Woman using credit card and laptop to pay bills

Protecting your business from scammers

Small businesses are a frequent target of scammers, who recognise that owners are busy and usually have limited resources to keep their systems safe.

Here are some common scams to watch out for:


Phishing is when scammers impersonate a government department or trusted business to obtain your personal, business or financial information. Phishing can lure you into providing those details, or prompt you to click on links or attachments that download software that steals this information, or even damages your device.

Look out for suspicious emails, SMS texts, instant messages and social media posts: 

  • With links claiming to have important updates about the latest COVID-19 safety measures or claiming to have information on the location of possible COVID-19 cases in your area. 
  • Pretending that you or your employees have been in a COVID affected area and asking for personal information. 
  • Offering to help you access a government ‘benefit’ or ‘subsidy’. 

False billing

Your business might be sent a suspicious invoice, letter or invitation to be listed in a bogus trade directory or to renew your website domain name. Or the scammer might phone you out of the blue to confirm details of an advertisement booking or insist you've ordered certain goods or services. These scams take advantage of the fact the person handling the administrative duties for the business may not know whether any advertising or promotional activities have actually been requested.

Supply scams

Supply scams use fake websites and social media pages to sell you products that you never receive. During COVID-19, these might be sites claiming to sell hand sanitisers, gloves or surgical masks.

Overpayment scam

If you are selling something online, as a business or through classifieds ads, you may be targeted by an overpayment scam. The scammer will contact you, make you an offer — often quite generous — then make payment through credit card or cheque for an amount that is greater than the agreed price. The scammer will contact you with an apology for the overpayment, offering a fake excuse and ask you to refund the excess through an online banking transfer, pre-loaded money card, or a wire transfer. You then discover that their cheque has bounced or the credit card had been a stolen or is fake.

Business email compromise

Scammers may pretend to be a supplier or employee (including by compromising their email account or using their company logo and branding) to request payment or change bank details. For example, they may pose as a supplier and use COVID-19 as an excuse to request that you send your usual account payments to a different bank account.

Tips for protecting your business and customers

  • Genuine emails about online government or businesses services will not include links to sign in pages, or ask for your personal information, account details, PIN or passwords. 
  • If you are unsure the email, call or SMS you have received is genuine, do not click on any links or open any attachments. Contact the organisation using contact details that you’ve found yourself (e.g. using a search engine like Google).
  • If you are unsure about a change to a supplier or employee’s bank account details, call them to confirm even if an explanation is provided by email. 
  • Never agree to any business proposal on the phone: always ask for an offer in writing.
  • Always check that goods or services were both ordered and delivered before paying an invoice, and always read the fine print carefully.
  • Make sure your business computers have up-to-date security software. 
  • Train your staff to be on the lookout for scams or anything unusual. 
  • Advise your customers that you will never contact them to ask for their customer login or payment card information. 
  • Monitor who is mentioning your business name online using a tool like Google Alerts. 
  • Create strong passwords for your business accounts and update passwords when there are staffing changes. 

Visit the Scamwatch website run by the Australian Securities and Investments Commission (ASIC) to find further information on how to protect your business and keep up to date on the latest scams. You can report scams to ReportCyber.

More information