How to Protect Your Business from Online Scams

Cases of scams have been rife since the pandemic took hold, with fraudsters looking to take advantage of unsuspecting businesses and individuals. From emails mimicking HMRC, to investment fraud and purchase scams, there really is so much to put you on your guard. Here we are summarising the most prevalent scams to look out for to help you stay safe when doing business.

Invoice redirection scams

Fraudsters are hacking business email accounts then sending emails that look like they are from the finance department, advising suppliers that their payment details have changed. The supplier then pays any outstanding invoices to the fraudster's bank accounts instead of the legitimate ones.

This is a very sophisticated fraud, with the perpetrators taking time to research the best contact to approach to request the change of bank details, making the whole thing look as authentic as possible.

Look out for any communication that asks to make all future payments to a different account number and sort code. Check anything of this nature by calling your regular contact at the company, rather than any contacts named in the email. Never update any payment information unless you are completely sure it is a genuine request. Remember that if you do make a payment to a bogus account, you will still be liable for the invoice amount and will still need to settle that with your supplier.

Where the facility exists with your bank, enable dual authorisation for payments and changes to payments so that a second user has to approve the transaction or update.

Investment fraud

A cloned investment firm website, backed by paid advertising that lures customers in. Investment fraud is one of the latest scams designed to syphon money out of unsuspecting parties.

Investment fraudsters tend to make promises of exceptional returns when investing in shares, commodities and schemes. But these schemes are either worthless, or simply non-existent.

Because the fraudsters behind the schemes are very convincing, it can be difficult to tell them from the real thing. They tend to know their stuff financially and have credible looking websites packed with testimonials and advice that can be tricky to distinguish from the genuine article.

If you are planning on making any investments, be on your guard, and always take independent financial advice before going ahead, because there are far too many cases of investors being hoodwinked into parting with large sums of money, only to find the investment firm was a fake one. Check the credentials of the investment firm against the Financial Conduct Authority's register, and only use advisers who have been personally recommended to you.

Purchase scams

Tempted by a deal that looks too good to be true? Then it probably is. It is important to be aware that criminals are seeking new ways to target businesses making online purchases, especially the likes of essentials such as PPE and hygiene products.

The scam works by taking money for non-existent, fake or inferior products that are advertised at discounted rates.

If you see an advert or receive an email offering high-demand goods at prices that seem particularly low in cost, refrain from making any rash buying decisions. Check out the company on the government website to see whether they are registered. Also look to see whether they have a landline telephone number and physical address, rather than just a PO Box.

Instead of going by reviews listed on the seller's website, do your own independent search via Google or Trustpilot. Fake reviews are one of the most common ways a fraudster will try to win your trust, but genuine review sites will provide a true picture of customer feedback. You can also search for the name of the company via any search engine, including the words 'scams' or 'fraud' in your search term.

Do your due diligence on the website too. Are the images good quality? Is the content well-written and free from grammar and spelling mistakes? Are there terms and conditions available? What is the refund and returns policy? Often, fraudulent websites will lack quality, although some are becoming quite sophisticated these days.

Take care when entering any payment details, and never do so unless you are absolutely certain you are dealing with a trustworthy company. Always use a secure payment method such as PayPal, and avoid requests to pay by bank transfer.

Check that the website is secure. Look for the 's' following the 'http' in the website URL, and carefully check the padlock symbol in the browser window. Make sure this is not on the page itself, as this is indicative of a fraudulent site. These measures only confirm a secure connection though, rather than the authenticity of the website. If you want to check who owns the website, you can do a Whois lookup.

Phishing scams

HMRC has reported that there are numerous scam emails, text messages and phone communications in circulation. These are all phishing scams, in other words, scams designed to obtain personal data including payment information, which is then used fraudulently.

HMRC says that customers will never receive any form of message by email or text, or a phone call, that advises about a tax rebate or penalty or that asks for personal or payment information.

For more information, visit: http://www.gov.uk/topic/dealing-with-hmrc/phishing-scams. You can also search 'scams' on the GOV.UK website for guidance on how to recognise genuine HMRC correspondence.

To report a suspected HMRC phishing scam, go to: http://www.gov.uk/report-suspicious-emails-websites-phishing/report-hmrc-phishing-emails-texts-and-phone-call-scams. You can also forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.

Be vigilant and protect your business against scams

You can access the National Cyber Security Centre's new guide on how to stay secure online and protect yourself or your business against cyber-crime here: http://www.ncsc.gov.uk/cyberaware.

It is vital that you take steps to protect your business from online scams and cyber- crime, as breaches can be devastating, not only in financial terms, but also with regard to reputational damage.

Office Assistants customers are welcome to query any suspicious looking communications with us. Similarly, should you ever be in any doubt as to the integrity of any HMRC contact, you are welcome to check with us.

Back to Main News Page

Regular Bulletins

Sign up to our regular Office Assistants newsletter and get special offers and discounts.

Sign up



Free e-mail reminders

A free, easy way to remember when crucial payments are due and paperwork needs to be prepared.

Get your reminder

Investors in PeopleThe Institute of Certified Bookkeepers

Company's Practice Number: 4635