When applying for small business loans, it’s important to thoroughly examine your options to ensure they are safe and legitimate. A LexisNexis© report found that small business lending fraud increased by 13.6% year-over-year, with 64% of respondents anticipating the problem worsening each year. As lending fraud becomes more common, business owners should learn how to recognize these red flags to protect their company’s future.

1. Account takeover.

According to recent cybersecurity statistics, 22% of U.S. adults have been victims of account takeover fraud, resulting in a loss of nearly $8.8 billion. A corporate account takeover is a form of business identity fraud where an unauthorized third party gains access to a business’s finances through stolen account information like email, username, or password, especially when used to apply for a business loan. Using these illegally obtained credentials on a large scale is called credential stuffing, and it’s one of the most common techniques because it targets individuals who use the same login credentials across multiple platforms.

Account takeovers can lead to the unauthorized transfer of funds from the company or the addition of fake employees to the payroll. Once funds and sensitive customer information are stolen, it is often difficult to recover them. If you believe your business may have been compromised due to an account takeover, you should immediately:

• Reset all compromised credentials.
• Contact your bank’s fraud department.
• File a complaint with the Internet Crime Complaint Center at www.ic3.gov.

2. Common types of loan scams.

There are a variety of ways in which cybercriminals will target both businesses and individuals to steal their information.

• Advance fee scams: An advance-fee scam, or an upfront fee scam, is a type of fraud in which a victim pays a fee in exchange for a service or outcome they never receive. 
• Phantom lenders: This type of loan fraud occurs when scammers offer loans to potential borrowers. While these scams can take many forms, fake documents that make their services seem legitimate and advance fees are primarily how business owners are targeted. 
• Loan flipping: This is a predatory lending practice where a lender convinces a borrower to refinance their loan repeatedly. Over time, the loan generates exorbitant fees and interest payments for the lender. 
• Identity theft: Over 90% of cyber-attacks begin with phishing. Phishing refers to a cybercriminal sending fraudulent links through email or text messages to gain access to private, sensitive information. Not only can cybercriminals steal money, but they can also steal personal information, which can lead to identity theft. 

3. Prevention strategies to safeguard against fraud.

The best way to avoid being targeted for fraudulent activity is to implement safeguards on all accounts and be wary of random emails asking for personal information. You should:

• Update antivirus and malware systems on your computer.
• Consider using dual approval capabilities to verify transactions before they’re completed.
• Consult a financial advisor or a certified public accountant (CPA) before finalizing a loan or providing sensitive information to a lender.

As cybercriminals become more savvy and their schemes more prevalent, business owners must know how to protect themselves and their companies.

For more resources, visit our Fraud Prevention or Business Success page at efirstbankblog.com.

“This page may contain links to external websites. These links are displayed for your convenience. FirstBank does not manage these sites and assumes no responsibility for the content, links, privacy policy, or security policy.”

Published: April 16, 2025