.png)
Online fraud and scams are becoming increasingly sophisticated, targeting both individuals and businesses of all sizes. Small and medium-sized enterprises (SMEs), limited companies, contractors, and those operating in the Construction Industry Scheme (CIS) are particularly vulnerable because criminals know smaller organisations often have fewer internal controls and less dedicated cybersecurity support.
In recent years, fraudsters have moved far beyond poorly written emails asking for bank details. Today’s scams use convincing branding, social media adverts, fake celebrity endorsements, and even artificial intelligence to make their schemes appear legitimate.
Understanding how these scams work is one of the best ways to protect yourself, your business, and your finances.
Criminals often view SMEs and contractors as “low resistance” targets. A single successful scam can result in thousands of pounds being transferred before anyone realises something is wrong.
Common reasons businesses are targeted include:
For contractors and CIS businesses that frequently pay subcontractors, scammers may attempt to impersonate a supplier and request that bank details are changed.
Phishing emails attempt to trick you into clicking malicious links or revealing sensitive information. They often appear to come from trusted organisations such as banks, HMRC, suppliers, or even colleagues.
Typical warning signs include:
For example, a contractor might receive an email appearing to be from HMRC claiming that a tax refund is waiting to be claimed. The link leads to a fake website designed to capture login and banking details.
This is one of the most common frauds affecting businesses.
A fraudster impersonates a legitimate supplier or subcontractor and sends an email requesting that payment details be updated. The message often includes an urgent invoice and asks for payment to be sent immediately.
If the change is accepted without verification, the payment goes directly to the criminal.
Real-world example:
A small construction company receives an email from what appears to be a regular subcontractor saying their bank details have changed. The email address looks correct at first glance but contains a subtle difference. The business pays a £12,000 invoice to the new account before the scam is discovered.
Cryptocurrency scams have increased dramatically in recent years.
These schemes typically promise extremely high returns with minimal risk. They are often promoted through:
A common tactic is to show fake “earnings dashboards” encouraging victims to invest more money. Withdrawals are usually blocked once significant amounts have been deposited.
Another common variation involves fake celebrity endorsements. Fraudsters create adverts or articles claiming that well-known figures have made fortunes through a particular investment platform or trading scheme. These adverts may claim that a celebrity appeared on television or invested in a secret financial system that generates daily profits. In reality, the celebrity has no connection with the product at all.
These scams are particularly convincing because the websites are designed to look like legitimate news outlets.
If an opportunity promises guaranteed returns, it is almost always a scam.
Typical claims include:
Fraudsters rely on urgency and excitement to prevent victims from carrying out proper checks.
Never change a supplier’s bank details based solely on an email request. Always confirm payment changes by calling the supplier using a known phone number, not the one provided in the email. This simple step prevents many invoice fraud attacks.
Enable multi-factor authentication (MFA) wherever possible, especially for:
MFA adds an extra layer of protection even if passwords are compromised.
Fraud prevention should be part of staff training, particularly for employees responsible for:
Simple awareness training can significantly reduce risk.
Many scams originate through social media advertising. Be cautious of investment opportunities promoted through popular social media channels.
Email compromise is responsible for a large proportion of business fraud.
Businesses should consider:
Regularly reviewing bank transactions and payment records helps detect fraud quickly.
Early detection greatly increases the chance of recovering stolen funds.
If you believe you or your business has been targeted:
The quicker action is taken, the greater the chance of stopping or recovering fraudulent payments.
Online fraud is constantly evolving, and criminals are becoming increasingly sophisticated in how they target individuals and businesses. While no system can eliminate risk entirely, a combination of awareness, good internal processes, and simple verification steps can prevent the vast majority of scams.
For SMEs, contractors, and CIS businesses in particular, protecting financial information and payment processes should be a key part of running a secure and resilient business. Staying informed and vigilant is the most effective defence against online fraud.
Sign up to Clever Accounts and get fixed fee hassle-free accounting
.jpg)
