Scams to watch out for to protect your business

Scams To Watch Out For To Protect Your Business In this article

Falling victim to a scam can be devastating – both personally and financially – and fraudsters are coming up with ever more sophisticated ways to get their hands on your money.

More than £1.2bn was stolen through fraud in 2022, according to the latest data from industry body UK Finance. Although this was less than in 2021, it’s still a staggering amount – the equivalent of over £2,300 a minute.

But if you know what to look for, there are steps you can take to protect yourself and your customers, and stop hard-earned cash being stolen.

Here are four types of scams you might come across as a small business owner. We also explain what you can do to avoid them.

Authorised push payment scams

Over £485m was lost through authorised push payment (APP) – or bank transfer – scams in 2022. These are where you are duped into transferring money to a scammer pretending to be someone else, such as a trusted organisation like your bank or HMRC.

Your customers could even be targeted by someone impersonating you, a scammer convincing them to transfer money to their bank account instead of yours.

You can help to protect you and your customers by taking these steps:

  • Be wary of any unexpected requests to make a payment. Contact the company or organisation directly (using a phone number you know is safe) to check whether the request really came from them.
  • Provide invoices and bank details to your customers in person where possible so they can be sure they’ve come from you.
  • Warn your customers to be suspicious of any emails, letters or calls saying you’ve changed your bank details. Ask them to contact you directly if they receive anything that looks suspicious.
  • If you think you’ve been the victim of an APP scam, contact your bank to report it as soon as possible – as well as the bank you sent the money to – and follow our advice to try to get your money back. Advise any customers who’ve become victims to do the same.

Invoice scams

Invoice fraud involves a criminal pretending to be from one of your suppliers. The scammer will ask you to change the bank details you usually use to pay the supplier so they get the money instead.

These scams can be very sophisticated, and the criminals can find out real invoice and payment details to make their request look genuine. They can intercept emails, spoof emails from the supplier or even hack into its email system.

To avoid invoice fraud, follow this advice from the government-backed Take Five campaign:

  • Always confirm any bank account details with the supplier directly before paying, either in person or over the phone, and check them against any details you’ve used previously.
  • Don’t use the contact details in an email, as they may have been changed by the scammers. Instead, check the company’s official website to find out how to get in touch or use a phone number you already know is genuine.
  • Be wary of requests to make payments using a different method to the one you usually use to pay the supplier.
  • If you’re making a payment to an account for the first time, transfer a small sum first, then check with the company that it’s arrived (using contact details you’re sure are genuine).
  • Regularly check your bank statements to look for any suspicious payments.
  • Contact your bank straight away if you think you’ve been a victim of fraud.
  • Read more advice for businesses from the Take Five campaign.

CEO scams

This is when a scammer sends an email posing as someone’s boss or another senior manager, asking them to make an urgent payment or change the bank details they use to pay a supplier.

The criminals might create a spoof email that looks like the real deal, or even hack the boss’s real email account to send the request.

If the member of staff transfers the money, they’ll be sending it straight to an account controlled by the criminals.

To avoid this scam, make sure all your staff know about CEO scams and to do the following:

  • Always check unusual payment requests with you directly or with the company they’re told is requesting any changes. Do this over the phone using a number they know is safe.
  • Be suspicious of any request to make a payment outside of usual processes.
  • Be cautious about any unexpected emails or letters requesting urgent bank transfers, even if it seems to have come from within the company.
  • Let you know straight away if they think they’ve been a victim of fraud so you can contact your bank.

Companies House scams

A scammer contacts you via a telephone call, email or letter pretending to be from Companies House asking you to make a payment or provide personal details.

In a scam telephone call you may be told you need to pay a late filing penalty, or asked for your authentication code or directors’ details, such as their dates of birth.

Scam emails may have documents attached or ask you to enter your authentication code, or you may be sent a fake complaint about your business or request to correct information. Some also ask you to click on a link to download a document or verify your identity.

Fake letters include ones asking for payment for company registration, from prosecuting solicitors asking for payment to clear an unpaid invoice or claiming you need to make payment for Enhanced Web Filing Access.

To avoid Companies House scams, follow our advice:

  • Don’t make payments or provide personal information over the phone to someone claiming to be from Companies House.
  • Never provide your authentication code over the phone.
  • If you receive any suspicious calls from someone claiming to be from Companies House, try to get the caller’s return telephone number and contact Companies House on 0303 1234 500.
  • Be wary of any email that appears to be from Companies House and don’t click on any links, open any attachments or reply to it.
  • Forward any suspicious email to then delete it.
  • Visit for more on Companies House scams and what to do if you spot them.

Other types of scams

Email scams, also known as phishing scams, are where fraudsters try to trick you into providing information or downloading malicious software. For advice on how to avoid them, visit 10 steps to spot an email scam.

You can also read our guides to different types of scams to find out more.

What you can do next