Your employee gets an email from "you" asking them to wire $4,000 to a vendor. It looks exactly like your writing — your tone, your sign-off, your urgency. They send it.
That happened thousands of times last year. AI made it possible.
The FBI just released its 2025 Internet Crime Report and the numbers are worth knowing — not because of the scale, but because the specific scams hitting small businesses right now are different from what they were two years ago. They're more targeted, more convincing, and cheaper to run than ever.
Here's what operators actually need to know.
The one rule that stops most of it:
Set up a verbal confirmation rule today. Any wire transfer, vendor payment, or urgent financial request made over email requires a phone call to verify before anyone touches the money. One conversation. Every time. No exceptions.
It costs nothing and it will save you everything.
Three quick briefs:
1. AI-polished phishing looks nothing like the old stuff. Phishing is still the most common attack on small businesses — nearly 192,000 complaints last year. But the typo-filled scam emails of five years ago are gone. Criminals are now using AI to write impersonation emails that match your tone, your vendor's language, and your company's real context. If your team isn't trained to verify financial requests by phone, they are not prepared for what's hitting inboxes right now.
2. Crypto payment requests are a hard stop. If a vendor, client, or anyone adjacent to your business pushes a crypto payment as "easier" or "faster," slow down and ask twice as many questions. Crypto-related crimes hit $11.4 billion in losses last year — up 21%. The pitch always sounds reasonable. That's the point.
3. Fake tech support is targeting your software stack. Someone calls or emails pretending to be from QuickBooks, Square, or your POS system — asking for remote access to "fix an issue." Tech support scams grew 131% in three years and now account for $2.1 billion in annual losses. The rule is simple: if anyone contacts you asking for remote access, hang up and call the company directly using the number on their official website. Not the number they gave you.
Tool spotlight: Malwarebytes for Teams
If you have a small crew sharing devices or working remotely, Malwarebytes for Teams runs quietly in the background, blocks phishing sites before they load, and flags suspicious downloads. Plans start around $4-5 per device per month.
The honest verdict: it won't stop a social engineering call and the dashboard is a little clunky. But for blocking the automated garbage hitting your team's devices every day, it does the job without needing an IT person to manage it.
The full FBI report is free at ic3.gov — worth a 20-minute read. Share the scam descriptions with whoever handles your money or your inbox.
Want content like this working for your business every week? hawksolutions.tech
P.S. Next issue: another practical threat operators are dealing with right now — and the cheap fix most people overlook