Back to Blog
Published at | Updated:

How to protect your small business from fraud

A plant shop owner checking his email on a laptop.

When you think of business fraud, you probably think of established companies (like Sony or Facebook) that made the news because they fell victim to big-scale scams. However, business fraud does not just impact big businesses that are household names. In fact, it affects small businesses more than any other size operation.

The bad news is that fraud isn’t going anywhere. So what’s your best protection? The answer lies in learning about the types of business fraud to be on the lookout for and the proper steps you can take to make sure you don’t become a statistic.

What are scammer tactics?

Scammers have several tried and true tactics that they utilize when committing textbook fraud. Here are the main tactics they use, which will both help you catch fraud early on as well as help you detect if you’ve in fact been a victim:

Pretending to be trustworthy: They claim to work for a well-known company. If believed, this is an efficient way to get people to let their guards down.  

Creating a sense of urgency: They do this by rushing you to finalize a decision before you have time to think things through or piece things together. 

Causing fear: They claim that something bad is about to happen (think: your computer virus is about to steal and wipe all of your data) which feeds into that false sense of urgency. Fear of what could go awry is what often makes people fall for scams. 

Using untraceable payment methods: They almost always request payment through wire transfers, reloadable cards, or gift cards–all payment methods that are impossible to track or to reverse.

The main types of fraud that target small businesses.

Bogus invoices

There are various types of invoice fraud, but the most common one is a bogus invoice from your supposed supplier. A scammer can create a fake invoice that looks like one from your supplier, but is actually routed to a different bank account.

A common practice is to use an email address that is one character off from your supplier’s actual email address so the difference is nearly impossible to spot.

Tech support scams

Tech support scammers use scare tactics to trick you into paying for unnecessary technical support services. They contact businesses pretending to be computer technicians from well-established companies like Microsoft or Apple. They often ask for remote access to your computer and pretend to run diagnostic tests that reveal a (fake) problem. The goal of the scam is to get their hands on money, access to a computer network, and/or confidential information.


Phishing emails are one of the most common types of attacks. They appear to come from established accounts and are intended to trick people into sending money or identifying information. This includes social security numbers, bank details, passwords, and any other data that makes identity theft possible. Once opened, phishing emails can expose your business data to malware.

Fake check scam

The telltale sign of a fake check scam is when a scammer posing as a customer overpays via a fake check for a product or service. The scammer will ask you to wire the extra money to a third party. They then collect the profit from the overpayment and immediately cancel the check, leaving you with an outstanding balance.

Payroll division

This is a type of fraud where the scammer preys on employees. They will send an email posing as a payroll site, prompting employees to log in with their payroll credentials. The scammer will then use their credentials to access the actual payroll site, updating the banking information to their own. This means that any and all payment going to the employee is sent straight to their bank account.

Office supply scam

Scammers can pose as your routine supplier. They might email your business to remind you that it’s time to place your regular order of office supplies. They might also send you actual office supplies, hoping that you pay the attached invoice without noticing that nobody placed this order. According to the Federal Trade Commission, office supply scams alone cost American businesses an estimated 200 million dollars every year.

Table emphasizing the different types of fraud small businesses are prone to. Bogus invoices, Tech support scams, Phishing, Fake check scam, Payroll division, Office supply scam.

Accounts payable red flag checklist

Manual payment processes also create increased risks related to internal fraud exposure–as well as inefficiencies in workflow. Use this checklist as a base to identify when fraud could be occurring:

Fraud red flags checklist

How do I protect my business?

Spoiler alert: Most of these strategies won’t cost you a dime.

Business owner level

Educate your employees: Your employees should be involved in fraud prevention. You can host regular training sessions and teach them what to look out for and about various prevention techniques. It’s also important to make sure that they are up to date with your company’s security and conduct policies. This will help prevent important details from falling into the wrong hands and ensure it’s clear what “fraud” and “theft” consist of in the eyes of your business. 

Protect your bank accounts: If you don’t already have separate bank accounts and credit cards for your business and your personal life, there’s never been a better time to make this happen. One of the biggest advantages to having multiple accounts is that if hackers get their hands on one account, they won’t automatically have access to the other(s). 

Review financial documents regularly: It’s wise to keep close tabs on financial documents such as your bank and credit card statements, paycheck amounts, and balance sheets. Regularly reviewing your financials will help you catch fraud early. It’s also a good idea to handle bills online so you don’t have paper bills with confidential details lying around the office. 

Get insurance: A good way to protect your business from internal fraud-related losses is by getting insurance. “Fidelity insurance” (not to be confused with the insurance provider Fidelity Insurance) protects your business against criminal acts committed by employees including forgery, credit card fraud, and embezzlement.

Periodically review who has access to your accounts: Some online services allow you to use more than one login to access your account information and perform various actions. Your bookkeeper, for example, may have access to your Melio account through their own username and password. This is a great way to delegate work without sharing your password but it’s important to occasionally review the list of people who have access. Double-check to make sure you know who everyone on the list is and that each person only has the permissions and access necessary for them to do their jobs. 

Know who you’re doing business with: At the end of the day, the best way to ensure you do business with the right people is by asking for recommendations from trusted businesses that you are well acquainted with. However, if you do end up working with businesses that you found online, be sure to search the company name alongside the word “scam” before conducting business. Read what people are saying and keep your eye out for anything that seems off.

Company level

Change passwords regularly: Unlike a bottle of wine, a good password does not age well. The longer you use a password, the bigger your exposure—particularly if other team members also use it to log on. Make a habit of resetting all your passwords at least once to twice a year so you have better control over who has account access. 

Verify invoices: It’s important to never send payment before you know exactly what the bill is for and before you’ve verified that you in fact received those products or services. It’s also a good idea to limit the number of employees who are authorized to place orders or pay invoices so you lower your chances of falling victim to a scam. 

Turn on email and SMS notifications: Many online services offer the option to receive email or text notifications for every action performed in your account. Opting in is one of the easiest ways to make sure you know exactly what’s going on in real time. 

Stay skeptical: Remember that email addresses, websites, and phone numbers that look legit are easy to fake. Don’t open attachments and links or download files from unknown emails. Don’t automatically believe your caller ID. The bottom line? Think before you open any email, click any link, or answer any call. 

Implement a new AP workflow: It’s wise to implement an APAPAP (accounts payable) is an accounting term that refers to the outstanding bills or invoices for goods and services already provided to your business but that you haven’t yet paid for. workflow that supports information security. An automated workflow supports cybersecurity protocols in the payments process. This reduces the likelihood that any of the accounts payable fraud issues you’ve read about in this report will affect your firm or clients. 

Implementing an automated payments solution such as Melio should be a business-wide effort and should take into consideration other financial processes.

How does Melio protect your funds?

Melio uses their vast small business network to validate and connect small businesses and suppliers. They also work with partner banks to create open and secure communication to react to phishing incidents faster, and to recover badly routed funds whenever possible.

Ramp up your security measures

It’s easy to put off thinking about fraud prevention until it’s too late. However, business fraud is here to stay and can have serious implications on your business.

By working to prevent fraud from occurring in your workplace, you’re investing in the wellbeing of your business in the long term. We hope you feel more empowered as you now know what to look out for and how to ramp up your security measures accordingly.

Check out this specific fraud prevention technique and why you should be using it.Read now

*This guide is intended for informational purposes only and is not intended as financial advice.
**Melio does not provide legal, tax or accounting advice, and you should consult with a professional advisor before making any financial decisions.