Avoiding online scams and fraud
Criminals can trick businesses into sending money or sharing sensitive information through increasingly sophisticated phishing attempts. Make sure you can recognise and avoid these common scams.
Keep up to date with cyber threats
The National Cyber Security Centre (NCSC) is the UK authority for cyber security and publishes information that can help you protect your business against cyber threats.
1 in 2 UK small businesses identify a cyber attack on the business, with around 1 in 4 experiencing a cyber crime according to the 2025 cyber security breaches survey.
Recognise scams targeting businesses
Criminals often target businesses through phishing attacks – deceptive email, messages, social media and phone calls.
To reduce risk:
- check unexpected requests carefully before responding
- question any message that is urging you to act quickly
- verify who you are dealing with using known and trusted contact methods
- make sure everyone in the business can identify suspicious activity and knows what to do if they spot something
Scammers are getting more sophisticated and phishing messages often look legitimate, catching more businesses out. Make sure anyone with access to your systems completes NCSC’s cyber training and knows what to look out for.
Verify payment requests before sending money
Payment fraud usually involves criminals impersonating a customer, supplier or even a colleague to convince you to redirect payments. This could be a message asking you to:
- change bank account details
- update payment methods
- follow a link to make a payment
- make unusual or urgent payments
Do
- Verify the request by phoning a trusted contact at the organisation requesting the payment. Get confirmation from the source that the request is legitimate.
- Verify the request by phoning a trusted contact at the organisation requesting the payment. Get confirmation from the source that the request is legitimate.
Do not
- Verify the request by replying to the email or message. The email address may have been cloned or hacked.
- Verify the request by replying to the email or message. The email address may have been cloned or hacked.
Establish processes to protect from chargeback fraud
Customers can dispute a card transaction with their card provider. New technology, including AI-generated images, can make fraudulent claims appear more convincing.
You need to act quickly to dispute a chargeback. To protect your business from fraudulent claims:
- keep clear records of orders and completed work
- describe products and services accurately
- document the condition of goods before you dispatch them
- use delivery methods that provide you with proof of delivery
- have clear processes for returns, refunds and disputes
Protect your business from impersonation scams
Criminals may:
- impersonate someone in your business to convince someone to disclose information or make a payment
- impersonate your business to mislead customers or suppliers
To minimise the risk, you can:
- verify unusual requests from colleagues and contacts
- make sure customers and suppliers can easily find your contact details and social media accounts
- check online platforms for fake accounts and listings
- report any impersonation you find
- register your brand name as a trade mark
Prepare for a cyber attack
A simple response plan can make it easier to protect your business, customers and systems if you end up victim to an online scam or a cyber attack.
A cyber response plan does not need to be a complex document. It can be a simple checklist of who to contact and how to respond to a cyber incident.
