Recognizing common scams can help you reduce the risk of your business being compromised. Fraud is on the rise with cybercrimes becoming more sophisticated and online schemes that appear authentic posing a risk to small business owners. Therefore, it is important to stay vigilant to help protect your business from increased fraud risks.

To help keep your business information secure and avoid fraud, ensure that you and your employees know how to recognize and avoid scams and cyber threats. Here are some of the most common targeting small businesses:

Business Email Compromise (BEC): Occurs when a cybercriminal sends an email with urgent instructions using an email address or text message that looks like it's from an executive from your company, a trusted business partner, or vendor. These criminals do this to attain passwords that can allow (or give) them access to your business account information or falsify an invoice to get someone from your business to send them a payment.

Some tips to reduce BEC risk:

  • Establish a company policy that prohibits sending sensitive information or requests for money by email
  • Always verify and validate the authenticity of payment requests and changes to payment instructions received by email. Verify the request using a different method of contact
  • Do your research to help ensure you are working with a legitimate vendor or organization

Phishing: This occurs when cybercriminals pose as a legitimate organization, sending emails or text messages that lure a potential victim into disclosing sensitive data such as passwords, personally identifiable information, or bank account details.

Here are few tips on how to avoid phishing scams:

  • Avoid clicking on links or opening attachments from suspicious or unknown email senders
  • Keep your antivirus software and firewalls updated regularly
  • When possible, use separate devices for your work activities and personal activities to reduce the risk of exposing your business information to phishing attacks

Account Takeover: This can take place when cybercriminals use your credentials to gain access to your business account, enabling them to make unauthorized transactions, which can include transferring funds, adding fake employees to payroll, or stealing sensitive customer information.

Some best practices to help reduce account takeover risks:

  • Never use unsecured public Wi-Fi connections. Hackers wait for potential victims on these connections
  • Never give out passwords, IDs, or other authorization credentials to anyone, including employees
  • Ignore pop-ups and links in suspicious messages seeking your online banking sign on credentials
  • Be wary of unsolicited calls, including those allegedly coming from your bank, to assist you with sign on issues you did not report
  • Use unique passwords when logging into websites

Fraud attacks are inevitable for most businesses. Stay vigilant to protect your business against fraud attacks.

Business insights from experts

Discover our comprehensive resource library, offering guidance and information to help you start, run and grow your business.

Wells Fargo Works for Small Business®