Log in

How to protect yourself from scammers

8 minutes

Cybercrime costs economies millions each year. Scams targeting small businesses are becoming more sophisticated and harder to spot. 

Every scam aims to obtain personal information, business information, credit card details, and other financial information like online banking details, to use against you. This can have wide-reaching implications for you and your business. 

Financial crimes and fraud, for example, can have a negative impact on your credit report, stopping you from getting loans and other credit services in the future. 

Through clever tactics, these strangers force you into giving them information you wouldn’t normally share with people you don’t know. Like scam messages that ask you to verify personal details and contact information, leading to identity theft.

Stay one step ahead of online and phone scam campaigns.

At Invoice2go, a Bill.com company, it’s our mission to support small business success - and that means keeping your financial information safe. Here are 5 common scams and warning signs to look out for. Plus advice to protect your sensitive information to avoid scammers taking advantage of you.

The 5 most common small business scams

1. Text message and email scams – known as phishing 

These scams are the most common. And you’ll probably have heard this advice before.

Text messages or emails will entice you to click on links or take you to a fake company website. Both asking for personal details, business or bank information. 

Some even ask you to send money to one of several online accounts, top up a gift card with money, pay a fake supplier for services you’ve never received.

2. Credit and debit card scam

It’s not only a stolen card that can cause a financial headache. 

Scammers use card skimming devices or PIN capture technology at ATMs. Or they use online and phone scams that lead you to unwittingly share your online banking or account information.

3. Investment scam

The phone rings (no caller id) - it’s a bogus financial adviser/ broker - and the conversation starts with ”It’s the chance of a lifetime.’’ These scammers (and their free service advice) sound legit, but they aren’t. 

The more elaborate scammers create a fake website and have social media accounts - they even publish information across a list of social networking sites. 

The fraudster may even send you fake company documents outlining their services with a seemingly lawful, legal disclaimer on letterhead paper that includes a phone number and a list of social networking sites.

If you’re tempted by a ‘too good to be true’ offer, are being pushed into making fast decisions or enticed to stop thinking rationally - pause and do your research before you sign anything, or pay money into someone’s account.

4. Remote access scam

Scammers pretending to be from a well-known brand either call, text message, or email you. They trick you into thinking you’ve been hacked or scammed e.g. “you’ve clearly clicked on links in a suspicious email taking you to a fraudulent page”. Then ask you for full access to your computer so they can use the internet to ‘fix’ it. 

Instead, these scammers are harvesting your personal information, accounts, online banking information, and payment details. Then those scammers rush to sell on your personal details before you have a clue.

Be wary of anyone claiming to be calling from a company that needs to access your computer. They may push lots but stand your ground. It’s likely to be one of many scams.

5. Business email compromise scam (BEC) 

Victims are usually larger companies. Scammers manipulate individuals and teams into divulging sensitive information or giving them access to accounts (commonly known as social engineering).

Cybercriminals impersonate an employee or business to convince clients or suppliers to send money into their online banking account - not yours. 

These scammers may even resort to calling several times, to legitimize the fraud. It always helps to screen phone calls.

The best tips to avoid being scammed

1. Never share your log in details with anyone

Tempting though it is, don’t share your personal and business details or accounts with anyone. 

Each person in your business should have a separate online log-in / sign-in. This helps with privacy and enables you to manage the level of access people have to your business information, online accounts, and money.

And never give remote computer access to anyone - not even people you know.

2. Turn on two-factor authentication (2FA), multi-factor (MFA) authentication, or use an authenticator app

It’s an extra layer of security to protect you from fraud and scams. You log in with your username. Then verify yourself using a unique code or by tapping on a notification sent to your phone. These services are usually free and easy to use.

Face ID and Touch ID (biometric verification) are fast becoming the norm too. This makes it much harder to fall victim to an identity scam.

3. Still using a password? Make it a strong one, something unique

Using birthdays, home addresses, your business name are no-nos. Consider using a passphrase. Something that’s easy to remember, but impossible to guess e.g. c@tsAr3myFavouritePets.

Using a mix of lower case letters, upper case letters, and different characters help create a strong password or passphrase - a good way to help protect against fraud when you sign in.

Password fatigue is real, but don’t reuse the same password across multiple sites. If one site is compromised, you risk your personal and business information falling into the wrong hands. Password protection is extremely important.

4. Regularly check your bank accounts - ideally, daily

Keep an eye out for any suspicious transactions. Look at online statements or the transaction history in your banking app - search for unfamiliar, small amounts being debited - and report anything to your bank / financial institution straight away. 

You can do this by calling them or reaching out to a chatbot in their app.

Change your login password to protect your account details then lock your debit or credit card so it can’t be used. 

Always set a difficult card PIN and turn on transaction notifications to easily keep track.

When you’re withdrawing money at an ATM, cover the keyboard to keep your credit card or debit card details secure. It may seem obvious advice, but it’s worth taking the time to do so.

If you occasionally use public computers be really careful which sites you’re using and the information you’re disclosing. And always remember to log out.

5. If an email seems unusual don’t open it, reply or click on any links

First, check the email address and if you’re still not sure, do an internet search and contact the company directly to ask if they’ve sent anything to you. If you can’t find any contact details, check the main menu on the company website or send them a private message through social media. 

Make sure emails come from one of your trusted contacts or trustworthy sources before you open them. If they don’t, they could be a fraud.

The legitimate company may ask you to send it to their dedicated ‘spoof email’ address - it’s OK to forward and report it this way. Once done, block the sender to avoid receiving follow-up emails from them. 

Fraudulent messages often ask you to verify your identity by clicking on links or send you a request for personal information including:

  • contact details
  • social insurance number / social security number
  • online account details including those relating to your bank account e.g. account numbers
  • credit card numbers

           Once you click a link, hitting the ‘escape key’ is too late.

Legitimate companies never ask you to disclose account, payment, mobile banking,

  online banking or personal information that could compromise your security.

6. Regularly update antivirus software and back up your data

Using outdated antivirus software exposes your business to risk. Set up automatic software updates to stop malware corrupting your computer systems. 

And remember to back up your data regularly to minimize damage if you do fall victim to a scam or fraud.

You’ve been scammed, what next?

Always report a fraud or scam. Despite feeling anxious, embarrassed, or angry because a scammer has hit one of your emotional hot buttons - reporting it can help other businesses avoid becoming victims of ‘too good to be true’ campaigns by scammers.

Keep any fake documents you’ve been sent, block or screen phone calls, and take advice from experts to protect against this happening again.


  • Bank or financial institution - they may follow up with an email or phone you back with a request for a detailed account of the fraud. They can also help you lock cards and accounts to avoid unauthorized transactions taking place 
  • Online agency to get a credit report - make sure your credit rating hasn’t been negatively affected
  • Citizen’s advice bureau - for help, support, and advice on next steps
  • Local government or local council
    • Australia: Scamwatch
    • UK: Action Fraud
    • USA: Fraud agency
    • Germany: Fraud agency
    • Italy: Fraud agency
    • Germany: Fraud agency
  • Business community groups giving them info on the scam 

Invoice2go helps you protect your business and personal details against fraud 

  • Turn on phone notifications: Keep track of payments, invoices, and more - discover how
  • Business reports: Monitor money, manage cash flow - take a look
  • Invoice2go Money: Payments are covered by FDIC insurance - tell me more
  • Turn on two-factor authentication - read more


Get inspiration and resources sent straight to your inbox.