Cybersecurity scams to look out for in 2023

It seems like every day we are being warned about a new scam that’s doing the rounds. Whether it’s an email pertaining to be from the bank, a delivery firm, HMRC, a supplier, or even a colleague, businesses need to be on their guard.

Sadly, size is no defense when it comes to cybercrime and whether you’re a micro business or a multinational player, you’re likely to be a target.

To help you stay alert and spot any potential threats, here we’ve pulled together a list of the top cybersecurity scams that small businesses need to be aware of.


Social engineering scams

One of the biggest cybersecurity threats actually sits within your business. In fact, you’re even paying for the threat to be there! We are, of course, referring to your employees.

When it comes to small business cybersecurity, employees are just one area cybercriminals look to exploit. They do this through social engineering – of which phishing (by email) or smishing (by text message) are just two examples.

These types of attacks aim to dupe well-meaning employees into clicking on a bogus link from which data will be harvested.

Social engineering scams generally take the form of a fake communication purporting to be from a legitimate organisation, such as a bank, HMRC or Royal Mail. Often highly sophisticated in nature, they can be difficult to distinguish from a genuine text or email, which is why so many unsuspecting employees unwittingly fall for this type of cybersecurity scam.


Third party/contractor breaches

Many small businesses outsource key functions to third party providers, such as marketing agencies and accountancy firms, which again creates another cybersecurity risk.

Depending on the nature of their relationship with your business, these companies may have access to highly sensitive (and lucrative) information that a cybercriminal would love to get their hands on, for example, customer passwords or payment information.

Exploiting the cybersecurity of third party partners is another way that savvy cybercriminals seek to penetrate small businesses from the outside. Although the company that actually suffers the cyberattack is the secondary target, a breach of their systems automatically compromises any sensitive data they hold on file for your business and puts your company directly at risk.


Ransomware attacks

Ransomware – a type of malware which allows a hacker to take control of your systems and lock you out – is another common cyberattack targeted at small businesses. Poor levels of encryption, easily guessable passwords, or an employee joining an unsecured public Wi-Fi network are all ways in which hackers can compromise your systems and infect them with ransomware.

When this occurs, the hacker will demand a monetary ransom in order to relinquish control of your systems and allow you to re-access your drives and folders. It’s an easy win for a cybercriminal who can literally hold your small business to ransom until you pay up.

Having a real-time back-up of your systems or storing your data offline in a cloud is a good way to protect your business from becoming vulnerable to this nature of cybersecurity scam.


Outdated software

Another popular way that cybercriminals seek to gain access to sensitive information held by small businesses is by exploiting cybersecurity loopholes in outdated software.

In many instances, when a new version of a software is released it’s because it contains a patch or an update that protects against a known cybersecurity threat. Ignoring system updates, therefore, automatically puts your business at a heightened risk of a cybersecurity attack.

Despite this, many business owners and employees fail to update their apps when new releases are available, or ignore notifications to do so when prompted, the consequences of which can cost your business dearly.


Password sharing / credential stuffing

Using one password or set of login credentials across multiple devices or users is another common practice within small businesses – especially when it comes to software subscriptions or applications that are costed per head.

While login sharing in this way may seem like a great way to save money, it puts your company at increased risk of a cybersecurity scam known as credential stuffing. This is where a criminal is able to access multiple password protected accounts your business uses simply by learning the master set of login credentials that unlocks each one.

One of the best cybersecurity habits to get into for any small business is to issue a unique set of login details for each user in the company. You should also ensure you never re-use the same email and password combination on more than one account or device. And use multifactor authentication wherever you can, so more than just a password and username is needed to login successfully.


Increase your small business cybersecurity

Investing in cybersecurity is one of the best moves your small business can make to protect itself from a cyber attack. From off-site data back-ups to cybersecurity training, at Dragon IS we specialise in affordable cybersecurity solutions, scaled for small businesses. To learn more, call our expert team on 0330 363 0055 or email


You may also be interested in: