I Almost Lost £12,000 to a Banking Scam

The email looked real. The phone number matched my bank's. The website was pixel-perfect. I got to the "Enter your banking details" screen and something felt off.

I stopped. Called my bank directly. It was a scam.

12,000 UK businesses weren't so lucky last year. Average loss: £8,400 per victim. As of February 2026, scammers are getting more sophisticated. They're targeting small business owners specifically—because they have access to larger accounts and less corporate-level security.

Scam 1: The Perfect Invoice Email

You receive an email from what looks like your supplier. Invoice attached. "Payment due Friday."

The email address is almost identical to the real supplier's. The invoice number matches their format. The attachment looks authentic.

You pay. It goes to a scammer's account. Your supplier never got paid. Now they're chasing you for the missed payment.

Red flag: Slight misspelling in email address (supplie.co.uk instead of supplier.co.uk). Urgency in the email ("pay by Friday or we stop supplies"). Asking to change payment details.

Defense: Call your supplier directly (use the number from your existing records, not from the email). Verify invoice directly in their portal. Never copy email addresses—always call to confirm.

Scam 2: The "Bank Security Check" Call

"Hi, this is Barclays fraud team. We've detected suspicious activity on your account. Can you confirm your details?"

Sounds official. Voice sounds professional. They know your business name and a partial account number.

You give them your details. They now have everything they need to empty your account.

Red flag: Bank NEVER asks for personal details over the phone. Pressure to verify immediately ("we need this confirmed right now or your account locks"). Calling from a number that looks like the bank (spoofed caller ID).

Defense: Hang up immediately. Call your bank's official number from their website or the back of your card. Never use a phone number from the inbound call.

Scam 3: The Government Grant That Isn't

"Congratulations! Your business qualifies for a £10,000 government grant. Just pay a £500 processing fee to claim it."

Sounds legit. Government grants do exist. You need cash. You pay the fee.

The grant disappears. You've lost £500 and gotten nothing.

Red flag: Upfront payment for a grant (government grants NEVER charge upfront fees). Unsolicited email or call about a grant you didn't apply for. Pressure to decide quickly.

Defense: Check gov.uk directly. Real UK grants are listed there. If it's not on gov.uk, it's not real. Never pay upfront for a government benefit.

Scam 4: The Boss's Urgent Wire Transfer Request

Email from your boss: "Need you to urgently transfer £25,000 to this account for client invoice. Use this IBAN."

It's from boss@yourcompany.com. Or looks like it.

You process the transfer without checking. Two days later, your boss asks why the client never got paid. The email was spoofed.

Red flag: Unusual urgency. Different payment method than usual (typically wire transfer when you normally use other methods). Slight email address inconsistency you missed. Going to a personal account instead of a business account.

Defense: Walk to your boss's desk or call them directly (use a known phone number). Verify the request verbally. For amounts over £10,000, implement a two-person approval process internally.

Scam 5: The Fake Payment Portal

Email from Tide (or your actual bank): "Your account has exceeded its limit. Click here to update your billing information."

The link looks right. The login page looks identical to the real portal. You enter your credentials.

Scammers now have your login. They drain your account.

Red flag: Generic greeting ("Hi User") instead of your name. Asking for sensitive info via email or link (banks NEVER do this). URL that doesn't match the real bank's domain (tide-secure.com instead of tide.co.uk). Grammar errors or odd phrasing.

Defense: Never click links in emails from banks. Always go directly to the website by typing the URL yourself. Check the URL in your address bar carefully. If in doubt, call the bank.

Scam 6: The "Tax Refund" Scam

"HMRC has processed your tax refund of £3,200. Click here to claim it."

You click. Enter your tax reference number, National Insurance number, date of birth.

You've just handed a scammer all the info needed to commit identity fraud in your name.

Red flag: HMRC NEVER initiates contact about refunds via email. Email asking for National Insurance number or tax reference. Unsolicited email offering money.

Defense: Log into your HMRC account directly to check your tax position. Never use links from emails. If you think you're owed a refund, contact HMRC directly via gov.uk.

Scam 7: The Supplier Payment Redirect

You've been buying from a supplier for two years. One day, they email: "We're moving our office. Please use this new bank account for future payments."

New account details are included. Looks official. They mention it in the next invoice too.

You send £8,000 to what you think is their new account. It's a scammer's account. The real supplier is still waiting for payment.

Red flag: First communication of account change via email (not via phone call). Account change happening unusually frequently. Pressure to switch immediately ("please update your records by Friday").

Defense: When a supplier says they're changing bank details, call them directly to verify. Use the phone number from your existing records. Never make a large payment before verifying the change is real.

Your Defense System Against All 7

  • Trust but verify: Even familiar senders can be spoofed. Verify contact details independently.
  • Call to check: When in doubt, pick up the phone. Use established numbers.
  • Never click links: Go directly to websites by typing the URL.
  • Require two-person approval: For large payments, especially wire transfers.
  • Implement payment controls: Set daily transfer limits. Require approval for new payee accounts.
  • Regular monitoring: Check your business account weekly for unauthorized transactions. Report suspicious activity immediately.

If You've Been Scammed

Act immediately. Every hour counts.

  1. Contact your bank immediately. Tell them you've been scammed.
  2. Provide all details: amount, date, recipient account details.
  3. Your bank may be able to recall the payment if it's within hours.
  4. Report to Action Fraud (0300 123 2040 or actionfraud.police.uk).
  5. Report to HMRC if tax information was compromised.
  6. Monitor your accounts and credit file carefully.

The Bottom Line: Scammers Know Your Business Has Money

They're getting smarter. They're targeting business owners specifically. The defenses above aren't paranoia—they're the baseline for protecting six figures or more sitting in your business account.

One simple check—calling to verify—stops 90% of scams. Do that check every single time something feels off.

FREE

Get Weekly Finance Tips

Join thousands getting clear, honest money advice every week.

Questions? Drop us a note at hello@friedfinance.com. We read every email.