Skip to main content
Smallbusinessfraud hero
• May 1, 2023

With so much of life and work happening on the Internet, it’s crucial to stay vigilant about online safety. Small business fraud is a very real threat. According to a Florida Atlantic University study, in 2018 small businesses worldwide experienced an average loss to fraud of $200,000 while larger businesses averaged $104,000.

Why the disparity? Smaller businesses are more likely to have fewer fraud prevention restrictions, controls, and processes in place.

“That’s why it’s so important to discuss it with everyone in an office, shop, or wherever your small business operates,” says Charles McClafferty, Senior Manager of Fraud Risk Management at TD Bank.

“Every employee must know the risks and what to watch for,” he adds. “You’re much less likely to be victimized if everyone’s aware, and it’s kept fresh in their minds with periodic reminders and discussions.”

What are some of those risks, and how can we be better prepared to face them?

If asked to move fast, slow down

Charles offers this fundamental tip to prevent email fraud: “Whenever you see an email asking you to act fast, slow down.” The most common type of small business fraud is email “phishing,” when a fraudster claims to be from one business and requests something be handled urgently.

Other red flags include unexpected “change of payment” instructions; suspension notices if accounts aren’t paid immediately; and urgent calls for immediate contact at a special phone number. Never click on links within emails or open attachments, even from people you know, if you’re not expecting them to email you such links or content.

Watch for bogus domains and poor grammar

“If you encounter an email that seems ‘off,’ look closer,” Charles advises. “Scammers try making their emails look as official as possible, often changing just one letter on an email domain’s suffix, such as changing to Many people will notice the slight difference, but all the perpetrator needs is just one person to miss it.”

Poor grammar and phrasing that’s inconsistent or off-brand are also clear tip-offs. “Be wary of official-looking emails that lack the professionalism you’d expect if the sender was legitimate,” Charles warns. “And, of course, TD Bank will never email you asking for personal information of any kind.”

If you doubt an email’s authenticity, it’s a great idea to call the purported sender, such as a vendor, courier, or financial institution, and speak with someone in person. “But don’t use the phone number in the email you got because that could be bogus, too,” Charles says. “Instead, use a contact number you find on the company’s official website.”

Training employees to spot and report email fraud

Again, most small business fraud involves email scams that prey on emotional vulnerability. That’s why one of the most effective ways to train employees to recognize an issue is simply to talk about it and show them examples. You can find those and more information on the “How to Recognize and Avoid Phishing Scams” from the U.S. Federal Trade Commission (FTC).

Teach them to look for the telltale signs of fraudulent emails, and if you find your company has been victimized, report it to the local police as well as to the FTC via It’s unlikely the fraud is originating in your jurisdiction, so by reporting it at the federal level, there is a higher chance of successfully stopping it.

Email security tools

Antivirus software and firewalls can’t protect you from small business fraud, but secure email encryption software may be an option for some businesses. Encryption scrambles a message upon sending and can only be decrypted with a software decryption key supplied to the recipient. It’s standard practice for financial institutions like TD Bank to use email encryption to keep client data and communications secure.

Practice good password hygiene

What is good “password hygiene?” “It starts with not putting sticky notes with passwords on your PC,” Charles says.

While most office personnel wouldn’t do that, many do make equally troubling mistakes with their passwords. They may be compromising their online security without knowing it. Consider these guidelines:

    Stay informed and diligent

    Preventing online small business fraud, depends on staying informed about potential threats and watching for them. Password managers and email encryption are helpful, but employee awareness and training are critical. Make the latter part of new employee orientation, too.

    For more on personal finance topics

    For more tips on protecting your business from email fraud, TD Bank offers a series of articles on the topic. If you have more questions about other personal finance topics that matter to you, visit the Learning Center on TD Bank’s website.

    We hope you found this helpful. This article is based on information available in May 2023 and is subject to change. It is provided as a convenience and for general information purposes only. Our content is not intended to provide legal, tax, investment, or financial advice or to indicate that a particular TD Bank or third-party product or service is available or right for you.

    For specific advice about your unique circumstances, consider talking with a qualified professional.

    Links to third-party sites do not constitute an endorsement or an approval by TD Bank of any of the products, services or opinions of the corporation or organization or individual. TD Bank bears no responsibility for the accuracy, legality, or content of the external site or for that of subsequent links. Any third-party trademarks or service marks mentioned herein are the property of their respective owners. Contact the external site for answers to questions regarding its content. See our website Terms of Use for more information.

    Want to learn more about Money matters?
    Why Small Business Owners Need to Know About CDFIs
    How TD Bank's ESG Priorities Helped a New Jersey Small Business Owner
    An NYC Small Business Owner Says Key to Survival is Going with the Flow

    Join our newsletter

    Sign up for the latest updates from TD Stories delivered to your inbox twice a week.

    See you in a bit

    You are now leaving our website and entering a third-party website over which we have no control.

    Continue to site Return to TD Stories

    Neither TD Bank US Holding Company, nor its subsidiaries or affiliates, is responsible for the content of the third-party sites hyperlinked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third party sites.

    Third-party sites may have different Privacy and Security policies than TD Bank US Holding Company. You should review the Privacy and Security policies of any third-party website before you provide personal or confidential information.