Beware of these small business scams in the UK

Some 25% of small business in the UK are hit by fraud every year, and yet nearly half haven’t made any changes to their business to prevent fraud. The scale of these small business scams is getting worse by the day – and even more worryingly, the scams are getting ever-more sophisticated.

Which small business scams to look out for

Be aware that certain scammers are using government branding to try and dupe people into thinking their communication is official. That’s why the contents of the communication are so important.

Fake HMRC emails

You may have seen scam emails claiming to be from HMRC before. They usually promise a non-existent tax refund to get you to enter your financial details – there has also recently been a Covid-19 variation doing the rounds.

This scam says that the government has established a new “tax refund programme” to help the self-employed protect themselves from basic tax mistakes. HMRC has also announced that an SMS message is circulating that promises a “goodwill payment” from the tax authority. While these messages may look real enough on the surface, they’ll usually contain typos, odd phrasing and other errors.

HMRC says that you shouldn’t reply to the email or SMS, or open any links in the message. HMRC will never send email notifications about tax refunds or rebates and you can always contact HMRC if you’re not sure about something you’ve received. You can forward a fake email to HMRC to help in their investigations against scams (just make sure you delete it after).

Fake communication from local councils

Many messages also contain links that take you to an official-looking (but fake) gov.uk page that asks you to enter your card details, including your security number. Again, these messages will usually have typos and errors. You should delete any messages you get without clicking on the links.

Ensure that if you receive anything like this, you check the origins of the contact and stop and consider whether you are expecting it.

Cyberattacks

The National Cyber Security Centre (NCSC) highlights that organisations of all sizes are still getting to grips with remote working. If you have employees working at home, you could be facing a new sort of cybersecurity challenge.

Ensure your staff are aware of scams that they’re more susceptible to now that they’re working from home. For example, scammers tricking them into accessing their computer or handing over their login details, possibly posing as a fake IT team. Encourage remote employees to take regular breaks to avoid making sloppy errors which could compromise security.

A National Cyber Security Centre (NCSC) spokesperson said: “Cybercriminals are opportunistic and can often look to exploit current events and public concern.”

The NCSC says that you should also create strong passwords and use two-factor authentication where possible when setting up new accounts for remote working. You can also use Virtual Private Networks (VPNs) to let your employees access your systems remotely.

Fake investment schemes and trading advice

The Financial Conduct Authority (FCA) reports that “sophisticated, opportunistic” scammers are using the Coronavirus pandemic to come up with scams involving pension transfers and high-return investment opportunities (including investments in crypto assets).

Scammers use many channels, including phone calls and social media advertising. They’ll almost always appear too good to be true. The FCA lists a number of ways to protect yourself against these scams. Firstly, they say you should reject offers that come out of the blue, for example from firms you’ve never heard of or dealt with before.

They say you shouldn’t rush or be pressured into making a decision, or give out personal details. And you can check the FCA Register to see whether a firm you’re dealing with is authorised by the FCA (you can also check the FCA’s warning list to find out whether you’re dealing with scammers).

Be vigilant in avoiding these scams

Scams like these have been around for decades but have been adapted to different situations. Remember the following quick tips to keep yourself and your business safe:

• Reject unsolicited offers, particularly ones that offer quick fixes
• Beware of social media ads or sponsored ads online
• Don’t click on links from senders that you don’t know
• Don’t give out personal details
• Research companies that you’re looking to buy from to make sure that they’re legitimate
• Have the latest software updates installed
• Monitor your bank statements regularly for any unusual activity

Check the Financial Conduct Authority’s Financial Services Register for the name of the business that’s contacting you.

The National Crime Agency also has this advice for businesses: If you do get a request to move money into a new bank account, contact the supplier directly by researching the supplier and using a phone number or email address not on the invoice. Don't simply reply to the email received. Furthermore, you can refine your processes for handling changes to payment details, like only letting certain employees to deal with these changes. Invoices, payment mandates and other documents which contain sensitive financial information should be stored securely and again, should only be available to those who need it to do their job.

If you fall victim to a scam, report it to ActionFraud and contact your bank immediately.

---

Staying up-to-date is of paramount importance when protecting both your business and your clients from fraudsters. Keep your staff and industry peers in the loop about developments like these for a better chance of protecting your businesses. If you need assistance, get in touch with one of our experts on +44 (0) 20 7759 7553 or accounting@sableinternational.com.