Suffering a financial hit can be crippling for a small business, yet sadly, SMEs are particularly vulnerable to being targeted by scammers.

With so many communication tools available, scams are becoming more sophisticated and prevalent every year. In fact, according to research, nearly half of SMEs (44 per cent) have found themselves a target of scammers and almost one in four (23 per cent) have become a victim.

With SMEs facing a higher level of risk than ever before, Tony Mills, director of Online Tax Rebates offers his key insights to help your business stay safe in increasingly uncertain times and how to avoid scams…

Getting to know the scammers

To be one step ahead, you need to keep up to date with the current business fraud landscape.

The unfortunate truth is that any business can become the target of fraudsters, made easier by the fact scammers can depend on a wealth of information about your organisation listed on publicly-accessible websites, directories and Companies House.

Criminals can also utilise the clearing cycle (common for conventional business-to-business payments via cheque and bank drafts) to try and persuade companies to refund a payment to them before the original funds have cleared.

Many fraudsters are also shifting their focus to business tax, tricking unwitting victims with the tempting promise of a rebate. Scammers will send out emails that appear to be from legitimate third-party tax rebate providers (or HMRC) about a potential refund that your business might be eligible for. After, you will find yourself directed to an external website where you will be asked to fill out a form designed to get you to divulge sensitive information.

Unfortunately, by completing this form, you will be passing information on to criminals who may sell or use it to defraud you out of business funds. To prevent this, you should never disclose any personal or payment information to companies you haven’t approached personally or to HMRC (who will only contact you via post or through your employer).

Keep alert

When it comes to the way we communicate, there have never been more options available. There’s now post, email, telephone, website forms and social media to contend with.

With more communication channels, fraudsters can now target SMEs in numerous ways. For instance, scammers are still using traditional methods like the post (for invoices and cheques) to deceive businesses.

They will also telephone companies and request a contact name whom they can send the invoice to, often posing as a supplier. A written request is then sent advising you that they have changed the banking details used to receive regular payments.

Make sure you undertake an independent check with the company asking for their bank details to be changed using a recognised telephone number, not the one used in the letter.

It’s also good practice to never publish your business’ bank account details online in case the site is cloned and your customers or suppliers become a victim of fraud.

SMEs also need to be careful of how they use social media, with scammers now embracing increasingly elaborate ‘phishing’ scams to help convince social media users their account has been deactivated and prompting them to ‘log on.’

Most scams like these are usually delivered via email with another company’s branding and email address. Look for small formatting or spelling mistakes, dodgy security certificates (secure sites should feature a padlock in the browser address bar) and contrived email addresses to spot a fake.

Be prepared

As well as keeping up-to-date with the scam landscape, it’s also vital you make sure any employee on the front line of communications (answering the phone, collecting mail and answering emails) is informed about the ways scammers might attempt to trick them.

Encourage your team to routinely update their passwords every couple of months and use long ‘passphrases’ with random words with spacing as opposed to one-word passwords to make your data less vulnerable.

You can even activate multi-factor authentication and password encryption software onto every online account, to add an extra layer of protection.

It’s also important you consider the possibility of an internal threat from an employee. Make sure no one person has full control over all the accounting duties in your business.

Ensure you have graded permission controls in place that only let employees access the company data they crucially need.

Report it

It’s important to remember any business (no matter how big or small) can fall foul of resourceful scammers.

Unfortunately, many SMEs do not report instances of fraud because of fears about lasting damage to their reputation.

However, should the worst-case scenario occur, make sure to report the scam. If your company has lost money due to fraud or you receive any dubious communications, report it to Action Fraud, the national fraud and cybercrime reporting centre.

Being informed is the best method of defence, so keep yourself (and your staff) updated on all the latest tricks around if you want to safeguard your business from increasingly sophisticated scamming techniques.


By Tony Mills, director, Online Tax Rebates