Business fraud: the scams every business should know about

Fraud is becoming more sophisticated, and businesses of every size are being targeted. Criminals are constantly finding new ways to trick people into handing over money or sensitive information, often by impersonating trusted organisations or creating a sense of urgency.

The good news is that most scams follow familiar patterns – here’s what to spot.

The six most common scams affecting businesses

Authorised push payment fraud

Authorised push payment (APP) fraud happens when someone tricks you into making a payment.

Fraudsters often pretend to be your bank, a supplier or another trusted organisation, creating a sense of urgency to pressure you into acting quickly.

If someone asks you to make an unexpected payment, always stop and verify the request first. 

Account takeover

Account takeover fraud happens when criminals gain access to your online banking.

This often starts with stolen login details obtained through phishing emails, fake websites or malicious software. Once inside, fraudsters can make payments, change account details or lock you out.

Strong passwords, multifactor authentication and individual user access can help reduce the risk.

Invoice and supplier fraud

This is when a supplier appears to email you with new bank details for future payments.

It may look genuine, but if those details belong to a fraudster, your money could end up in the wrong account.

Always verify changes to payment details using a trusted phone number or existing contact before making a payment. 

Impersonation fraud

Fraudsters may pretend to be HMRC or a colleague requesting an urgent payment and make their phone number appear genuine.

Some may even pretend to be your bank and say they need access to your account through remote viewing software to help you with a ‘refund’ – when in reality, your bank would never ask for access to your account.

If you're unsure who you're speaking to, end the conversation and contact the organisation using official contact details.   

Phishing and malware

Phishing emails, texts and fake websites are designed to steal your information.

If you receive an unexpected message asking you to click a link, log in or share personal details, take a moment to check it's genuine before taking any action – even clicking one link could download software onto your computer and hand control of your bank account to fraudsters.

Card fraud

If your business card details are stolen, they can be used to make purchases without your permission.

Regularly reviewing transactions can help you spot suspicious activity quickly and act sooner. 

The warning signs every business should know

Many scams use the same tactics. Be cautious if someone:

  • pressures you to act immediately
  • asks you to move money
  • asks you to approve an unexpected payment
  • requests passwords, PINs or one-time security codes
  • encourages you to install software or stay on the phone while logging in to online banking. 

Legitimate banks won't ask you to move money to a ‘safe account’, share your security details or rush you into making financial decisions. If something doesn't feel right, stop and check.

Five simple ways to help protect your business

A few simple habits can make a big difference.

Verify payment details

Always confirm changes to supplier bank details using a trusted contact method before making a payment.

Keep your login details private

Never share passwords, PINs or one-time security codes, even if someone claims to be calling from your bank.

Give everyone their own access

Avoid sharing online banking logins. Individual access gives you greater control and helps keep your account secure.

Keep your team informed

Fraud can target anyone in a business, not just finance teams. Make sure everyone knows the warning signs.

Trust your instincts

If something feels unusual, stop and verify it before taking any action.

What to do if something doesn't feel right

If you think you may be dealing with a scam:

  • stop engaging with the caller or sender
  • don't use the contact details they've provided
  • contact your bank or the organisation using official contact details
  • report anything suspicious as soon as possible. 

Taking a moment to verify a request could stop fraud before it happens.

Stay one step ahead

Fraudsters are always changing their tactics, but their goal is the same: to rush people to act before they have the chance to stop and think.

By understanding the most common scams and recognising the warning signs, you'll be in a much stronger position to protect your business. When in doubt, pause, check who you’re really talking to and ask questions before taking action.

Previous

Further reading

Scaling AI at Allica: Part II

Debt financing vs equity financing: differences explained

Meet the team: James Harrison on launching cashflow finance at Allica

Meet the team: Harry Lee on the importance of knowing your numbers

cloudfront