Cyber attacks and scams are becoming more common as lots of business functions move online. Phishing, fake invoices, and remote access scams are becoming more prevalent.
According to Global Anti-Scam Alliance’s data, £11.4 billion was lost to scams in the last 12 months in the UK. Which is £4 billion more than the year before.
And many scams specifically target businesses. Whether fraudsters are pretending to be HMRC, your internet provider, or your bank – cyber scams are becoming more sophisticated. Find out how to spot them.
Four scams business owners need to know about
1. Phishing and spoofing
Phishing is a type of cyber attack where scammers try to trick you into giving them your personal information (like passwords or bank details). The scammers pretend to be a company or person and typically contact you by email.
Spoofing is how the fraudsters disguise their attempts to access your personal information. Scammers can create fake email addresses, website URLs, caller IDs, and even IP addresses.
Phishing scams rely on you not questioning the authenticity of the contact and sharing the information willingingly. And you’ll be unaware you’ve been tricked until something goes wrong.
These scams can take many forms too. Sometimes scammers learn the details of an email in your business and pretend to be a senior figure in the company. This is called a business email compromise (BEC).
This is why it’s important to keep your employees informed on the techniques scammers are using.
HMRC scams to look out for
Probably the most common scam used to target businesses is when someone pretends to be an official body, like a bank or HMRC.
It’s become common for phishing scammers to pretend to be HMRC. They do this by email or phone and they’ll typically ask for personal and financial information.
It’s important to remember that HMRC will never ask for these details over the phone or by email. Our guide to understanding whether or not contact from HMRC is genuine goes into more detail in how to spot a scam.
And HMRC has examples of phishing scams that can give you an idea of what to look out for.

2. Invoice and billing scams
Scammers can produce fake invoices to make you pay for something you never bought. The fake contact can be very convincing, sometimes replicating the branding of real suppliers or impersonating real employees from the suppliers.
And there’s also instances of businesses being sent products they didn’t order and being sent an inflated invoice. The aim of this is to trick the business owner into paying the higher fee without noticing.
It’s important for business owners to pay close attention to invoices, even if they’re from regular suppliers.
Number of PayPal scams increasing
Invoice and billing scams are becoming more frequent via Paypal. Cyber attacks on PayPal users have increased by 600 per cent so far this year, according to MacAfee Labs.
And the scams are sophisticated. They can come in the form of an email, phone call, or tax message but they’re usually trying to access your account information.
Our guide to PayPal scams goes into more detail around how you can protect business.
3. Remote access scams
A remote access scam is when you unknowingly give a scammer access to your computer and they steal your personal information. This usually happens when you need some technical support and a scammer impersonates someone that can help.
For this scam to work, they need to gain remote access to your computer, which means they can find any information that’s stored on your network. This includes any passwords or financial information you’ve saved.
There are also examples of scammers pretending to be your internet provider. They’ll typically say they need to download a new piece of software or update something – then ask for remote access to install it.
Requesting remote access to your computer is quite common in tech support, so it’s easy to be tricked. Always act cautiously if someone is requesting remote access to your computer.
4. Unnecessary service scam
Being sold an unnecessary product or service is a less obvious scam – but it uses lots of the same techniques as the other scams on this list. Fraudsters impersonate an official orginisation, like a bank or HMRC, and trick you into buying a service you don’t need.
They might claim a new law requires a mandatory registration and fee, or that your business is “non-compliant” and you need their help to avoid penalties.
The scam is that they’re charging you for something you don’t need. And sometimes the fees can cost thousands of pounds. And most of the time, the product or service isn’t real.
Always be skeptical when an official organisation contacts you requesting immediate payment for something. Never pay without going directly to the organisation yourself to verify the claim.
Five tips to avoid being scammed
The Take Five initiative, led by UK Finance, encourages individuals to pause and consider before responding to financial requests. And they encourage everyone to follow these five key rules:
- Listen to your instincts if something feels suspicious
- Stay in control and avoid panicked decisions
- Never disclose security details like your PIN or full banking password
- Don’t assume the authenticity of emails, texts, or phone calls
- Don’t be rushed by urgent demands, as genuine organisations allow time
Ready to set up your cover?
As one of the UK’s biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?