The UK’s Top 5 Cyber Scams Targeting Small Businesses – And How to Stop Them

UK SMEs lose £6.4 billion annually to cybercrime – with 43% of attacks targeting businesses with under 50 staff (Source: Department for Science, Innovation and Technology, 2023). 

At Ascot Computer Repair, we protect Berkshire businesses from evolving threats. 

This guide exposes the five most pervasive scams and delivers actionable defences to secure your operations. 

Serving Ascot, Reading, and Bracknell with NCSC-aligned cybersecurity since 2012.

1. Invoice Fraud (36% of SME Losses)

How It Works:  

• Criminals impersonate suppliers via spoofed emails, demanding payment to "new" bank details.  

Real Example:  

> "A Bracknell construction firm lost £24,000 after paying a fake ‘supplier’ invoice."

How to Stop It:  

• Verification Protocol: Call known contacts using stored numbers for payment changes.  

• Segregate Duties: Separate invoice approval/payment personnel.  

• Use Confirmed Payee: Enable banking feature blocking mismatched accounts.  

2. CEO Fraud / Business Email Compromise (27% of Attacks)

How It Works:  

• Spoofed executive emails ("Urgent! Transfer £15k for confidential acquisition").  

Red Flags:  

• Pressure tactics, slight domain variations (e.g., `ascot-repairs.co.uk` vs `ascotrepairs.co.uk`).  

How to Stop It:  

• Mandate Two-Factor Approval: Require verbal/Teams confirmation for transfers >£1k.  

• DMARC/DKIM Setup: Block email spoofing (Ascot implements this in 2 hours).  

• Staff Training: Simulated phishing tests quarterly.  

3. Ransomware (18% of Critical Incidents)

How It Works:  

• Malware encrypts files via malicious attachments; ransom demanded in Bitcoin.  

UK Impact:  

• Average ransom: £28,000 + £162k downtime costs (ICO).  

How to Stop It:  

• Air-Gapped Backups: 3-2-1 rule (3 copies, 2 media, 1 offsite).  

• Patch Management: Auto-updates for OS/software (Ascot’s managed service).  

• Endpoint Protection: Next-gen antivirus with ransomware rollback.  

4. Phishing (Account Takeovers)

How It Works:  

• Fake "Microsoft 365 login" pages stealing credentials to hijack cloud data.  

Current UK Trend:  

• HMRC/tax refund lures peak in January/March.  

How to Stop It:  

• Multi-Factor Authentication (MFA): Essential for all cloud accounts.  

• Email Filtering: Block malicious links/attachments (e.g., Mimecast).  

• Password Managers: Prevent credential reuse.  

5. Fake IT Support Scams

How It Works:  

• Cold calls/redirects: "Your National Insurance number is compromised!" → Remote access malware.  

Vulnerable Sectors:  

• Healthcare, legal, and retail (ICO breach reports).  

How to Stop It:  

• Block Cold Calls: Register with TPS (Telephone Preference Service).  

• Staff Policy: Never grant remote access to unsolicited callers.  

• DNS Filtering: Block scam domains (Ascot’s £15/mo business package).  

Ascot’s Business Cybersecurity Packages