How to Identify Small Business Scams: Phone, SMS, Email, and More

Published
Fruad Alert! Scams - Stay Safe

Executive Summary

  • The scammers are evolving. With the mass shift to digital channels, especially since the global pandemic, scams are becoming more and more widespread.
  • While individuals are being targeted in record numbers, businesses of all sizes are likewise falling victim to these nefarious attempts.
  • In this guide to common small business scams in the UK, we’ll help you recognise (and avoid) these scams across channels, including phone, SMS text, and email.

Introduction

Have you noticed an increase in the number of potential scams you’re seeing recently?

If so, you’re not alone.

While text message scams from scammers posing as the Royal Mail and couriers like Hermes are wreaking havoc on individuals at the moment, small businesses are certainly not immune.

Whether you’re a business owner, manager, or employee, it’s remarkable how convincing these scams can be — but falling for them can spell disaster for the company. From client data being compromised to money being stolen, the consequences can be severe and long-lasting.

But forewarned is forearmed.

So, let’s review some of the most common scams targeting small businesses today – and how you can identify and avoid them.

Telephone scams

You might assume that, because today’s small business culture is so focused on digital, that scams via telephone would become less prevalent. The truth is that they simply became part of a larger landscape – they’re still very much a problem for many small businesses.

Here are the most common telephone scams that UK businesses might encounter today:

  • As we covered in a previous article on IT support scams, the most common form of telephone-based scam is tech support. Essentially, a person will call the business claiming to be from a technology company (usually Microsoft), then entrap the user in a string of falsehoods leading inevitably to a paid service. Of course, it’s all an illusion and all they’re really doing is stealing from your business.
  • The oddly named “Wangiri” scam works by calling a phone line, but only long enough to leave a missed call on the target’s phone. The idea is that the victim will innocently phone the person back, unaware that they’re being connected to a premium-rate phone line.
  • Auto-diallers are an older problem, but they persist even today. Scammers will set up software which automatically dials a number, then plays a pre-recorded message which seems to be a genuine conversation. If a victim answers and responds to the auto-dialler, they’ll then be forwarded to a real person who will proceed with the swindle.

In terms of avoiding falling prey to telephone scams, the best advice we can give is to trust no one. If something feels like a scam, it probably is. You can also carry out due diligence by pasting any unknown phone number into a search engine to check if it’s been reported as a scam in the past. It’s also a good idea to avoid calling back any number which doesn’t leave a message – especially if it’s not a local or UK-based number.

Finally, if anyone calls claiming to be from a bank or technology company, always tell them you’ll call them back on their official number. For example, in the case of banking institutions, their customer service numbers are usually printed on the back of your bank card. Any genuine company will understand and agree to this with no argument – whereas a scammer will do all they can to keep you on the line.

SMS text message scams

There has been a spate of SMS text message scams in recent times, and it’s easy to see why.

Scammers have easy access to software which can send out text messages en-masse for very little cost. They simply put together a quick message claiming to be from a well-known business or service, then add a link which usually requests payment for a time-sensitive problem.

The most common SMS text message scams recently have been from delivery couriers and the Royal Mail, but they can take many forms – including banks and even the HMRC. For the unaware, including those using business devices, it can be easy to assume these are legitimate and so end up sending money right into the scammers’ pockets.

Here’s our advice when it comes to wheedling out the real texts from the fake ones:

  • Be on the lookout for hyphens. One thing scammers can’t replicate is the web address (URL) of the businesses they’re impersonating. For this reason, they’ll usually use something like ‘royal-mail-delivery’ or ‘hmrc-tax-office’ in their links. Almost none of the big businesses use hyphens in their URLs, so this is a big red flag.
  • Do some due diligence. Again, the URL can be your friend here. Simply go to your favourite search engine and type in the URL from the text message. If it’s real, you’ll probably see the company’s website near the top. If it’s fake, you’re likely to find a bunch of reports about the scam.
  • Report scams in seconds. One of the most important things anyone can do when it comes to tackling SMS scams is to always report them whenever they appear. It’s free and takes mere seconds. All you have to do is forward the text message to 7726 (‘SPAM’ on your keypad) and it’ll be reported and logged as a potential scammer. Doing this will protect you, your business, and others from future attacks.

Email scams

Let’s face it: email scams have been around as long as the internet. For that reason, many users – and cybersecurity software solutions – have become very savvy at spotting these scams.

Phishing scams which rely on social engineering still exist, as we’ve covered in some depth with our Plain English Guide, but in more recent times fall under the broad umbrella of Business Email Compromise (BEC) attacks.

BEC attacks target businesses where it hurts most: their finances. Through a variety of tactics, including spear-phishing (targeting very specific employees via email) or CEO fraud (impersonating an executive-level employee), BEC attacks can successfully extract big money from businesses.

No business is immune from these attacks – as evidenced by what happened to Dublin Zoo in 2017. In this case, scammers created credentials, including email addresses, which mirrored those of a business the zoo had worked with before. They then told them that their bank details had changed and, through social engineering, managed to redirect €500,000 from Dublin Zoo to their own bank accounts. Most of the money was recovered, but it’s a sobering tale for any business.

Whether email scammers pose as trusted customers, internal employees, or anyone else, the goal is always the same: to extract money fraudulently. For that reason, an excellent way to combat email scams is to implement multi-stage approvals for any invoice payment, so that money isn’t just released, but instead has to be verified.

Likewise, it’s a good idea to look into advanced solutions such as Microsoft Defender for Office 365 Plan 1, which delivers a number of cyber-protection features designed to protect your business from email-based attacks.

A word about social media

While it’s generally less of a problem for businesses, it’s still worth briefly mentioning social media scams.

If your employees spend time managing social profiles on LinkedIn, Facebook, Twitter, and so on, there is always a risk that they could fall prey to a social media scam and end up exposing critical business information. Even on social media, you’ll find scammers posing as professionals in an attempt to compromise your business – and this is especially the case with professional networks like LinkedIn.

While some of this will be out of your control as a business owner, it’s always a good idea to recommend that your team enable two-factor authentication for their social media profiles. Likewise, sharing with them the most common social media fraud techniques should help them avoid the most likely pitfalls.

Need help busting the scammers before they strike?

At Get Support, we’re dedicated to delivering flexible, reliable IT support to businesses across the UK. But we don’t stop there – we’re also passionate about improving cybersecurity, preventing data breaches, and – of course – stopping the scammers.

If anything you’ve read in this guide has you thinking about any other aspect of your company’s digital defences, we’d love to talk more about how we can help. From full deployments of advanced threat detection systems to ongoing IT support agreements, there’s a lot to explore.

Want to discover exactly how we could help your specific business? Call the team today on 01865 59 4000 and we’ll give you an IT support plan tailored for the way you work. No time to talk? Fill in the form below and we’ll be in touch soon.

Latest From The Blog

Microsoft 365 Copilot Wave 2: What You Need to Know

In September 2024, Microsoft announced Wave 2 of Microsoft 365 Copilot, and with it, lots of fresh new ways to supercharge your working day with AI.

Microsoft is Finally Killing the Control Panel… Or Is It?  

Microsoft is finally saying goodbye to the Control Panel in favour of the Settings app. But is there more to this story than meets the eye?

A Fond Farewell to Microsoft Publisher

After a 33-year career, Microsoft announced that Microsoft Publisher will finally reach end of life status in October 2026.