7 Scams Targeting Business Owners (And How to Stop Them)

As bookkeepers, we see everything—what comes in, what goes out, and sometimes, what quietly disappears. That perspective, combined with my background in information technology & cybersecurity, has pushed me to find better ways to help clients protect themselves from the most common financial scams impacting individuals and small to mid-sized businesses today.

Fraud targeting small and mid-size businesses is more common than most owners realise, and more costly than most expect. The FBI's Internet Crime Complaint Center consistently identifies business email compromise and related fraud as the highest-loss category of cybercrime.

The good news? Most of these scams follow predictable patterns. Once you know what to look for, they become much harder to fall for.

Here are the seven scams I see most frequently targeting my clients — and what you can do to protect your business from each one.

1. CEO / Executive Impersonation Fraud (Business Email Compromise)

This is one of the highest-loss scams in the country, and it works because it exploits something your staff does every day: follow instructions from leadership.

A scammer spoofs or gains access to a senior executive's email account and sends an urgent message to a bookkeeper, assistant, or finance staff member. The message typically requests an immediate wire transfer — often with instructions to keep it confidential and act quickly. The email looks completely legitimate. The urgency bypasses normal checks. The money is transferred. And it's almost never recovered.

How to spot it: The sender's email address is slightly altered — an extra letter, a different domain, a subtle variation that's easy to miss. The message carries extreme urgency ("must be done before close of business today") and often includes a request for secrecy ("don't loop anyone else in on this one").

How to prevent it: Establish a non-negotiable verbal confirmation policy for all wire transfers. Before any funds are moved, someone must call the requesting executive directly on a known phone number — not a number provided in the email. For transfers above a set dollar threshold, require dual authorization from two separate approvers. Train your entire team, not just your bookkeeping staff. Anyone who processes payments is a potential target.

A 30-second phone call before every wire transfer is the single most effective defence against this scam.

2. Fake Vendor / Invoice Fraud

Your regular supplier. Their usual invoice. Same logo, same format, similar amount. But with one small change: a different bank account number.

This is invoice redirect fraud, and it works because it targets trust that's already been established. The fraudster researches your business relationships, identifies vendors you pay regularly, and sends near-identical invoices with their own banking details substituted in. By the time your real vendor follows up about an unpaid invoice, the money is already gone.

How to spot it: Banking details on a familiar invoice have "recently changed," often explained by a note on the invoice or a separate email. The vendor name may be slightly different — one letter changed, a different legal suffix, a hyphen added. There's pressure to pay quickly: "final notice," "account on hold," or "overdue."

How to prevent it: Implement a firm policy: any change to a vendor's banking details requires verbal verification before payment is processed. Call your vendor on a number you already have saved — never the number listed in the suspicious communication. Cross-check every invoice against your existing vendor records. Never update payment details based on an email alone.

If a vendor's bank account has changed, the first call you make should be to your vendor — not to your bank.

3. Payroll Diversion Fraud

This scam is timed deliberately. It arrives before payday, when the pressure to process quickly is highest and the checks are most likely to get skipped.

A scammer impersonates one of your employees — either by spoofing their email address or by gaining access to their account — and sends a request to update their direct deposit details to a new bank account. The request sounds routine. The timing creates urgency. The change gets processed. Payday arrives, and the employee doesn't receive their pay — because the funds went to a scammer's account.

How to spot it: The request arrives last-minute, just before a scheduled pay run. The sender's email address is slightly different from the employee's normal account, or the request comes from a personal email rather than a work address. There's no prior conversation or context — just a standalone request to change banking.

How to prevent it: Require in-person or verbal confirmation for any payroll banking change — no exceptions. Never process a direct deposit update based on an email alone. Implement a signed payroll change form and require a second approver for all banking updates. Consider a one pay-cycle hold on newly submitted account details before activation, which gives you time to verify the change is legitimate.

The process that prevents this costs nothing to set up. The cost of not having it can be significant — both financially and in terms of the trust your employees place in you.

4. IRS / Tax Agency Impersonation

Few scams are more disorienting than a threatening phone call from someone claiming to be the tax authority. And that's precisely why they work — the scammer counts on fear overriding logic before you stop to ask whether the call is even real.

The caller claims to be from the IRS or some other government agency. They cite a specific case number, reference unpaid taxes, and threaten immediate consequences — arrest, licence revocation, asset seizure — unless you pay right now. Payment is typically demanded via gift card, wire transfer, or cryptocurrency.

How to spot it: The caller demands payment by gift card or wire transfer. They threaten immediate arrest or serious legal action. You have received no prior written notice from the agency. When you ask questions or request documentation, the caller becomes hostile or aggressive.

How to prevent it: Hang up. Legitimate tax agencies always send formal written notice before initiating any phone contact about an outstanding debt. They do not make cold calls demanding immediate payment. They do not accept gift cards. After hanging up, contact your bookkeeper or accountant — they can verify whether there is any genuine outstanding tax issue. If you want to follow up directly with the agency, look up their official contact number on their government website and call back independently.

No tax authority — not the IRS nor any state or territory agency — will ever demand payment in gift cards. If someone is insisting on this, it is a scam without exception.

5. Fake Software / Subscription Renewal Invoices

Here's a question worth pausing on: do you know every software subscription your business is currently paying for?

If you hesitated, you're not alone — and scammers are counting on it.

Fake software renewal invoices work by exploiting the fact that most businesses don't audit their subscription spend. A scammer sends an official-looking renewal notice for cloud software, a productivity tool, a security product, or an accounting platform. The amount is intentionally modest — perhaps $79, $149, or $249 — just small enough to sit below the threshold that would raise eyebrows. And it gets paid. Sometimes multiple times, across multiple billing periods, before anyone notices.

How to spot it: The invoice is for software or a service your business doesn't recognize or use. It arrives as an "auto-renewal" for a subscription you have no record of signing up for. The vendor name sounds familiar but isn't quite right. The dollar amount is small enough to slip under most approval thresholds.

How to prevent it: Conduct a quarterly subscription audit. Maintain a master list of every approved software subscription and match all invoices against it before processing payment. Implement a simple policy: no invoice gets paid without being matched to a signed agreement or an original purchase order. Route all software-related invoices through a single designated approver. Your bookkeeper should be flagging any recurring charge that doesn't correspond to an approved vendor relationship.

This is exactly the kind of thing a thorough monthly bookkeeping process catches before money leaves your account.

6. Bank Phishing Targeting Business Accounts

The email looks exactly like it came from your bank. The logo is correct. The formatting matches. The sender name reads as your bank's security team. The subject line says something like: "URGENT: Suspicious Activity Detected — Action Required."

One click on the link, one login on the page it leads to, and a scammer has your business banking credentials.

Business accounts are targeted specifically because the balances are higher, the transactions are larger, and there's often more than one person with access. The fake login page is designed to harvest your username and password — sometimes even your multi-factor authentication codes if the attack is sophisticated enough.

How to spot it: The sender's email domain doesn't match your actual bank. Look carefully at the actual email address, not just the display name — "security@yourbank-alerts.net" is not your bank. The greeting is generic: "Dear Business Customer" rather than your actual name or business name. The message threatens account suspension within a specific short timeframe. The alert is unexpected — you didn't trigger any security action that would generate it.

How to prevent it: Implement one rule that stops this every time: never log into your banking by clicking a link in an email. Type the URL directly into your browser, or use a bookmark you have saved. This single habit eliminates the phishing risk entirely. Additionally, enable multi-factor authentication on every banking and financial account, limit online banking access to as few staff members as necessary, and call your bank on the number printed on your bank card if you ever receive a suspicious alert — never use a contact number provided in the suspicious email itself.

7. Workers' Compensation & Internal Payroll Fraud

Every scam we've covered so far has come from outside the business. This one doesn't — and that's what makes it the hardest to detect and, often, the most costly.

Internal payroll fraud and workers' compensation inflation can bleed a business slowly for months or years before anyone notices. Because the people behind it have legitimate access and have earned a degree of trust, the red flags are easy to overlook or explain away.

The most common forms include timesheet fraud (employees logging hours they're not actually working — often gradual and small), workers' compensation inflation (claims that don't align with the employee's role, duties, or the reported circumstances of an injury), ghost employees (individuals who appear on payroll but no longer work at the business — sometimes added by someone with payroll processing access), and contractor overbilling (invoices for work not performed or significantly exaggerated).

Red flags to watch for: Timesheets that show exactly the same hours every single week, regardless of workload or project stage. Workers' comp claims that are inconsistent with the employee's role or that are filed well after the reported incident. One person who both processes payroll and approves it, with no independent oversight. Payroll totals that creep upward without a corresponding increase in headcount or recorded hours.

How to protect your business: Conduct monthly payroll audits and cross-check hours against project output, attendance records, or site logs. Segregate duties — whoever processes payroll should not be the same person who approves it. Review workers' comp claims against role classifications and supporting documentation. Engage an independent bookkeeper to review payroll each period; an outside perspective catches patterns that insiders normalise over time.

Monthly payroll reviews catch this. Year-end reviews rarely do — because by the time an annual review surfaces the problem, the behaviour is entrenched and the financial damage is significant.

What These Seven Scams Have in Common

Looking across all seven, a few patterns emerge.

They all exploit something legitimate: trust in leadership, a relationship with a vendor, the appearance of a routine process, the authority of a government agency, the familiarity of a bank. The scam works not because the target is careless, but because the deception is designed to feel normal.

They all use urgency to bypass checks. Whether it's a wire transfer that "must happen today," a payroll change the day before a pay run, or a tax bill threatening immediate arrest, the goal is always the same: to make you act before you think.

And they are all significantly easier to prevent with the right processes in place — before something goes wrong, not after.

Your Bookkeeper Is Your First Line of Defense

A good bookkeeper isn't just someone who reconciles accounts and prepares reports. They're an independent set of eyes on your business's money — every single month.

At Salt & Sand Bookkeeping, we help our clients implement the financial controls and review processes that make these scams significantly harder to pull off. That means payment verification policies, payroll audits, subscription reviews, and the kind of consistent oversight that catches problems early — whether they're coming from outside the business or within it.

If any of the scams in this post gave you pause, we'd love to have a conversation about what better financial protection could look like for your business.

Visit us at saltandsandbookkeeping.com or get in touch directly — we're always happy to help.

Salt & Sand Bookkeeping provides bookkeeping and financial management services to small and growing businesses. This post is intended for general educational purposes. If you believe your business has been the target of fraud, contact your financial institution and relevant authorities immediately.