Scammers know business owners handle customer payments, vendor relationships, payroll, and sensitive data daily. They continuously adapt their tactics and disguises to deceive. Recognizing scammers’ tactics can help you spot a scam before it’s too late. Here are some of the latest scams and common red flags to watch out for when dealing with unfamiliar requests or offers.
Tips to help spot and avoid a scam: what business owners should know
October 15, 2025 | 5 minute read
The latest scams hitting business owners
Imposter scams
Scammers may impersonate a known vendor and send a fraudulent invoice—often via email—for goods or services you didn’t order. Always confirm any changes in payment instruction, since scammers hope you’ll pay the invoice before realizing it’s fraudulent.
Other criminals may impersonate your bank. They may call claiming an urgent issue requires you to transfer funds to a “new” account. They may even ask you to respond to any fraud alerts as if they’re legitimate or ask you to share an authentication or security code.
Important: A legitimate bank may ask you to enter a one-time passcode or provide account information to verify your identity when you contact them directly. However, a bank will never ask you to share these codes or personal details if they reach out unexpectedly by phone, text or email.
Tech support scam
Scammers often pose as employees of familiar companies and ask you to provide remote access or download an app. They may call, use pop-up screens or send an email to convince you that your device has a virus or that your business is owed money. Regardless of the reason provided, never grant device access or download apps at the request of an unknown individual. Always confirm the identity of someone requesting access by calling a verified number from a trusted source, previous contact or the phone number on the back of your debit or credit card—the number or link they provide could be part of the scam.
Juice Jacking
Whether traveling for business or leisure, you may have used public USB charging stations in hotels or airports to stay powered throughout the day. Recently, there’s been an increase in ‘juice jacking’ — when cybercriminals corrupt public charging stations to install malware on your device. To help combat this scam, avoid public USB ports whenever possible. If you must charge on the-go, bring your TSA-compliant power brick or battery pack. Cybercriminals can exploit unsecured USB connections to install malware on your device. Consider carrying a power-only charging cable, which prevents data from sending or receiving while you’re charging. Also, delay online shopping, and don’t enter any sensitive information into the device that’s charging.
Red flags that signal a scam
If any of the following common red flags are detected by you or your employees, stop and don’t engage. You can attempt to verify if you feel the need to confirm who the person really is by contacting the person directly using a trusted source, such as the phone number on the back of your card or on a bank statement.
You're contacted out of the blue
Unexpected contact via phone, email, text, direct message, or pop-up requesting personal information or money is a major red flag. Your bank or financial institution should never text, email, call or visit you at your home asking for personal or account information. Remember, never click a link or download an attachment from someone you don't know. Additionally, if you’re offered a free product or opportunity that seems too good to be true, it probably is.
You're pressured to act immediately
Scammers often use urgent messages—via phone, email, or text—to provoke emotional reactions and pressure immediate action. Scammers may pose as an employee from a familiar organization, such as your bank, and say there's a problem that needs immediate attention. Don’t act unless you have verified the person who has contacted you and the story or request is legitimate.
You're asked to pay in an unusual way
Be cautious if asked to make payments using unconventional methods such as gift cards, cryptocurrency, prepaid debit cards, or digital transfers—including Zelle®—to resolve fraud.1 Your bank or financial institution should never ask you to transfer money to anyone, including yourself, and should never ask you to transfer money because fraud was detected on your account. Also, never cash a check for someone you don't know. If you authorize a transfer or send money to a scammer, there's often little that can be done to help get your money back.
You're asked to provide personal or account information
Exercise caution if asked to share personal or account details, such as verification codes, bank account numbers, or PINs. A legitimate bank may request this information only when you initiate contact and they need to verify your identity. If someone reaches out to you unexpectedly by phone, text, or email and asks for this information, it’s a strong sign of a scam.
The bottom line
By staying vigilant and familiarizing yourself with these red flags, you can better protect yourself and your business from scams. Trust your instincts and verify unsolicited offers or requests before taking action. Doing so can help you avoid financial loss and emotional distress.
1 Zelle® should only be used to send money to friends, family or others you trust. We recommend that you do not use Zelle® to send money to those you do not know. Transfers require enrollment in the service with a Zelle® eligible U.S. checking or savings account. Bank of America transfers must be made from an eligible consumer or business deposit account. Transactions between enrolled users typically occur in minutes and Bank of America does not charge a transfer fee. We will send you an email alert with transaction details after you send money using Zelle®. Dollar and frequency limits apply. See the Online Banking Service Agreement at bankofamerica.com/serviceagreement for further details. Data connection required. Message and data rates may apply. Neither Bank of America nor Zelle® offers purchase protection for payments made with Zelle®. Please treat Zelle® payments like cash, once you send the money, you are unlikely to get it back – for example, you do not receive the item you paid for using Zelle® or the item received is not as described. Regular account fees apply.
Zelle and the Zelle related marks are wholly owned by Early Warning Services, LLC and are used herein under license.
Explore more
Fraud prevention checklist
Here are some things you can do today to increase your security – and help protect yourself and your business against fraud and scams.
Imposter scams are on the rise: Here’s how to manage the risks
As criminals impersonate trusted figures and set up fraudulent websites, education is the best defense.
Important Disclosures and Information
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.
Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.
Not all materials on the Center for Business Empowerment will be available in Spanish.
Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.
Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.
Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.
Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.
“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.
Investment products: