Home » Blog » Protecting your small business from scams

Protecting your small business from scams

Protecting your small business from scams | Prospa

From fake invoices to your data being held hostage, small businesses face a number of threats. Here are some common scams to watch out for.

“Small businesses are a popular target for scammers,” says Prospa’s Cyber Security Manager, Charn Tangson. “While you may think you’re not big enough to be a target, in reality it’s often easier for a criminal to scam 50 small businesses than one or two large ones.”

Also be prepared that scammers can be more active at certain times of the year, particularly when they know small businesses are going to be busy.

“Specific times of the year may be higher risk, such as when you’re doing your quarterly BAS, EOFY and Christmas,” says Charn.

“Cyber criminals tend to take advantage of lack of time as well as certain activities (like a tax refund) to craft personalised scams.”

So, to protect yourself, you need to know the risks. Charn shares some of the top small business threats and scams to watch out for:

Fake invoices, bills or refund requests

Receiving invoices and bills online is a common thing for many small businesses. However, all may not be what they seem. Attackers are frequently crafting invoices that may be incredibly similar to ones usually received by your business, but are fake and direct funds to a different bank account. They also might send you an email telling you you’re due a refund because you’ve overpaid.

These emails can happen if your supplier has been hacked or it may just be an educated guess. And if your supplier has been hacked and you click on the link, you may have just let hackers into your system.


If you click on a malicious link in an email containing a fake invoice, for example, or on a website that’s been hacked, you may download malicious ransomware to your computer and the entire system. Ransomware essentially encrypts all of the files on your computer and holds them hostage until you pay money to unlock it. And, of course, there’s no guarantee they’ll be released.

False awards or directories

You’ve no doubt heard about this or experienced it for yourself: “Congratulations, you’ve been nominated for the ‘best small business award’! Just pay $500 to enter…”

Emails or calls letting you know you’ve won an award or your listing is missing from a major business/contact directory that all of your competitors are in are relatively common.

To win an award, you need to enter or be nominated in the first place. Any payment is made at the time of entry, rather than when you’ve won. So, as nice as it is to hear, take it with the proverbial pinch of salt until you know it’s genuine.

If you’re asked to pay for a directory listing, sometimes the directory doesn’t exist – or if it does, it’s likely to be ineffective. Make sure you do your research.

False threats or extortion

Along similar lines are emails claiming you’ve broken laws or regulations – it could be anything from fake parking tickets to unlicensed software. Also common are recorded phone calls purporting to be from the ATO telling you you’re in breach and threatening legal action, with a request to call back on the number that called you. Don’t.

Fake services

From SEO experts to business consultants, there are many people out there trying to get your money. And some of them may be well worth it. Others, however, are not.

So, if you’re approached by anyone offering services to help your business, make sure you do your research, speak with their clients and only pay once they’ve delivered. And, if it’s a service you genuinely need, approach others to quote on the job to ensure what you pay is fair market price.

Tips to minimise your scam potential

  • Never click on a link to pay or open the invoice until you’re certain it’s genuine.
  • Check the send email address is from the domain it should be from and check the bank details are the same as they usually are.
  • If you need to query the invoice, use the phone number on the sender’s website, not on the invoice. If it’s a fake, the number will go through to the scammer, pretending to be from that business.
  • Always backup your data to a second location. In the event of a ransomware incident, you will have peace of mind that there is at least one fallback to recover your systems and data.
  • Always question services and emails before actioning – if in doubt, call the sender to verify the legitimacy.
  • Always research companies offering awards, directories or services.

Sign up to the Prospa Blog Newsletter for more tips and tricks delivered straight to your inbox.

Primary CTA illustration
Need funding to help beat 2020? Get back to business with no repayments on business loans for the first 6 months.
Apply now
Primary CTA icon
Need funding to help beat 2020? Get back to business with no repayments on business loans for the first 6 months.

The information in this post is provided for general information only and does not take into account your personal situation. You should consider whether the information is appropriate to your needs, and where appropriate, seek professional advice from financial, legal and taxation advisors. Although every effort has been made to verify the accuracy of the information as at the date of publication, Prospa, its officers, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy, or omission from the information for any reason, including due to the passage of time, or any loss or damage suffered by any person directly or indirectly through relying on this information.

Keep reading

Restarting your back to business momentum

14 July 2020 | 4 min read

The COVID-19 shutdown took the wind out of the sails of many businesses. As Australia reopens, how can you ensure cash flow issues don’t keep you in the doldrums?

View more

Business finance: Last century lending vs today

11 February 2020 | 1 min read

More and more small businesses are ditching the old way of borrowing. Here’s why and what’s changed about business finance this century.

View more

How to improve your credit score

22 January 2020 | 4 min read

A poor credit score can be a handbrake on your business, limiting your access to finance or making it more expensive. Here’s some tips on how to improve your credit score.

View more

Subscribe to the Prospa Blog

Be inspired! Sign up to Prospa’s newsletter to receive tips, tools and small business success stories straight to your inbox.