Protect your business from 5 common scams

January 22, 2024 | 4 minute read

As a business owner, chances are you wear many hats. While you’re focused on your customers, employees and the bottom line, it’s easy to overlook things that can make you more vulnerable to scams.


A scam or cyber incident could be devastating to your bottom line, not to mention the cost of losing your customers’ trust if their personal information is compromised. That’s why it’s important to establish and train employees on business security measures to minimize vulnerabilities, keep business operations running smoothly and, ultimately, to maintain customer confidence in your reputation.


Here are the top five scams targeting businesses and tips to help you protect yourself and your company.


1. Business email compromise

Cyber criminals will try to harm your business by sending phishing emails to your employees. The criminal will typically use a compromised or fake email address that appears to come from a legitimate source such as a senior executive or a familiar vendor to trick you into changing account information or conducting a fraudulent financial transaction.


Scan for suspicious emails

Invest in a strong antivirus software program and other security software that can flag suspicious emails. Also, make sure email addresses are spelled correctly or can be verified through alternative methods like a known good phone number.


Keep employees informed

Create a detailed cyber awareness program that’s specific to your company’s needs. You can start by using the Federal Communications Commission’s online cyberplanner tool. Then educate employees and regularly update them on cyber security best practices like changing passwords often and using secure and complex configurations.


2. Ransomware

Cyber criminals infect your computers, mobile devices and networks with ransomware, a type of malware that locks out users until you pay for the release of the data or return of service.


Update systems

Avoid clicking on links or attachments from untrusted sources because they may contain malware, which infects your device to capture personal and financial information. Update your company’s computer and security software systems regularly with the latest malware and virus protections. Also, encrypt mobile device data and make sure people with access to your records and finances use only company-approved devices.


Back up data

Back up data often, and consider storing your company data on multiple media types and at least one that’s off network. To keep that data protected, remember to secure and monitor your network to deter unauthorized access or theft.


3. Internet sales

Cyber criminals set up fake online businesses that claim to help you run your company more efficiently, such as by offering small business loans or products that can help your brand stand out on social media. They may also ask for payment via untraceable methods such as a wire transfer or gift card.


Do background checks

Verify that companies you work with are who they claim to be by doing your own background check (does it list partners or other businesses it has worked with that you can contact?) and confirm that it has a real physical address and phone number.


Get references

Before working with a new vendor or business partner, talk to peers in your industry to see if they’ve used the company. You can also check the Better Business Bureau’s scam tracker.


4. Fake invoices

Similar to a business email compromise, an unknown company sends an invoice that appears to be for something critical or from a regular vendor. What’s really happening is the criminal hopes you’ll be too worried or busy and that you—or your employee—will pay the invoice immediately.


Verify invoices before paying

Don’t blindly pay the invoice. Take the time to verify that services or items were actually ordered and fulfilled by the billing company. Also, consider limiting the number of employees with access to records and finances as much as possible, as well as requiring multiple users to initiate and approve transactions.


Look out for phishing attempts

As with other scams, remind your employees about email security best practices so that they don’t click any “Pay now” links in the email or download suspicious invoice attachments. Also, double check that the invoice is not a spoof, or impersonation, of a vendor, regardless of whether you’ve used that vendor before.


5. Overpayment of goods

Your company receives an overpayment for an item you’re selling, immediately followed by a request to deposit the check (which turns out to be a bad check) and then send them the difference via a wire transfer or gift card.


Consider the request

Be suspicious if someone varies from the normal way to pay for goods, such as via wire transfer.


Assign financial responsibility

Just like with fake invoices, decide if more than one person should be required to approve financial transactions (segregation of duties is a key best practice for businesses of any size), and use a dedicated machine for processing payments. It’s also a good idea to require multiple-person approvals for account and financial change requests.

Important Disclosures and Information


Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.


Not all materials on the Center for Business Empowerment will be available in Spanish.


Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.


Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.


Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.


Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.


“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.


Investment products: