Common business scams

How your business could be targeted, and what to look out for

All businesses can be the victim of a scam

Below are some of the most common business scams. Read more to understand how to protect your business.

Overpayments Scam

This is where a customer contacts the company to order goods or services and payment will usually take the form of a cheque or draft.

Following payment, the customer gets in contact to reduce or cancel the order, or to advise that an error has been made, e.g. purchase prices has been added to the shipping cost, and requests an urgent refund.

The company, who are keen to build a strong relationship, processes the refund quickly and return it using an electronic payment.

In due course, the original cheque or draft is returned unpaid because it’s fraudulent. The company who has refunded the amount ‘overpaid’ is therefore left out of pocket. Businesses should be careful:

Of a new customer making an unusually large order

When the payment method differs from what was previously discussed (for example, if payment is made by cheque when an electronic transfer had been expected)

If the buyer makes a payment above the asking price, regardless of the reason given, and demands that the overpayment is returned electronically

Of being are put under pressure to release goods/funds without undertaking essential checks

Businesses should always ensure that a credit to its account cannot be returned before any goods or funds are released

Bogus boss


Ransomware is a form of malicious software that gives criminals the ability to lock a computer from a remote location - then display a pop-up window informing the owner that it will not be unlocked until a sum of money is paid. We recommend you follow these simple steps to avoid ransomware.

  1. 01

    Never click on links or attachments in suspicious emails or text messages.

  2. 02

    Only visit websites you know are trusted and safe 

  3. 03

    Ensure you have effective and updated antivirus software and firewall running before you go online.

  4. 04

    Regularly back up all your data, including to a USB-connected device stored remotely from your computer. This is because some ransomware can also infect your cloud-based storage.

Change of bank details scam

What is it?

Fraudsters may initially contact a company and ask for a contact name who they can send an invoice to. A request will be sent (this will appear in order and seemingly from a known supplier, contractor, etc) advising you that they have changed their bank account details used to receive regular payments. The fraudster has changed the account details to a bogus account which doesn’t belong to the person you think you are paying.

The details for the Company Secretary, Finance Director or other officials, including their signature, will appear correct. This information has likely been copied from the company’s Annual Report and/or web site.

How to fight against it:

Email addresses used by the fraudsters are very similar to the genuine suppliers, contractors and other third parties.

Undertake an independent check with the company who is asking for their bank details to be changed, using a known contact telephone number and not the one on the request. Also do this for any new payments to be set up.

Don’t publish your bank account details on the internet (the site may get cloned and genuine customers may end up sending money to a fraudster).

Ensure that information is not disclosed to third parties who are not entitled to receive it or who cannot be suitably verified.

Blue and pink illustration of a wallet and bank cards

Other common scams

Fraudsters will stop at no end to try and scam you out of your money. Common techniques include Vishing, Phishing and Smishing. These can affect both businesses and personal customers and are covered in our central fraud guides. 

Blue and pink illustration of a laptop, an envelope and coins

Need to report fraud?

If you think you've been a victim of fraud, we are here to help. 

Useful downloadable links

Little book of cyber scams

Anything else we can help with?