Scams happen when criminals deceive people to steal their money or personal information.

Scams can happen to anyone, and small businesses are often targeted through fake investment opportunities, invoices and ads. Scammers also impersonate real small businesses to defraud them and their customers. While scammers are sophisticated criminals, there are some simple steps you can take to protect your business and stay safe.

On this page

Common scams to watch out for

The more your small business knows about how scammers work, the easier it is to spot the warning signs.

Investment

If you’re looking to make money through investing, be careful. Small businesses lose more money to investment scams than any other type of scam.

Scammers create all kinds of fake investment opportunities. They can use websites, advertisements and financial documents. They can even set up fake investment platforms that look and function like real trading apps, showing fake market data and profit growth. They look legitimate, even to experienced investors.

Learn more about investment scams.

You can also visit the Moneysmart website for more information on investment scams.

Business email compromise

In a business email compromise scam, a scammer pretends to be a business or person you know via email and asks you to pay money to an account they control. Small businesses are often targeted with emails that include:

  • an invoice you were expecting from a client or supplier, but with altered payee and contact details
  • a request to transfer a large sum of money out of the business’ accounts, claiming to be from the owner or senior staff.

Learn more about business email compromise scams.

Learn how small businesses can protect against business email compromise scams on the Australian Signals Directorate’s Australian Cyber Security Centre website.

Buying and selling

Scammers pretend to buy or sell products and services to steal your money. They use fake websites, ads and reviews and create profiles on real retailer sites.

Scammers often target small businesses by:

  • requesting payment for directory listings, advertising and domain name renewals you didn’t order
  • offering low prices on products and services you need, such as bulk office supplies and cleaning products.

It can look like a great deal for your business, but it’s not. The scammers will steal your money, and you won’t get anything.

Learn more about buying and selling scams and how to stay safe.

Phishing

Phishing is when scammers impersonate trusted people and organisations to deceive you into giving personal information, such as a bank account number and password or your business’s payment security procedures.

Scammers make phone calls, send emails, texts, or messages and even create fake websites.

Scammers often claim to be:

  • a bank checking suspicious activity or transactions
  • a service provider verifying customer records due to a technical error
  • a supplier running a customer survey
  • an employer or colleague urgently needing help.

The communications look real, using official logos, branding, and professional language.

Once scammers have your information, they’ll use it to access your accounts and information or pose as your business in other scams and fraud.

Learn more about phishing scams and how to stay safe.

Money recovery

Scammers contact people that have already been scammed and had money stolen and offer to help them get their money back.

They pretend to be trustworthy parties like government agencies, lawyers or charities. They’ll offer to help recover stolen money for a fee, a percentage of the stolen funds or a tax payment.

You won’t recover any stolen money, and the scammers will just steal more money from you.

Learn more about money recovery scams and how to stay safe.

Business impersonation

In a business impersonation scam, scammers steal the name and branding of a real business to scam their customers.

Scammers impersonate businesses by creating fake business websites and social media profiles. Sometimes they use technology to make their phone number, email address or SMS user ID look the exact same as one belonging to the business. This is called spoofing.

If your business is impersonated by scammers, you may suffer brand damage and loss of consumer trust and confidence.

Learn how to protect your business and customers from business impersonation scams.

Methods scammers use

Scammers rely on 3 core tactics: impersonation, urgency and emotion. Recognising how scammers use these tactics with all scam types will help you spot scams.

Learn more about the common methods scammers use.

How to protect your business

Stop. Check. Protect.

Learn the steps you can take to keep safe from scammers and what to do if you think you’ve been targeted by a scam.

Stay up to date on the latest scam tactics

Subscribe to our scam alert emails to receive updates about new scams and scam trends.

Additional small business scam resources

eInvoicing

Consider using eInvoicing to reduce the risk of fake invoice scams. It’s a standardised, easy and secure way to send and receive invoices directly between suppliers and buyers software. Your existing invoicing software may have eInvoicing capability.

Small Business Cyber Resilience Service

IDCARE, the national scam, identity and cyber support service, delivers the Small Business Cyber Resilience Service. This is a free program for businesses that have 19 or fewer full-time equivalent employees, not including the owner, are registered in Australia, actively trading and have a valid ABN.

Cyber Wardens

The Cyber Wardens program, delivered by the Council of Small Business Organisations Australia (COSBOA) empowers small business owners and their employees to become the first line of defence against cyber threats.

Cyber Health Check Tool

The Australian Cyber Security Centre's Cyber Health Check Tool is a free and anonymous security assessment for small businesses. Answer simple questions and get a custom action plan to help you strengthen your businesses cyber security defences.