As bookkeepers, we see everything — what comes in, what goes out, and sometimes, what quietly disappears. That perspective, combined with my background in information technology & cybersecurity, has pushed me to find better ways to help clients protect themselves from the most common financial scams impacting individuals and small to mid-sized businesses today.
Fraud targeting small and mid-size businesses is more common than most owners realize, and more costly than most expect. The FBI's Internet Crime Complaint Center consistently identifies business email compromise and related fraud as the highest-loss category of cybercrime.
The good news? Most of these scams follow predictable patterns. Once you know what to look for, they become much harder to fall for.
Here are the seven scams I see most frequently targeting my clients — and what you can do to protect your business from each one.
1. CEO / Executive Impersonation Fraud (Business Email Compromise)
This is one of the highest-loss scams in the country, and it works because it exploits something your staff does every day: follow instructions from leadership.
A scammer spoofs or gains access to a senior executive's email account and sends an urgent message to a bookkeeper, assistant, or finance staff member. The message typically requests an immediate wire transfer — often with instructions to keep it confidential and act quickly. The email looks completely legitimate. The urgency bypasses normal checks. The money is transferred. And it's almost never recovered.
How to spot it: The sender's email address is slightly altered — an extra letter, a different domain, a subtle variation that's easy to miss. The message carries extreme urgency ("must be done before close of business today") and often includes a request for secrecy ("don't loop anyone else in on this one").
How to prevent it: Establish a non-negotiable verbal confirmation policy for all wire transfers. Before any funds are moved, someone must call the requesting executive directly on a known phone number — not a number provided in the email. For transfers above a set dollar threshold, require dual authorization from two separate approvers. Train your entire team, not just your bookkeeping staff.
A 30-second phone call before every wire transfer is the single most effective defense against this scam.
2. Fake Vendor / Invoice Fraud
Your regular supplier. Their usual invoice. Same logo, same format, similar amount. But with one small change: a different bank account number.
This is invoice redirect fraud, and it works because it targets trust that's already been established. The fraudster researches your business relationships, identifies vendors you pay regularly, and sends near-identical invoices with their own banking details substituted in. By the time your real vendor follows up about an unpaid invoice, the money is already gone.
How to spot it: Banking details on a familiar invoice have "recently changed," often explained by a note on the invoice or a separate email. The vendor name may be slightly different — one letter changed, a different legal suffix, a hyphen added. There's pressure to pay quickly: "final notice," "account on hold," or "overdue."
How to prevent it: Implement a firm policy: any change to a vendor's banking details requires verbal verification before payment is processed. Call your vendor on a number you already have saved — never the number listed in the suspicious communication. Cross-check every invoice against your existing vendor records. Never update payment details based on an email alone.
If a vendor's bank account has changed, the first call you make should be to your vendor — not to your bank.
3. Payroll Diversion Fraud
This scam is timed deliberately. It arrives before payday, when the pressure to process quickly is highest and the checks are most likely to get skipped.
A scammer impersonates one of your employees — either by spoofing their email address or by gaining access to their account — and sends a request to update their direct deposit details to a new bank account. The request sounds routine. The timing creates urgency. The change gets processed. Payday arrives, and the employee doesn't receive their pay — because the funds went to a scammer's account.
How to spot it: The request arrives last-minute, just before a scheduled pay run. The sender's email address is slightly different from the employee's normal account, or the request comes from a personal email rather than a work address. There's no prior conversation or context — just a standalone request to change banking.
How to prevent it: Require in-person or verbal confirmation for any payroll banking change — no exceptions. Never process a direct deposit update based on an email alone. Implement a signed payroll change form and require a second approver for all banking updates. Consider a one pay-cycle hold on newly submitted account details before activation.
The process that prevents this costs nothing to set up. The cost of not having it can be significant.
4. IRS / Tax Agency Impersonation
Few scams are more disorienting than a threatening phone call from someone claiming to be the tax authority. And that's precisely why they work — the scammer counts on fear overriding logic before you stop to ask whether the call is even real.
The caller claims to be from the IRS or some other government agency. They cite a specific case number, reference unpaid taxes, and threaten immediate consequences — arrest, licence revocation, asset seizure — unless you pay right now. Payment is typically demanded via gift card, wire transfer, or cryptocurrency.
How to spot it: The caller demands payment by gift card or wire transfer. They threaten immediate arrest or serious legal action. You have received no prior written notice from the agency. When you ask questions or request documentation, the caller becomes hostile or aggressive.
How to prevent it: Hang up. Legitimate tax agencies always send formal written notice before initiating any phone contact about an outstanding debt. They do not make cold calls demanding immediate payment. They do not accept gift cards. After hanging up, contact your bookkeeper or accountant — they can verify whether there is any genuine outstanding tax issue.
No tax authority — not the IRS nor any state agency — will ever demand payment in gift cards. If someone is insisting on this, it is a scam without exception.
5. Fake Software / Subscription Renewal Invoices
Here's a question worth pausing on: do you know every software subscription your business is currently paying for?
If you hesitated, you're not alone — and scammers are counting on it.
Fake software renewal invoices work by exploiting the fact that most businesses don't audit their subscription spend. A scammer sends an official-looking renewal notice for cloud software, a productivity tool, a security product, or an accounting platform. The amount is intentionally modest — perhaps $79, $149, or $249 — just small enough to sit below the threshold that would raise eyebrows. And it gets paid. Sometimes multiple times, across multiple billing periods, before anyone notices.
How to spot it: The invoice is for software or a service your business doesn't recognize or use. It arrives as an "auto-renewal" for a subscription you have no record of signing up for. The vendor name sounds familiar but isn't quite right. The dollar amount is small enough to slip under most approval thresholds.
How to prevent it: Conduct a quarterly subscription audit. Maintain a master list of every approved software subscription and match all invoices against it before processing payment. Implement a simple policy: no invoice gets paid without being matched to a signed agreement or an original purchase order. Your bookkeeper should be flagging any recurring charge that doesn't correspond to an approved vendor relationship.
This is exactly the kind of thing a thorough monthly bookkeeping process catches before money leaves your account.
6. Bank Phishing Targeting Business Accounts
The email looks exactly like it came from your bank. The logo is correct. The formatting matches. The sender name reads as your bank's security team. The subject line says something like: "URGENT: Suspicious Activity Detected — Action Required."
One click on the link, one login on the page it leads to, and a scammer has your business banking credentials.
Business accounts are targeted specifically because the balances are higher, the transactions are larger, and there's often more than one person with access. The fake login page is designed to harvest your username and password — sometimes even your multi-factor authentication codes if the attack is sophisticated enough.
How to spot it: The sender's email domain doesn't match your actual bank. Look carefully at the actual email address, not just the display name. The greeting is generic: "Dear Business Customer" rather than your actual name or business name. The message threatens account suspension within a specific short timeframe. The alert is unexpected.
How to prevent it: Implement one rule that stops this every time: never log into your banking by clicking a link in an email. Type the URL directly into your browser, or use a bookmark you have saved. This single habit eliminates the phishing risk entirely. Additionally, enable multi-factor authentication on every banking and financial account, and limit online banking access to as few staff members as necessary.
7. Workers' Compensation & Internal Payroll Fraud
Every scam we've covered so far has come from outside the business. This one doesn't — and that's what makes it the hardest to detect and, often, the most costly.
Internal payroll fraud and workers' compensation inflation can bleed a business slowly for months or years before anyone notices. Because the people behind it have legitimate access and have earned a degree of trust, the red flags are easy to overlook or explain away.
The most common forms include:
- Timesheet fraud — employees logging hours they're not actually working, often gradual and small
- Workers' compensation inflation — claims that don't align with the employee's role, duties, or the reported circumstances of an injury
- Ghost employees — individuals who appear on payroll but no longer work at the business, sometimes added by someone with payroll processing access
- Contractor misclassification — paying individuals as contractors to avoid payroll taxes when they should be classified as employees
How to spot it: Overtime patterns that don't match workload. Payroll costs that trend upward without corresponding increases in headcount or hours. Workers' comp claims from employees whose roles involve minimal physical risk. Employees on the payroll that managers don't recognize.
How to prevent it: Separate payroll processing from payroll approval — no single person should both add employees and authorize payments. Conduct periodic payroll audits where a manager reviews the full employee roster against active staff. Require supervisor sign-off on all overtime. Review workers' compensation claims against job descriptions and actual duties.
An independent bookkeeper reviewing your payroll regularly is one of the strongest safeguards against internal fraud — because they see the patterns that people inside the business are too close to notice.
The Bottom Line
None of these scams require sophisticated technology to prevent. What they require is awareness, process, and consistency.
At Salt & Sand Bookkeeping, we don't just manage your books — we help you build the financial controls that keep your business protected. If any of these scenarios made you pause, that's a good sign. It means you're already thinking about it.
Have questions about your books? Let's talk.
Schedule a Free Consultation