Watch out for the Scams Targeted to Small Businesses in 2025
We have written about Google and Facebook scams that target small business owners in the past, but have noticed some new ones popping up in 2025, so we wanted to share some more information to keep you informed and aware of what to look out for as a small business owner in 2025.
Scams and Cybersecurity Statistics:
“Data released from the 2023 Internet Crime Report, the latest figures released by the FBI’s Internet Crime Complaint Center (IC3), reveals that the total number of small businesses’ cyberattack complaints within the U.S. alone reached 880,418 — a 10% increase compared to the previous year…The data also shows that estimated losses from reported attacks exceed $12.5 billion USD — up more than 22% YOY.”
“If the current rate of growth of cyber attacks continues, damages from such events will reach an estimated $13.82 trillion by 2028.”
“While 66% of organizations expect AI to have the most significant impact on cybersecurity in the year to come, only 37% report having processes in place to assess the security of AI tools before deployment.”
“87% of security professionals report that their organization has encountered an AI-driven cyber-attack in the last year…”
“It takes an average of 258 days for security teams to identify and contain a data breach, according to "Cost of a Data Breach Report 2024," released by IBM and Ponemon Institute.”
“Social media platforms are frequently attacked, accounting for 30.5% of all phishing attacks…”
Red Flags to Look For
There are a number of red flags that you, as a business owner, must be aware of and train your employees to watch for as well. Let’s take a look at some examples below:
Scam Calls
Below is a screenshot of the transcript of a voicemail a missed call left. Notice there is no mention of company name, service, or any specific info. They use a generic script on purpose to get you to call back. They are trying to capture your financial information and then possibly commit identity fraud. Watch out for a message or call from someone who doesn’t identify themselves, their company, or why they are calling with a sense of urgency. They are leaving it generic on purpose so you can fill in the details with the person you think it is – if you receive a call from your financial institution, call the number on the back of your card to verify if they are indeed calling you. Numbers can be spoofed, meaning they appear to be a verified call from a company, but they are actually from someone pretending to be calling from there.
Scammers have nefarious purposes for their calls, which is to commit financial fraud or identity theft. Scammers do not have an ethical code, and a lot of times, people fall for scams because they use their own standards and apply those to others, but that is not the case with scammers. For example, a person receives a call saying they are a financial institution, and they need to verify information. The person who received the call would not call somebody fraudulently, so they assume that other people would not either, and they believe the scammers’ story. Your perception is your reality, and others do not have that same reference point or ethical standards. Don’t fall for their gaslighting and manipulation. Scammers have no ethical or moral code. The scammer’s whole purpose is to take, not give them that power. When in doubt, hang up and call the company directly. Don’t call the number back from your phone list, because the number could be spoofed. Call the company directly to confirm. Some people do not have the same values as you. Please don’t forget that.
Google Business Scam Call
If you receive a call from 479-470-7734, 877-282-1485, or any other number, and it claims to be the business help center, stating that we are experiencing issues with your Google Business and Maps, it’s a scam! The scammer uses an AI-generated voice and says you need to call back before 4 pm today. Here is what to look for to know it’s a scam -
Generic info with a sense of urgency - the message says it’s Allen from the business center. He is being generic, so you will be scared or curious and call back. Don’t call Allen the scammer back.
A 479 area code called, but is asking for a call back to a 877 number. This is a sign that it’s a scammer using a spoofed phone number to appear as if a local number is calling.
“Must call back before 4 today” - using a sense of urgency, so you call back before thinking Google is not calling you about anything. Scammers love to make these calls feel time-sensitive to make you panic and call back before you can truly understand what’s going on.
Here is a voicemail example of the above scenario:
Scam Emails
Below is an example of a scam email. In the email, they don’t ask questions about what services are offered or anything of the sort. Instead, they state they will pay a significant amount via a wire transfer upfront before any services are provided. This is a scam!! The goal of this scam is to gain access to your financial information and compromise your accounts.
Facebook Messages about Violations, Community Standards, or Trademark Infringement
The examples below show messages received that state that a page either violates the terms of service, has a copyright infringement, or lacks verification. Facebook, Meta, or any other online platform will NOT send you messages regarding anything like this. These, if official, will show up as notifications, not messages.
Facebook Message (and Ads) about Investments
Scammers will use enticing messages about stocks, crypto exchange solicitations, and investments to try to gain access to your information. Most of the messages, like the one in the example below, will have links they want you to click on. These links more often than not contain malware that, once clicked on, will be installed onto your system and be used to gain information like your login credentials and personal information that they will then use for fraudulent activity.
Scammers who use this from of fraud will try to get business owners to invest by using a message telling them that this investment is backed by so and so (typically uses a celebrity, rich person, bank, military title, or anything else they think will fool you into thinking it’s creditable) and it has 80% returns for your business (or any absurd amount that is above stock market trends over any 20 year period).
If it sounds too good to be true - it is - think back to 2008 and Bernie Madoff. Be careful about the links you click on - they can contain viruses or much more sophisticated malware that embeds into your log files and is invisible to the human eye - unless you know where to look. Malware will capture your logins and every stroke on your keyboard. Then the scammer will use that info to commit fraud.
Marketing Agency Sends Email Using Gmail Instead of a Company Domain
Ever wonder why some marketing companies email you from a Gmail address and not a company email? It is because they send so many emails, and they are flagged as spam, so they use Gmail, so it doesn’t hurt their company domain.
Please be careful when you receive these types of emails. Any reputable company will not send from a Gmail address – they will use their company domain email. Marketing solicitations often come from a free Gmail or Yahoo address, rather than a domain or company email, such as sue@gmail.com, compared to sue@companyname.com. If your email address is flagged as spam too often (due to sending unsolicited emails), it will impact delivery. Therefore, you will see solicitations come from a free email address, since if it is flagged, it can be abandoned, and a new free email will be used instead.
SEO Blackhat Tactics by Shady Marketers
We have a client who received a very convincing sales call. The SEO vendor promised immediate SEO results by paying for reviews, entity stacking, and other black-hat SEO techniques. We knew immediately it was shady, but they use fancy words and tools to show opportunities and how they can get short-term SEO results.
Most small business owners don’t know that they are using shady tactics, and to get them to think the pitch sounds great, SEO is a long-term strategy – there is no short-term gratification. Black hat tactics may yield short-term results, but in the long term, they can lead to your site being blacklisted or removed from search results. Our founder, Mollie, has been involved in or around the SEO world since the early 2000s and has witnessed its evolution. Back in the day, the big black hat SEO thing was hiding text in the background of pages instead of actually building a solid site. Apparently, they have new techniques. We recognize that small businesses may not be aware of this practice, so we wanted to share some key indicators to watch for.
Short-term results – SEO is a long-term strategy; however, there are acquisition tactics that can be used for short-term results. Marketing buckets work together – an overall strategy should include a combo of tactics that feed into the sales funnel at different contact points.
Buying Reviews – This is against Google's Terms of Service; businesses should not incentivize reviews or pay for them.
Entity Stacking – not meaning a business that has multiple branches and has locations for each – here, we are referencing when fake links and/or locations are created for backlinking.
Formal Letter Renewing Domain Registration
If you receive a formal-looking notice from a domain provider who is NOT your current domain provider, it could be a trick to get you to transfer domain registration to the company sending the letter. We had a client who received a letter from a random domain provider and checked with us since it wasn’t the one they had paid the previous year. The letter appeared legitimate and stated that the domain cost $300 annually. Keep in mind that the client is currently paying $20 for that same domain!
Not all Marketers are Friends of Your Small Business
There are, sadly, a large number of marketers who disguise their shady practices as genuine care for small businesses, and prey on them to make themselves richer while damaging the reputation and foothold of the businesses they make their victims. These shady marketers make things look formal or use fancy words to confuse people and trick people into buying their services.
If someone has to trick you to sell their service, omit information to make it seem better than it is, or twist someone’s arm into buying, they don’t have a good service! Please keep that in mind when you receive marketing solicitations for services for your small business. If a message or call scares or threatens you, think twice before responding or clicking on a link.
Someone or some fake marketer may try to trick you into giving up information, money, and access to your accounts. Being aware and vigilant of these threats is the only way to keep you, your business, and your employees safe. In today’s age, make sure to look our for these these red flags:
A sense of urgency in the messages (respond before a certain time or else something bad will happen) that is designed to make you panic and not give you time to think or ask questions.
Vague and unidentifiable information is being provided to you.
Out-of-pattern messages being sent by “verified” accounts and platforms requesting personal information, or sending you links to fix issues they mention.
If it sounds too good to be true, it most likely is.
Gmail emails instead of company domain emails.
Calls from one number, but requests to call back a different number.
