Skip to main content
Fulton Bank
Fulton Bank

Protect Your Small Business From Common Payment Scams

Common Payment Scams Small Businesses Should Look Out For

No matter how smart, informed, or prepared you are as a business owner, you can still fall victim to payment scams.

Payment scams, also known as payment fraud, target businesses in an effort to swindle them out of money, products, or sensitive information. They can occur when a thief gains access to payment information about a business, such as an employer identification number (EIN), social security number, bank account number, or email password, through a data breach or human error.

Although major corporations can often absorb loss without much of an impact on their operations, small businesses aren't generally as flush with cash. Not all can survive a scam.

The solution is to prevent it from ever happening. That begins with awareness. Understanding how scammers may try to make contact and the kinds of information they can use to their advantage is key to stopping access to your money.

Here are six of the most common payment scams.

Business email compromise

Also called ACH or wire transfer fraud, this type of payment scam has cost businesses more money than any other type of scam in the U.S., according to the Federal Bureau of Investigation (FBI). It involves an email from a known person or entity requesting information that will ultimately give them access to your business bank account.

Unfortunately, the email sender has likely spoofed the email address, making it look like it's from your colleague or supplier when the scammer has merely renamed their account. Then, they email people with access to business bank accounts.

Lawyers in Delaware have recently fallen victim to this scam. Several firms have been hit by online thieves claiming to be mortgage lenders trying to make deposits into the seller's escrow account. In some cases, they had part of the account details correct, so the secretary or paralegal who received the email tried to be helpful by correcting the erroneous numbers. Once in possession of the correct bank account numbers, the scammers could then withdraw hundreds of thousands of dollars in one fell swoop.

Fake invoices

Because businesses routinely buy products and services, such as website hosting, software subscriptions, and computer consulting, scammers often pose as purveyors of these offerings. They'll email invoices for what look like plausible purchases, such as renewal of computer virus protection. Unless you're on alert, you might go ahead and pay the bill, thinking that the request is legit.

To avoid paying for services you haven't received, look first at the sender's email address. Is it or sarah@KL1z00y4f&.net? That's your first clue.

The typeface is another. If the “invoice" looks more like a ransom note, it's likely phony.

And if you're not sure, Google the company's customer service hotline and call to inquire about the payment demand you received.

Unordered merchandise

A similar scam starts with you receiving merchandise you didn't order. Soon after, you may receive a bill for said purchase.

Sometimes, the shipment is preceded by a call from “your office supply company" or a similar vendor phoning to confirm a refill of your toner or copier paper. They may ask you to verify your address and then use evidence of that conversation later as proof that you placed an order.

Legally, you can keep any products you didn't order. However, to prevent getting involved in such disputes, you may want to forward all inquiries about product subscriptions and reorders to one person, who can confirm whether an order was actually placed or not.

Grant or award applications

At the heart of all of these payment scams is access to information. Scammers create opportunities where small business owners may be more likely to supply personal information and banking details, such as with grant and award applications.

These are generally considered phishing scams because the thief is fishing for your personal data—meaning, an effort to gather personal information to be used for fraudulent activity.

A recent example of this involved the announcement of fake U.S. Small Business Administration (SBA) grants for individuals and businesses. Emails went out inviting small businesses to apply for consideration, featuring language that had apparently been scraped from the actual SBA website but that led the applicant to click on a link that would provide sensitive information to the recipient. The sender's email looked legitimate enough, but the whole ploy was a phishing attempt.

Friendly fraud

Incidents of this type are occurring with more regularity as consumers rely more heavily on online shopping. Friendly fraud occurs when a customer makes a purchase using their credit card and then disputes it as soon as their order is received. That sparks a chargeback to the small business owner, who is then out the money for the product they sold.

According to research by LexisNexis Risk Solutions, every $1 in fraud costs companies an average of $3.99, which is why payment scams can be devastating for small businesses.

There are few remedies other than demanding the product be returned or providing proof that the order was correct.


This scam comes wrapped in all sorts of creative scenarios, such as a contract for writing work or computer support. Once you agree to do the work, the fraudster sends you a check for more than you are owed or have billed. You communicate the error, and they tell you to deposit it and then just “send them the difference."

What happens next is that the check you received bounces, and if you've already sent them the overpayment, you are out that money.

The best prevention is not depositing checks that are for an incorrect amount.

Payment scams are becoming more prevalent in the small business community. To avoid becoming a victim, stay on top of scam trends and become familiar with the different ploys fraudsters use so that you can avoid being taken advantage of.

Did you find this article helpful?