How To Detect And Prevent Scammers In SMEs – Tech Expert
The current economic climate has spurred a wave of creativity despite persistent challenges, leading to the growth and evolution of Small and Medium Enterprises across the country. However, with this advancement comes increased exposure to digital risks.
Our correspondent, Saheed Afolabi spoke with Abdubasit Muhammed, a tech expert who explained the growing vulnerability of SMEs to online scammers and outlined practical steps business owners must take to guard against fraudulent tactics. Excerpts;
What are the most common types of scams targeting SMEs today?
In Nigeria today, the most common scams targeting SMEs are fake payment alerts, social engineering, and fraudulent loan or investment offers.
Many traders and small business owners fall victim to fake alerts where fraudsters send manipulated SMS or email notifications pretending money has been credited, only for the account balance to remain unchanged.
Then there is social engineering, scams where attackers impersonate known contacts, clients, or vendors to trick SMEs into sharing sensitive information or making payments. And increasingly, we are seeing fraudulent loan schemes and online platforms promising quick business loans or grants but designed to harvest personal and financial data.
These scams thrive because SMEs often prioritize business speed over digital safety. They are eager to complete a transaction or secure funding, and that is when attackers strike.
Which industries or business sizes are most vulnerable to scammers, and why?
Micro and small businesses in retail, trading, e-commerce, and logistics are the most targeted. They handle frequent cash flows, use mobile banking heavily, and often lack dedicated IT or cybersecurity support.
Scammers know that these businesses operate on trust and speed; a trader receives a payment alert, confirms on the spot, and releases goods. There is no multi-step verification or proper invoice tracking system. That informality creates loopholes.
In short, it is not about how big you are, it all borders around how digitally unprotected you are.
What simple verification steps should SMEs take before making any payment to a new or changed vendor?
Before making payments to a new or modified vendor account, SMEs must adopt a culture of trust and also learn to verify. The simplest safeguard is direct confirmation; never rely solely on the message that announced the new account. Always call or speak with the vendor using a previously verified number or in-person contact to confirm any banking change.
Next, verify the bank details through official channels such as NIBSS Verify or your bank’s “name enquiry” service. Even something as small as sending a ₦10 test transfer to confirm the account name can prevent a million-naira mistake. Finally, businesses should implement an internal approval process for transactions above certain thresholds, even if it is a small family business. A second pair of eyes before payment can save the business from costly fraud.
Scammers often create urgency with texts like “act fast,” “offer expires soon,” or “goods won’t be released until payment is confirmed.” The moment you feel pressured, that is usually your red flag. Pause, verify, then proceed.
What are the minimum cybersecurity tools an SME should have in place today?
For any SME, cybersecurity does not have to be complex or expensive, but it must be intentional. At the very least, every business should have reliable antivirus and anti-malware protection installed on all devices. Two-factor authentication (2FA) should be enabled on emails, banking apps, and social media accounts to provide an extra layer of defense beyond passwords.
Passwords themselves need to be strong, regularly updated, and never based on personal information like birthdays or phone numbers. In addition, SMEs should back up their key files and documents automatically to the cloud or an external drive, ensuring business continuity if systems are compromised. Finally, setting up spam and phishing filters on email accounts helps reduce exposure to malicious links and deceptive messages.
These simple measures act as the digital equivalent of seatbelts, they don’t stop incidents from happening, but they drastically minimize the impact when they do.
What’s the biggest myth SMEs believe about being too small to be targeted?
The most dangerous myth is “I’m too small for hackers to notice.” Cybercriminals don’t need to know you, they automate attacks. Their bots crawl the internet and social media for weak targets: predictable passwords, unsecured websites, or unverified transactions.
Many of the scams in Nigeria today are not “targeted” in the Hollywood sense. They are opportunistic. You just have to be unlucky or unprotected once.
What’s one thing every SME employee should know about scams no matter their role?
Every employee must understand that cybersecurity is a shared responsibility. Fraudsters hack people. A single careless click, shared password, or fake link can cost the business everything.
So, employees, from cashiers to managers, should always verify payment instructions, never click on suspicious links, never share passwords, and report suspicious messages immediately. In cybersecurity, silence after suspicion is often the real danger.
Is cyber insurance worth it for SMEs? What should they look for in a policy?
Yes, but with caution. Cyber insurance is valuable when it is tailored to small businesses. It can cover losses from fraud, data breaches, or downtime from cyberattacks.
However, SMEs must read the fine print. Many policies exclude basic negligence, meaning if your business ignored simple safeguards, you may not be compensated.
So, use cyber insurance as a last layer, not as your first defense. Prevention is cheaper than protection.
How effective was the cybersecurity outreach you had with SMEs recently, and what plans do you have for the future?
The outreach at Ikotun Market was both eye-opening and deeply rewarding. Many traders and small business owners initially saw cybersecurity as something distant, a “big company” problem. But when we began discussing real-life scenarios like fake payment alerts, stolen WhatsApp accounts, and fraudulent loan offers, their expressions changed. The moment I showed them how easy it is for scammers to exploit weak passwords such as birthdays or phone numbers, several participants pulled out their phones immediately to change theirs. That instant behavioral shift was the true measure of success.
We also discussed multi-factor authentication, safe online transactions, and how to verify payment alerts before releasing goods. What struck me most was how eager the market women were to learn. They realized that protecting their small businesses digitally is just as important as locking their shops physically.
Moving forward, I am expanding the outreach across more markets, schools, and local communities. The next phase will include practical workshops, where participants can practice spotting phishing messages, securing their online accounts, and reporting fraud attempts. It would also encourage young people to pursue careers in Cybersecurity.
I aim to build a Cyber-Aware Nigeria, where cybersecurity becomes a form of grassroots empowerment. If we can help everyday business owners understand that safety online is a pathway to sustainability and trust, we will be securing the very foundation of our digital economy.
