Business Loan Scams

Scammers target business owners looking for loans to expand their company. Learn how to protect your business from these scams.

Step 1:Recognize

Red Flags of Business Loan Scams

If you are contacted by someone trying to offer you a business loan, there are some red flags to look for that may indicate that you are being scammed, such as:

  • You receive unsolicited offers for business loans, especially via email or social media.
  • The offer seems too good to be true, such as low interest rates or guaranteed approval.
  • They ask for an upfront fee for the loan.
  • The loan provider is not registered with the Better Business Bureau or has a low rating.
  • They are not willing to provide detailed information about their business or answer your questions.
  • The communication is persistent and aggressive.
  • You feel pressured to make a decision quickly.
  • The loan provider refuses to put the offer in writing.
  • You are asked to provide sensitive personal and/or financial information upfront.
  • The loan provider is located outside of the country.
  • You receive a loan offer that you did not apply for.
  • The website looks unprofessional or has fake testimonials.

This list is not exhaustive, but these are some common warning signs of business loan scams.

Step 2:Immediate Actions

If you are the victim of a business loan scam, don’t despair. There are steps you can take to protect yourself and your finances. By taking action quickly and being proactive, you can minimize the damage caused by these scams. Here are some steps to take if you think you have been scammed:

  • Keep all documentation related to the scam, including any emails, letters, or receipts. This will be helpful if you need to file a police report or take legal action against the scammer.
  • Contact the Better Business Bureau (BBB). The BBB is a nonprofit organization that tracks complaints against businesses.
  • If you provided financial information, like your credit card number or bank account information, contact your bank or credit card company. This will help stop the scammer from accessing your accounts and using your information to make additional purchases.
  • If you provided personal information, like your Employer Identification Number, contact the three major business credit reporting agencies — Dun & Bradstreet, Equifax and Experian. You may want to consider placing a fraud alert on your credit reports. This will make it harder for the scammer to open new accounts in your business’s name.

Step 3:Report

Reporting any type of cybercrime, including business loan scams, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Step 4:Recover

Learn the Three Golden Rules to Spot a Scam

Scammers often utilize tactics to encourage you to act quickly and will use false information to persuade you to send money or personally identifiable information (PII). When faced with a questionable situation online, always follow the three golden rules to spot a scam:

Slow it down — Scammers often create a sense of urgency, telling you that you need to act now or you will miss out on the opportunity. Take your time, ask questions and do your research to avoid being rushed into a bad situation.

Spot check — Do your research to double check that the organization contacting you is who they say they are. Conduct an internet search by looking up the organization who contacted you followed by words like “scam” or “complaint.”

Stop! Don’t send — Scammers will try to steal your money by rushing you into paying with unconventional payment methods like gift cards or wire transfers. If they insist you pay in the form of gift cards or by wire transfer, it’s a scam.

Take 5 Steps for Better Online Security

It’s important to strengthen your business’ online security to help avoid all cyber attacks. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Use a Password Manager or Create Strong Passphrases: A password manager is a software tool that securely stores all of your login credentials in one place, allowing you to create and manage strong, unique passwords for all of your accounts. If you are unable to afford a password manager, use strong passphrases. A passphrase is a combination of random words or a sentence that is much longer and more complex than a typical password. Using a passphrase instead of a password makes it much harder for hackers to guess or brute-force their way into your accounts.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Branding