Protect Your Company From These Scams

Man looking at his phone while at work

Scams targeting businesses are becoming harder to spot every day and it’s resulting in staggering losses. According to Transunion’s latest Top Fraud Trends Report, U.S. businesses lost on average 9.8% of revenue due to fraud in 2025, which is a 46% increase from just a year before. 

Some of the most effective scams owe their success to blending in with everyday work. Here are some of the most common scams that you should look out for: 

  • Business Email Compromise: Fraudsters impersonate executives, vendors, bankers, employees or others to request payments, credential updates, or confidential information.
  • Vendor Payment Change Scams: Scammers send new ACH or wire instructions that appear to come from a known vendor, often using copied invoice formats or familiar email threads.
  • Fake Invoice and Renewal Scams: Businesses receive realistic invoices for software, ads, domains, shipping, office supplies, or services that were never ordered.
  • Payroll and HR Scams: Scammers impersonate employees to change direct deposit information, update tax forms, or obtain employee data.
  • QR Code, Login, and Tech Support Scams: Fake links, QR codes, account alerts, and support messages lead employees to fraudulent login pages or pressure them to “secure” an account. 

Why do these scams work? 

Scammers use urgency, exploit trust, and blend into routine work by impersonating trusted parties and disguising requests as everyday business matters like invoices, payment changes, payroll updates, purchase orders, shipping notices, or renewals. 

No matter what type of scam it is, it likely includes one or more of these red flags: 
  • Urgency
    • Scammers try to make you rush with messages like “today only,” “past due,” or “send before close of business.”
  • Secrecy
    • Scammers ask you to keep things secret or confidential.
  • Bypassing Usual Procedures
    • Scammers encourage you to go outside normal procedures. 

Any request that includes these elements should be looked at with skepticism. 

Here are some ways to combat potentially fraudulent requests: 
  • Verify changes via phone or in person. Call using a phone number already on file—not the number in the email, invoice, or text.
  • Require dual control. Use two-person approval for wires, ACH, new vendors, account changes, and payroll direct deposit updates.
  • Slow down urgent requests. Take time to verify and follow procedure.
  • Protect access to your systems. Use strong passwords, multi-factor authentication, and permissions based on job responsibilities.
  • Review account activity daily. Monitor ACH, wire, remote deposit, card, and online banking activity for anything unusual. 
If you suspect fraud, act immediately. 
  • Stop all communication and transactions with the suspicious party.
  • Notify your local branch using a verified phone number.
  • Alert your company’s appropriate internal teams.
    • Preserve evidence and follow your internal reporting procedures.
  • Secure your devices and accounts.
    • Change compromised credentials. 

Fraud is ever evolving and the best thing businesses can do is prepare for it. At Pinnacle Bank, we encourage all businesses to develop strong internal controls and stay informed. 

Our Treasury Management team is here to help your business review payment risks, strengthen your controls, and respond to any potential scams you encounter. Check out our other fraud articles in our Resource Center.