How do scammers target small-business owners?
Small-business owners are targeted with fake invoices, directory and advertising scams, fraudulent government-compliance notices, and supplier fraud because they receive high volumes of financial requests and may lack dedicated fraud-detection staff.
Last reviewed: 10 June 2026
Explanation
Running a small business means processing invoices, paying vendors, managing listings, and dealing with government paperwork — all areas scammers mimic convincingly. The fake-invoice scam sends a professional-looking bill for services like directory listings, domain renewals, or office supplies that were never ordered. Staff who process payments without checking may pay them automatically.
Government-compliance impersonation is particularly effective against small businesses. Scammers send official-looking mailings about mandatory OSHA poster updates, corporate annual-report filings, or new tax-form requirements, charging fees for documents that are free or services the business never needs. During COVID, fraudsters sent fake SBA loan and grant notices to harvest account numbers.
Business email compromise (BEC) targets businesses of every size. Scammers spoof or hack a supplier's or executive's email and redirect a pending invoice payment to a fraudster-controlled account. By the time the real vendor follows up about non-payment, the money is gone.
Public business registrations, websites, and social media profiles give scammers a detailed picture of a company's vendors, staff, and financial activity. Establishing a call-back verification procedure for any new payment instructions or bank-account change requests is one of the most cost-effective fraud controls a small business can implement.
Common red flags
- Invoice arrives for services or supplies with no matching purchase order
- Official-looking mailing demands payment for mandatory government compliance documents
- Email from a known supplier requests you change bank account details for future payments
- Directory listing or advertising rep pressures immediate renewal payment over the phone
- Grant or loan approval notice asks for account information to 'deposit funds'
- New vendor insists on wire transfer only for the first order
What to do now
- Implement a purchase-order matching policy: no payment without a corresponding internal PO
- Verify any bank-account or payment-instruction change by calling the vendor on their known number
- Search government agency websites directly to verify any compliance requirement before paying
- Train accounts-payable staff to flag unfamiliar vendors and urgent payment requests
- Report fake invoices to the FTC and your state attorney general
- Use multi-factor authentication on all business email accounts to prevent BEC
Frequently asked questions
What is business email compromise (BEC)?
BEC is a scam in which fraudsters impersonate a company executive or trusted vendor via a spoofed or hacked email account and instruct an employee to wire funds or change payment details. It causes billions of dollars in business losses annually and is one of the FBI's highest-priority cyber threats.
Are fake government compliance mailings illegal?
Yes. Sending misleading communications that mimic government agencies is fraud and in many cases violates the U.S. Postal Inspection Service's regulations on deceptive mailings. Report them to the USPS Postal Inspection Service and the FTC.