Protect Your Business: Recognizing and Preventing Online Fraud

The cost of doing business, as a small business, seems to only get more complicated every year — particularly as online scams and fraud become more sophisticated. 

In its 2022 “Report to the Nations,” the Association of Certified Fraud Examiners estimated that the average business loses 5% of its annual revenue to fraud. For many companies, that’s equivalent to an entire marketing budget.  

Small businesses are often more vulnerable than larger organizations, too, according to ACFE data, likely because larger organizations have more fraud prevention measures in place.  

Barracuda, a cloud security company, found that companies with 100 or fewer employees get hit with 350% more social media scams than larger companies. One 2021 study estimated that from 2018 to 2023, small and medium-sized businesses would lose a combined $130 billion from online fraud alone. 

That’s a big hit for small businesses, and certainly cause for concern. So, what can you do to protect your company and your bottom line if you’re a small business owner? 

Awareness and preparedness are a good start.  

Looking at On-the-Rise Online Fraud

Old, familiar phishing — scammers tricking people to click links and share sensitive information — remains the biggest, most successful online fraud tactic used against both consumers and businesses. The FBI estimates that Americans lost $53 million to phishing in 2022, and in the six months leading up to October 2022, the rate of phishing attacks spiked 61% 

Charity scams still prey on small business owners’ generosity. Pay-for-play “vanity awards” continue to prey on businesses’ need for visibility. Fake invoice scams keep taking advantage of overworked owners and employees. But more targeted online tactics like these keep growing in frequency too: 

“Spear Phishing” 

This is a targeted phishing scheme that often pinpoints new recruits or employees who don’t have regular access to company leadership. Scammers pose as a CEO, owner, or other company leader and request a payment (frequently through a funds transfer or gift cards) or sensitive account information. Believing a supervisor made the request, employees may submit the funds or information immediately.  

Social Media Ransom Attacks 

Many small businesses use social media channels as a key part of their marketing efforts, and sophisticated scammers target that need. Some will tag your account claiming that you’ve been flagged for improper conduct and need to act before it’s disabled. Others make threats via direct message. The goal: getting access to your account and demanding ransom for its return. 


Just like standard phishing, this is an attempt to get you to share sensitive information, like passwords and account numbers. The scam, in this case, is delivered via SMS or text message. Texts may claim to be from your bank or a P2P app your business uses, claiming potential fraud and urging you to click a link.  

“Market Segmentation” Scams  

Marketers use market segmentation to focus their targeting on the right would-be customers. Scammers use similar methods to focus on vulnerable targets. They may research where your business banks or tech companies you do business with, then contact you posing as one of those partners, claiming your account or computer has been compromised. 

BEC (“Business Email Compromise”) 

According to the FBI, this is one of the most financially damaging online crimes perpetrated on both businesses and consumers. Spear phishing is usually the entry point, via spoof accounts that are variations on familiar ones. Victims can be fooled into wiring funds to accounts they believe are legitimate or into giving scammers access to company accounts, calendars, and other important data.   

How to Protect Yourself and Your Business 

Educate your staff. 

Keeping your team aware and on guard goes a long way. “Well-trained employees are a key defense,” says the Better Business Bureau, which offers a thorough rundown of how to train employees to recognize scams. 

Practice good “cyber hygiene.” 

Setting a strong password policy, requiring multi-factor authentication, initiating regular data backups — those are all part of maintaining good cyber hygiene practices for your business and doing what you can to minimize risk. If you’re not sure where to start, the Small Business Association lists out best practices for strengthening your cybersecurity. 

An Important Reminder

As a community bank, we’re invested in the personal and professional well-being of our Clients, and since scammers often pose as financial institutions, we wanted to put this reminder in bold: 

Merchants & Marine Bank will never contact you to request your confidential information. 

A good rule to follow if you’re contacted by someone asking for sensitive information: End that communication and contact the company directly. You can find Merchants & Marine Bank’s customer service and 24-hour access numbers on our website 

If you ever have questions or concerns, please don’t hesitate to reach out. We’re here and happy to help.