Starting a new business? Get 40% off our accountancy services for 3 months! 😎


Fraud, phishing scams, and cyber-attacks are sadly a very real fact of business ownership, though it’s all too easy to think it’s the sort of thing that happens to other people. In truth, it can happen to anyone, with businesses falling victim to scams and attacks all over the world, every single day.

Fraud can happen to anybody, and can be fatal for a business no matter how large or well-established, though particularly so for smaller businesses.

Why are small businesses more at risk from scammers?

Micro, small, and medium-sized enterprises often don’t have resources readily available to fortify the business.

Their physical size in terms of staffing power is part of the problem; fewer people means that secondary checks are less feasible. Any process with a reduced amount of ‘contact’ points means fewer opportunities to spot problems and deal with them.

Smaller business operations also tend to have smaller cash reserves, so simply can’t afford the more sophisticated end of the security market. A business with less cash is also more likely to feel the impact of any disruption to cash flow.

Plus, smaller businesses pose much less threat to scammers. Sadly, their lack of resource indicates less likelihood of the business being in a position to cause a fuss.

Comprehensive tax return services

From only £24.50 per month

Learn more

What are the most common types of frauds and scams in small businesses?

Unfortunately, the multiple ways that fraudsters can target a business mean that any defence must consider multiple entry points.

Payment cards can make online purchases, only for the payment to be queried by the genuine cardholder once the goods are sent out to the scammer. Cyber-crime during the payment handling process can target unprotected ecommerce sites, whilst phishing campaigns can decimate a business.

Spotting the warning signs of business fraud is increasingly difficult, as thieves become ever more sophisticated. Red flags might include sudden changes of address, unsolicited opportunities, or even changes in staff circumstances.

Cyber-attacks and phishing scams

Most businesses find themselves responsible for sensitive data, such as customer information or employee details, at some point. Whilst this information can be useful for you in the running of your business, it can be extremely valuable to fraudsters who can exploit it for their own benefit.

Data can become vulnerable from something as simple as sending an email to the wrong person, but it can also be far more sophisticated, and much less innocent.

For example, a cyber-attacker might steal customer payment information from a database, or a phishing scam email might encourage an employee to enter card details to renew an ‘expired subscription’.

Some businesses also store commercially sensitive data, such as the details of ongoing research and development, or ‘the secret recipe’ that made you a success. If it’s financially valuable to your business, it can be just as valuable to someone else.

What is invoice fraud?

Invoice fraud can manifest in several ways, and an attack can come from within the business or an external source. For example, an employee could create a fake supplier and enter counterfeit invoices, or simply change the payment info for a genuine supplier.

Similarly, fraudsters might contact the business claiming to be one of your suppliers letting you know about a change of bank details.

How do ransomware attacks work?

One of the most common tactics that hackers are using is ransomware. This is when a criminal gets access to a system and encrypts important data. Literally holding your data to ransom, they will then offer to decrypt it if you pay them a fee.

Some companies pay because the alternative is losing data that a company needs to function, or the risk of reputational damage. The problem is that you’ve got absolutely no guarantee that you’ll get your data back if you pay up.

Payroll fraud

As the name suggests, payroll fraud involves manipulating the payroll system and processes in order to funnel money out of the business unlawfully. Some common ways this category of fraudulent activity can manifest include:

  • Fake timesheets (so that the person can be paid more than they earned)
  • Issuing fake bonuses
  • Paying fake employees

This type of fraud might come from within, but it can also be committed by external individuals – those who can hack your payroll system to steal money under the guise of employee payments.

Employee theft

This covers all types of fraud that is committed within a business by any of its members of staff. This includes things like payroll fraud and invoicing fraud – both summarised above – but comprises any form of theft or fraudulent activity that an employee carries out.

Fake HMRC correspondence

As if the threat of a scary-sounding letter from HMRC wasn’t enough, there’s also the risk of it actually being a scam. This usually takes the form a phishing-style attack asking you to click links or enter sensitive information.

Scam emails claiming to be from HMRC are particularly common on the approach to a tax-deadline, or to exploit other times businesses might be more vulnerable than normal.

Asset misappropriation

This type of fraud describes the deliberate theft or misuse of business assets, such as:

  • Theft of company equipment
  • Stolen inventory
  • Forged cheques
  • Stealing physical cash
  • Stealing money via digital transfer
  • Sharing trade secrets or commercially sensitive information with fraudsters or competitors

Insurance fraud

If you offer your employees any kind of insurance benefit this, sadly, leaves you vulnerable to potential insurance fraud. This is where a member of staff falsifies claims or incidents as a means by which to steal from your business in plain sight.

Social media ransom and ruin

It’s worth mentioning social media attacks separately because many of us will be much more casual in our approach to social media accounts than other aspects of the business. After all, what’s the worst that could happen?

The risk of reputational damage is likely to be far worse than a comment which is a bit off-brand, particularly if your business is responsible for sensitive client data.

Over half of the SMEs who had suffered hacking of their social media accounts admitted it had caused ‘significant’ damage to their business, and nearly two-thirds said the hackers had demanded a cash ransom for returning account control back to the business.

What is the fine for not complying with data protection?

GDPR rules regulate the way businesses handle and protect the personal information of their customers. Businesses who suffer a data breach as a result of any negligence in their security processes could find themselves with a pretty nasty fine – up to 4% of your annual worldwide turnover.

It’s a massive financial hit, not to mention the reputational damage. Customers are likely to be wary, and it could also put off potential investors or money lenders too.

What can small businesses do to protect themselves from fraud?

Introducing additional measures or due diligence might seem onerous, but there are lots of opportunities for reducing risk in your business.

Secure data and back it up properly

Storing data securely, whether physical or digital, is essential. Not only are there legal requirements for this, but doing so can protect your business, and even help you remain operational in the event of any disruption. Office flooded? Just as well all your data is safely backed up.

Encrypt as much data as possible, be ruthless about keeping passwords safe, and only ever use reputable, trustworthy software, apps, and digital services.

Bring in the professionals for business fraud protection

As tempting as it might be to shriek Ghostbusters when asked who you’re gonna call, they’re unlikely to be the best bet. Instead, calling in the relevant experts for to take care of cyber security, or qualified accountants to keep an eye on financial issues, is likely to see you in good stead!

Take Five to Stop Fraud

Take Five to Stop Fraud is a national campaign designed to stop individuals becoming victims of fraud, but the concept can be applied to businesses too. The idea is to stop, think and assess before acting if you are suspicious or if something doesn’t feel quite right.

Withhold information, refuse to answer questions, and halt contact if you feel alarmed and assess the situation before moving forward. If it seems too good to be true, listen to your gut.

Train staff to spot scams and counterfeits

As a business owner, you can’t have eyes and ears everywhere, as much as you might like to. This means you can’t always do everything yourself, so train staff to identify and manage fraud for themselves. This applies to everything from counterfeit bank notes, all the way up to things like processes and security infrastructure.

Do a background check on people in your business before working with them

In the same way you might run background checks or request references for potential new employees, you can also research prospective suppliers. Make sure they’re legitimate before sharing any information or money with them.

For example, check the company registration or VAT number is legit, and that registered addresses match up.

Don’t let one person be responsible for all financial tasks

Distribute money-related tasks across multiple members of staff so that they’re not all left with one person. If your workforce isn’t that big, you could enlist the expertise of an accountant, or even just sign-off everything yourself.

Restrict access to sensitive data and information

Protect your sensitive data and information by restricting access only to those who need it. Leaving it open to be accessed by anybody is a dangerous way to run your business. Giving access only when relevant can help you to limit risk, and will eliminate individuals from your enquiries if fraud-based problems do arise.

Carry out regular audits and inspections

Regularly audit things like stock, inventory, and equipment to ensure that all of your business’s assets are present and correct. Doing this on a regular basis means you can spot any problems early and nip them in the bud before they get any more serious. You can introduce similar checks for your data handling processes and auditing your bookkeeping.

Implement a double signature policy on contracts and documents

Double down on security by requiring a double signature on relevant contracts and documents. This means asking more than one employee or director to sign important paperwork, as opposed to leaving it all in the hands of one individual.

If you feel like there’s something not quite adding up with your finances, get your accountant to cast an expert eye over it to identify any problems or specific activity.

Call 020 3355 4047 to speak to one of the team about our online accounting and bookkeeping services or get an instant online quote.

About The Author

Stephanie Whalley

Serial snacker, compulsive cocktail sipper and full time wordsmith with a penchant for alliteration, all things marketing and pineapple on pizza.

More posts by this author
Notify of
Inline Feedbacks
View all comments

Read more posts...

Maternity Pay for Self-Employed People

Being self-employed can offer the kind of freedom and flexibility many of us dream about. But if you’re looking to start or…

Read More

What are Payments on Account?

Payments on account are a type of advance payment that you might need to make towards your Self Assessment tax bill. In…

Read More

Staff Spotlight: Aaron Parkinson, Semi-Senior Accountant

This month we spoke to Aaron Parkinson, Semi-Senior Accountant at The Accountancy Partnership! Give an overview of the duties, functions and responsibilities…

Read More
Back to Blog...

Confirm Transactions

The number of monthly transactions you have entered based on your turnover seem high. A transaction is one bookkeeping entry such as a sale, purchase, payment or receipt. Are you sure this is correct?

Yes, submit my quote
No, let me change it

Please contact our sales team if you’re unsure

VAT Returns

It is unlikely you will need this service, unless you are voluntarily registered for VAT.

Are you sure this is correct?

Yes, the business is VAT registered
No, let me change it

Call us on 020 3355 4047 if you’re not sure.


You will receive our bookkeeping software Pandle for free, as part of your package.

You can use this to complete your own bookkeeping, or we can provide a quote to complete your bookkeeping for you.

Please select and option below:

I will do my own bookkeeping
I want you to do my bookkeeping

Call us on 020 3355 4047 if you’re not sure.