What to Do If Your Business Is a Victim of Fraud

The First 24 Hours: Immediate Actions

Discovering that your business has been a victim of fraud is a deeply unsettling experience. Whether it's a compromised bank account, a payment diverted to a criminal, or an identity theft that's been used to take out credit in your name, the initial shock can be paralysing. But the actions you take in the first 24 hours are critical to limiting the damage and maximising your chances of recovery.

Take a breath. Then take these steps in order.

Step 1: Contain the Damage

Your first priority is to stop the fraud from continuing. The specific containment actions depend on the type of fraud:

Bank account or card fraud: Contact your bank's fraud team immediately. Every major UK bank has a 24/7 fraud reporting line — the number is on the back of your debit card and on your banking app. Ask them to freeze affected accounts or cards. If you suspect your online banking credentials have been compromised, ask the bank to reset your access.

Payment diversion fraud: If you've sent money to a fraudster (believing it was a legitimate supplier), call your bank immediately. Under the Faster Payments system, bank transfers can be processed within seconds, but banks have mechanisms to trace and potentially recover funds if you act quickly. The APP (Authorised Push Payment) fraud reimbursement scheme, in effect since October 2024, means your bank may be required to reimburse you.

Email compromise: If your email account has been hacked and used to send fraudulent messages (perhaps fake invoices to your clients), change your password immediately, enable two-factor authentication, and notify any contacts who may have received fraudulent emails from your account.

Identity theft: Contact Cifas to register for protective registration, which flags your identity with lenders and credit agencies. Call HMRC on 0300 200 3310 if your tax identity has been compromised.

Step 2: Preserve Evidence

Before you start changing passwords and cleaning up, document everything you can:

• Take screenshots of fraudulent emails, messages, or transactions
• Save email headers (which contain technical routing information that investigators may need)
• Note the dates, times, and amounts of any fraudulent transactions
• Record the details of any suspicious phone calls (number, time, what was said)
• Keep copies of any fraudulent invoices or documents

This evidence will be essential for your fraud report, any bank claim, and potentially for an insurance claim.

Step 3: Report the Crime

Action Fraud is the UK's national reporting centre for fraud and cyber crime. You can report online at actionfraud.police.uk or by calling 0300 123 2040. You'll receive a crime reference number, which you'll need for insurance claims and when dealing with your bank.

If the fraud involved HMRC impersonation, also report it to HMRC:

• Forward phishing emails to phishing@hmrc.gov.uk
• Forward suspicious texts to 60599
• Call HMRC on 0300 200 3310 for tax identity issues

For bank fraud, your bank's own fraud report is separate from Action Fraud and equally important. Make both reports.

The First Week: Assessment and Notification

Once the immediate crisis is contained, you need to assess the full extent of the fraud and notify relevant parties.

Assess the Financial Impact

Work through your records to determine exactly what has been lost or compromised. If you use Accounted, I can help you identify unusual transactions and trace the timeline of the fraud. Having accurate, up-to-date bookkeeping records is invaluable at this stage because it provides a clear baseline against which to measure fraudulent activity.

Document:

• Total financial losses (direct payments to fraudsters)
• Any indirect costs (time spent dealing with the fraud, professional fees)
• Any data that may have been compromised (personal information, client data, financial records)

Notify Affected Parties

If the fraud has potentially affected anyone else — your clients, suppliers, or contacts — you have both an ethical and (in many cases) a legal obligation to notify them.

Clients: If your email was compromised and clients may have received fraudulent communications, notify them immediately. If client data was exposed, you may need to report a data breach to the Information Commissioner's Office (ICO) under GDPR.

Suppliers: If a payment was diverted, notify the genuine supplier so they can investigate whether their systems were compromised.

HMRC: If fraudulent tax returns have been filed in your name, notify HMRC so they can flag your account and prevent further fraudulent filings. Our guide on HMRC scam emails explains how criminals target tax identities.

Your accountant or tax adviser: If you have a professional adviser, inform them of the fraud. They may need to take steps to protect your tax affairs and can advise on the tax implications of any losses.

Check Your Insurance

Review your business insurance policies for fraud coverage. Relevant policies might include:

• Cyber insurance: Specifically designed to cover losses from cyber crime, including fraud, data breaches, and business interruption caused by cyber incidents.
• Professional indemnity insurance: May cover certain types of fraud-related losses, particularly if client funds were involved.
• Business contents insurance: May cover theft, which could extend to certain types of fraud.

File your insurance claim promptly, using the Action Fraud crime reference number and the evidence you've preserved.

The Recovery Process

Financial Recovery

Bank reimbursement: Under the APP fraud reimbursement scheme, your bank should assess your claim and reimburse you within a defined timeframe. The scheme covers authorised push payment fraud — situations where you were tricked into sending money. It doesn't cover all types of fraud, and there are exclusions for gross negligence, but the majority of victims are now eligible for reimbursement.

Chargebacks: If you paid by credit or debit card, you may be able to initiate a chargeback through your card provider. Section 75 of the Consumer Credit Act provides additional protection for credit card payments over £100.

Tax relief on losses: In some circumstances, losses from fraud may be deductible for tax purposes. This is a complex area — the loss generally needs to arise from the trade itself, not from a personal fraud. Consult your accountant for specific advice.

Operational Recovery

Secure your systems: Change passwords for all business accounts. Enable two-factor authentication everywhere. Run antivirus scans. If you suspect your device was compromised, consider a factory reset or professional security assessment.

Review and strengthen your processes: Look at what allowed the fraud to occur and put measures in place to prevent recurrence. Our guide to protecting your business bank account covers the key security measures in detail.

Rebuild trust: If the fraud affected clients or suppliers, communicate openly about what happened and what you've done to prevent recurrence. Transparency builds trust; secrecy breeds suspicion.

The Emotional Impact

This is the aspect of fraud that's least discussed but often the most damaging. Being a victim of fraud can trigger a range of emotions: anger at the criminals, shame at being deceived, anxiety about your financial future, and a loss of trust that makes every future business interaction feel suspicious.

These feelings are normal and valid. Fraud is a crime committed against you — it's not your fault, regardless of how obvious the deception seems in hindsight. Scammers are skilled manipulators who exploit normal human responses like trust, urgency, and fear.

If the emotional impact is affecting your ability to work or your wellbeing, consider:

• Speaking to someone you trust — a friend, family member, or fellow business owner
• Contacting Victim Support on 08 08 16 89 111 — they provide free, confidential support to anyone affected by crime
• Seeking professional counselling if anxiety or stress persists

The self-employed often bear the emotional burden of business problems alone. You don't have to. Our post on protecting your business from fraud covers the broader prevention landscape, and I'm always here to help you monitor your accounts and spot anomalies early.

Prevention: Reducing Future Risk

Once you've recovered from the immediate fraud, invest time in strengthening your defences.

Technical Measures

• Use a password manager and unique passwords for every account
• Enable two-factor authentication on all business accounts (email, banking, HMRC, cloud storage)
• Keep all software and devices updated
• Use antivirus software on all devices
• Back up your data regularly to a secure location

Process Measures

• Verify any request to change payment details by calling the supplier on a known number
• Implement a pause-and-verify process for large or unusual payments
• Review your bank transactions weekly (or let me do it for you through Accounted)
• Reconcile your accounts monthly

Awareness Measures

• Stay informed about current scam tactics — they evolve constantly
• Follow HMRC's official channels for tax communication guidance
• Be sceptical of unsolicited contact, especially anything creating urgency
• Brief any employees or subcontractors about fraud risks

Insurance

• Consider cyber insurance if you don't already have it
• Review existing policies to understand your fraud coverage
• Ensure your cover reflects your actual risk level

Moving Forward

Being a victim of fraud is a deeply unpleasant experience, but it's one that thousands of UK businesses go through every year. You're not alone, and in most cases, recovery is achievable.

The key lessons are: act fast when fraud is discovered, report it thoroughly, lean on the support systems available to you, and use the experience to build stronger defences for the future.

If you'd like an AI bookkeeper that monitors your transactions, flags anomalies, and keeps your records in perfect order, sign up for Accounted and let me help protect your business going forward. You can also explore how we help on our features page.

You've got this. And I've got your books.

Useful Resources

• HMRC Self Assessment guidance
• HMRC's guidance on self-employed expenses

Accounted makes bookkeeping simple — Penny categorises your transactions automatically so you don't have to. See how →