It’s an unfortunate fact that small business owners are regularly the target of scammers – trying to take their money, business contacts, or business or personal identification details.

Scammers often pretend to be from a government agency, like the Australian Taxation Office (ATO), or a well-known company you may have heard of, such as Telstra. Their aim is to scare you into parting with your money or valuable information and if you don’t, they may threaten you with fines, disconnecting your internet, taking you to court, arrest or even deportation.

Here are some tips to help you protect your business from scammers.

Common scams targeting small business

According to Scamwatch, the most common types of scams targeting small businesses relate to:

  • false billing
  • overpayment
  • malware and ransomware
  • whaling and spear phishing
  • online shopping scams

How to protect your business from scammers

If you’re unexpectedly contacted or threatened by someone claiming to be from a government agency or trusted business the most important thing to do is stop and check if it’s the real deal.

  • Don’t be pressured into acting quickly. While this can be hard if you have someone on the phone making threats, taking a step back and allowing yourself time to check details can help you realise that a call or message is actually a scam.
  • Contact the organisation or government agency independently to verify that they actually contacted you. Use the organisation’s contact details from a legitimate information source, like their official website. Never use the contact details provided by the caller or in the email unless you have verified that they are correct.
  • Ignore threatening emails or voicemail messages asking you to call someone back. If you do, the scammers may increase their intimidation and attempts to get your money.
  • Never send money or provide your bank account details, credit card details or other personal or business information to anyone you don’t know or trust, especially over the phone or via email.
  • If a customer or supplier emails you to change their delivery or payment details, phone them to confirm this change. We’ve heard from many small business owners who have been caught out by scammers sending them false billing scam emails, which has resulted in them making large payments to scammers, thinking that they were their supplier.
  • Enable ‘two-factor authentication’ on your smart phone or online payment systems (if available). Two-factor authentication provides an extra layer of security for your smart phone and when you make payments as you’ll need to carry out two actions (eg. enter a password and provide a code which was sent to you via text message) to confirm that this is the correct device and you are the account owner.
  • Remember that a government agency or trusted business will never ask you to pay by unusual methods such as with gift vouchers, iTunes cards, wire transfers or bitcoin.
  • Don’t open suspicious text messages, pop-up windows or emails and don’t open attachments or click on links – just delete them.
  • Never provide remote access to your computer if you’ve been contacted unexpectedly by phone, pop-up window or email, even if they claim to be from a well-known company like Telstra, Microsoft or an Internet Service Provider (ISP) like iiNet.
  • Make sure your employees are aware of the risks of scams and let them know what you expect them to do if they are contacted by a potential scammer.

More information

The Australian Cyber Security Centre's small business cyber security guide has a rundown on the online security practices you can put in place to protect your business.

The Scamwatch website also has a range of information and advice to help protect you against scams. This includes tips for small business owners, a guide to the help available to scam victims, a series of educational videos and an online scam reporting tool.

Legal and risk
11 November 2022