Being a small business owner means making a thousand decisions a day. You’re working with your clients, vendors, payment processors, lenders, staff, investors, inventory management, strategic planning, and a personal life. Decision fatigue can set in quickly and quietly.
Unfortunately, those hurried moments are increasingly subject to exploit by scammers, fraudsters, and others seeking unearned financial gain. Particularly with the advent of and mass access to generative AI, the tools and methods used have become increasingly complex.
Below are some common methods of attack that we have seen, along with some common practices that can help protect you and your business:
Vendor Impersonation/Email Compromised
When sending large payments for inventory or equipment, do not assume that your usual method of communication is still secure. Email accounts, in particular, have been compromised mid-conversation. The beginning may be legitimate, but messages can be redirected when it comes time to send or receive payment details.
If a vendor or client does not have a separate online portal, the best practice is to call and verify payment information before sending. Use a phone number that can be checked independently. Search via a third-party source, or check the business’s website or social media, etc.
“Rush” orders
Putting pressure on a buyer to complete or finalize a sale is a common sales tactic. It relies on shortcircuiting the logical part of your brain. It’s favored by scammers as it keeps you from scrutinizing details of transactions. Always give yourself (or your staff) the space you need to step back and analyze high-pressure situations/transactions to ensure the details match what they should.
Phishing
“Phishing” revolves around messages that appear to be from legitimate companies. The goal is to entice you to click a link, enter information, or install applications. This can compromise email accounts, financial accounts, and others. Always check the sender address before clicking links. Be wary of password resets you did not specifically request, and attachments hidden behind “secure mail”.
Vendor legitimacy
When engaging with a new vendor or third party, always verify details using information sources beyond what is provided. If you are provided an invoice with contact information, search for the email, address, or phone number and see if they are listed elsewhere. If business does not have a verifiable third party website, social media presence, or information that matches what you can find on your state’s Business License database, find out why. While there may be occasions where there are reasonable explanations, it is better to be assured that the company you want to purchase from actually exists in the form you thought it was.
If something feels off, trust that instinct. Pause and verify before taking action. If you’re in doubt, always reach out to Business Impact NW’s lending team or your loan officer directly to confirm before moving forward. If you believe you’ve encountered a scam, report it to the Federal Trade Commission at reportfraud.ftc.gov and notify your bank or payment provider immediately.
About the author
Christopher Stone
(Kris-tuh-fer Stohn)
Christopher, the Director of Portfolio Management and Loan Servicing, has been with Business Impact NW since 2014. He leads the Documentation and Servicing teams while helping clients navigate challenges throughout their loan journeys. His role involves active engagement with external funders and regulators to ensure a seamless experience, and he is dedicated to fostering a robust loan portfolio by anticipating client needs during times of growth and proactively addressing any hurdles that arise. With a background spanning education, startups, and nonprofit operations, Christopher brings a unique perspective that ranges from front-desk interactions to comprehensive portfolio management.