You’ve worked hard to build your business. Don’t let scammers set you back.
Scammers are getting smarter. They use AI, time pressure, and scare tactics to trick business owners into giving away money and sensitive information. Fortunately, you can stay one step ahead of them with a few smart strategies.
Here are the top scams targeting Maryland small businesses, how to spot them, and how to shut them down.
Be careful where you click
Scammers are sneaky with web and email addresses. They’ll mimic real websites and emails with tiny changes that are easy to miss if you’re skimming. Before you click a link or reply to an email, take a second to look closely at the domain (that’s the part of the URL between the slashes).
For example, the real SECU business checking page is https://www.secumd.org/business/business-banking/business-checking/. Here, “secu.org” is the official domain.
A scammer might tweak it just enough to fool you:
- https://www.secumd-org.ie/business/business-banking/business-checking/
- https://www.secumd.com/business/business-banking/business-checking/
It looks close—but it’s not the real thing.
They may also use shortened or jumbled links to hide where the URL leads. Be cautious with links that include symbols, are composed of all numbers, or don’t clearly show a legitimate domain name.
You can always hover over a link to see what the full URL is. If you have any concerns, search for “SECU” plus the name of the page you want to use. Match the search results with that you see to make sure it’s legitimate.
Popular types of scams against Maryland business owners
Fake invoices and phony orders
You’ll get a bogus bill for goods or services your business never ordered or received. It may arrive in a realistic-looking email, but some bold scammers will even call you to “verify” or “confirm” the fake recent or upcoming order.
Business email compromise (BEC) and phishing scams
These emails look like they’re coming from a real vendor you use or an executive you work with. At first glance, the message may seem real, especially because scammers use AI to mimic writing styles and tones. The tip-off is when senders are asking you to transfer money or share sensitive information.
Tech support and ransomware threats
If you get an unexpected call or pop-up on your device that claims your system is infected, it’s likely a scam. Usually, they urge you to download something that will “immediately solve” the emergency.
Government impersonation scams
These calls, emails, texts, or letters claim to be from the IRS, Maryland Department of Assessments and Taxation, or other agencies. They’re written with legal language, claim you owe penalties, and demand you act right away.
Directory listings and business opportunity scams
This scam hides behind a tempting offer to list your business in a directory with a promise of a big return. Scammers make you believe you’re being given a once-in-a-lifetime opportunity and try to rush you into agreeing.
How to protect your business from scammers
Pause before you act
Scammers thrive on urgency. Legitimate organizations won’t threaten you or demand immediate action through emails, texts, or calls.
Confirm numbers, emails, and addresses
Always double-check the sender’s email or phone number. Hover over links and email addresses and scrutinize the domain names. If you’re unsure, check your records and look up the organization’s contact info independently before reaching out to them.
Train your team
- Employees are your first line of defense. Regularly remind your staff of best practices.
- Never click links in suspicious emails or pop-ups.
- Don’t download unexpected attachments.
- Ask questions if something feels off, no matter how small.
- Run quarterly “scam drills” to keep your team alert and confident.
- Report any scams you run into.
Establish proactive defenses
- Set up strong cybersecurity practices.
- Add an extra layer of security by turning on multi-factor authentication (MFA) for all accounts.
- Keep your software and systems up to date to avoid vulnerabilities.
- Schedule regular data backups (and store them securely offsite or in the cloud) to protect against ransomware and accidental loss.
Implement an invoice verification process
- Business email compromise (BEC) scams often involve fake invoices or requests for wire transfers. A clear process side-steps this threat.
- Designate one trusted team member to review and approve all payments.
- Verify changes in vendor payment details, especially if they request a switch in account information.
- Encourage staff to flag unusual bills or requests.
- Empower your team to speak up. A simple question like, “Have we worked with this vendor before?” or, “Why is this invoice double the usual amount?” can stop fraud in its tracks.
Let’s protect your business and finances
Scammers target small businesses, but you can fight back with awareness and smart habits. We’re here to help you keep your money safe and protected. Visit our fraud protection center for more insights on the types of scams listed in this post. We also have forms for you to report fraud and get your business and life back on track.
