Business Scams Grow in 2025 as Scammers Stay One Step Ahead

February 6, 2025 by Gordon Advisors

New Tech, AI and Business Practices Drive Scam Opportunities

Prepare for Most Common Threats

The Global Anti-Scam Alliance (GASA) reports that over $1.03 trillion was lost to scammers in 2024, with current predictions indicating cyber threats will continue to grow significantly in 2025. Businesses now face a crossroads where perseverance and heightened security measures are necessary to combat rapidly evolving threats.

A growing risk – Social Engineering is the art of manipulation by cybercriminals to exploit human trust to obtain confidential information. Scammers continue to innovate ways to fool businesses using new technology like AI to pose as legitimate entities and extract money or information. Cybercriminals seek to deceive employees with access to sensitive and private data, often impersonating authority figures, assistants and new employees to exploit human error. The risk is exacerbated by the increasing digitization of business operations, including hybrid and remote employees, which increases the touch points for a scam.

A cyber threat immediately puts a business’s financial health at risk, be it the monetary impact of loss of funds and recovery costs, the reputational impact of damaging trust among customers and employees, or the disruptive impact on business operations for days and weeks after an attack. To put it bluntly, cyber fraud is an existential threat to a company’s survival.

The variety of scams that can be perpetrated on business is almost endless. However, there are those scams that keep surfacing and spreading. Whether running a business large or small, here’s where the threat continues to grow:

1. Business Email Compromise (BEC) is one of the fastest-growing, most prevalent, and most costly scams out there. Email spoofing attacks impersonate executives, vendors, or employees to trick businesses into transferring money or sharing sensitive information. The scammer’s ease of execution and businesses’ poor email security practices make this threat popular.
2. Ransomware: Ransomware attacks increased by 13 percent over 2023. Criminals encrypt your data and only restore access to it upon ransom payment, increasingly targeting small and medium-sized businesses. The top targets are manufacturing, health care, and technology. In 2024, ransomware payments and demands reached unprecedented levels. In the first half of 2024, the average extortion demand per ransomware attack is approximately $1.8 million.
3. Fake Invoices and Vendor Scams: Fraudulent invoices are sent to accounts payable departments for goods or services the business has not ordered. The amount is low enough to hope the accounts payable team will process the payment without verifying. Poor English and suspicious links can often identify scams.
4. Phishing: Most are familiar with this widespread but deceptive scam. Emails or text messages that look legitimate are sent to employees with links or attachments that install malware or steal credentials. Phishing is often characterized by a sense of urgency or a personal approach to the recipient.
5. Payroll Scams: Businesses should be alert to unauthorized changes to employee direct deposit information designed to divert paychecks.
6. Executive Fraud: Employees often feel a sense of urgency when an executive requests action, so an attacker will pretend to be the CEO or another executive to pressure the targeted employee into acting quickly.
7. Data Breaches: Cybercriminals gain access to critical corporate data, including intellectual property, trade secrets, financial records, and customer information, by tricking employees into providing login credentials or sensitive data.

Businesses should be on alert to the many scams that will impact their business, which can also include:

1. Overpayment Scams where the overpaid amount is asked to be refunded
2. Vendor Impersonation
3. Utility and IT Scams that may threaten a business with loss of service
4. Intellectual Property Scams, whereas the scammer requests renewal for web domains, trade names and patents
5. Fake Charities

Tax Scams

Almost in a category unto itself is the prevalence of tax scams that target businesses, employees and individuals. These include:

1. W-2 scams
2. Employee Identification Number scams
3. “The IRS is calling…” scams
4. Excessive claims for business credits
5. Fraudulent filings

The IRS is often at the center of fighting tax scams and annually compiles its Dirty Dozen list of common scams that taxpayers may encounter. Many of these schemes peak during tax season as businesses and individuals prepare their returns.

Further addressing the problem, in 2024, a coalition representing the IRS, state tax agencies and members of the nation’s tax industry formed CASST, the Coalition Against Scam and Scheme Threats, to combat the growth of scams and schemes threatening taxpayers and tax systems. Information on CASST and the most recent IRS CASST announcement can be found at: irs.gov/newsroom/irsannounce-2025-filing-season-changes-aimed-at-preventing-spread-of-scams-schemes

How Businesses Can Protect Themselves

1. Train and Educate Your Staff: Educate employees about common scams, how to spot fake or phishing emails, how to not share security credentials, how to implement cybersecurity best practices, and how to verify suspect emails through another channel.
2. Implement Robust Cybersecurity: Install firewalls and antivirus software, have a firm password policy and multi-factor authentication, and encrypt devices and data. Use specific apps for data sharing. Make sure your software is up to date.
3. Verify Vendors and Transactions: Establish procedures for verifying vendors and deliveries before paying invoices. Have a straightforward method for invoice approval and maintain an approved vendor list.
4. Develop Incident Response Plans: Prepare for potential scams with a clear plan for identifying, reporting and mitigating threats.
5. Perform Regular Audits: Conduct security audits to identify vulnerabilities in systems and processes.

At the most basic level, always look at the sender’s email address. If the message, for example, claims to be from your bank, but the sender’s address is different – a warning should go off. Equally important is not to open links or attachments you are not expecting.

By staying informed and proactive, businesses can better navigate the growing prevalence of scams and protect their operations, finances and reputations.

At Gordon Advisors, we work with businesses to strengthen their internal controls as well as educating clients on common tax-related scams.

For additional insight or support, contact Gordon Advisors at gordoncpa.com