. If you need help evaluating coverage, ask an agent.
Frequently Asked Questions
How should I respond to a suspicious tech support call?
Politely end the call and do not grant remote access or provide payment information; verify any claims by contacting the vendor directly using a known phone number.
What if an employee clicks a suspicious email link?
Disconnect the device from the network, change affected account passwords, and run malware scans; report the incident to your IT support immediately.
Can a real tax agency demand payment by phone?
Tax agencies generally send written notices before taking enforcement actions; treat urgent payment demands by phone as suspicious and verify independently.
How can I prevent fake invoices from being paid?
Use a documented approval process for payments, verify vendor details, and keep clear purchase records to cross-check invoices before payment.