Millions of pounds are now being lost by businesses and individuals to scams every year in the UK and fraudsters are becoming increasingly sophisticated.

But there are steps you can take to protect yourself and your customers, and avoid losing hard-earned cash.

Here are four types of scams that small-business owners might come across. We also show you the actions you can take to prevent fraud.

Get a profile on our website, full access to Which? advice and reviews plus a host of other benefits when you become a Which? Trusted Trader.

Authorised push payment (APP) scams

Through APP scams, your customers may be duped into transferring money to criminals instead of paying you.

The fraudsters will impersonate you and tell your customer that you’ve changed your bank details. They’ll ask your customer to transfer future payments to a new account, which actually belongs to the criminals.

You can help to protect your customers by taking these actions:

  • Provide invoices and bank details to your customer in person where possible, to prevent details being intercepted by criminals.
  • Use secure passwords for your email accounts. Password-manager tools can help to create and store complex passwords for you.
  • Warn your customers to be suspicious of any emails, letters or calls saying that you’ve changed your bank details. Ask them to contact you directly, in person or over the phone (using a number they know is safe), if they receive any requests.
  • If your customer thinks they’ve been the victim of an APP scam, tell them to contact their bank to report it as soon as possible, and follow our advice to try to get their money back.

Invoice scams

Mobile and laptop screens showing computer code

Invoice fraud involves a criminal pretending to be from one of your suppliers, asking you to change the bank details you use to pay it.

These scams can be very sophisticated, and the criminals can find out real invoice and payment details to make their request look genuine. They can spoof emails from the supplier or may even have hacked its email system.

But the ‘new’ bank details they give you will actually be for an account controlled by the scammers.

To avoid invoice fraud, follow this advice from the government-backed Take Five campaign:

  • Always confirm any bank account details with the supplier directly, either in person or over the phone, before you transfer any money.
  • Don’t use the contact details in an email, as they may have been changed by the scammers. Instead, check the company’s official website to find out how to get in touch.
  • If you’re making a payment to an account for the first time, transfer a small sum first, then check with the company that it’s arrived (using contact details you’re sure are genuine).
  • Contact your bank straight away if you think you’ve been a victim of fraud.

Read more advice for businesses from the Take Five campaign.

CEO scams

This is when scammers send an email posing as the head of a company, asking staff to make an urgent payment outside of normal procedures.

The criminals might create a spoof email that looks like the real deal, or even hack the boss’s real email account to send the request.

If the member of staff transfers the money, they’ll be sending it straight to an account controlled by the criminals.

To avoid this scam, make sure all staff in your business know to:

  • always check unusual payment requests with the boss directly, ideally in person or over the phone
  • be suspicious of any request to make a payment outside of usual processes
  • be cautious about any unexpected emails or letters requesting urgent bank transfers, even if it seems to have come from within the company
  • contact your bank straight away if you think you’ve been a victim of fraud.

Email scams

Links to inbox and spam folders in an email account

Email scams, also known as phishing scams, are becoming increasingly common as fraudsters try to trick you into providing information or downloading malicious software.

They can even create emails which appear to be from the bank your business uses, or another organisation that you trust.

If you have any doubts or concerns about an email, don’t follow its instructions. Instead, contact the organisation directly for advice.

For more advice, read the Which? guide 10 steps to spot an email scam.

Other types of scams

As technology becomes more advanced, scammers are finding increasingly clever ways to try to part us from our cash, either through businesses or our personal lives.

But knowing what to look out for can help you to stay safe.

Read tips from our consumer rights experts on the other types of scams you might come across.

More on this