If You Own a Business, Scammers Already Know Your Name

The calendar just flipped to a new year, and while you’re focused on goals, growth, and getting your books in order—scammers are focused on you. January and February are prime hunting season for fraudsters who target small business owners with official-looking letters, urgent emails, and convincing phone calls designed to steal your money, your data, or both.

At Pendergrass Consulting, we’ve already seen an uptick in reports from local business owners who’ve received suspicious correspondence this year. Here’s what you need to watch for right now—and how to protect yourself.

The Secretary of State Renewal Scam

This is one of the most widespread scams hitting North Carolina business owners right now, and it catches people off guard because it looks so official.

How it works: Shortly after you register a business in North Carolina—or around the time your annual report is due—you receive a letter or email that appears to come from an official-sounding organization. Names like “North Carolina Certified Document Services,” “Business Filing Center,” or “Corporate Filing Services” are common. The letter uses legal jargon, references real state laws, includes your actual business name and filing information, and demands fees ranging from $95 to nearly $500 for services like filing your annual report, preparing corporate minutes, or obtaining a “Certificate of Existence.”

The catch? These are third-party companies charging outrageous markups for services you can do yourself directly through the NC Secretary of State’s office for a fraction of the cost—or services you don’t need at all. North Carolina law does not require you to pay a third party to file your annual report. LLCs can file directly with the Secretary of State for $200, and corporations pay just $25.

The NC Secretary of State, the NC Attorney General, and NC State Extension have all issued warnings about these deceptive mailings, some of which have been circulating for years under constantly changing company names. This isn’t just a North Carolina problem either—states across the country including Tennessee, Pennsylvania, Washington, and Minnesota have reported identical schemes.

How to protect yourself:

Any legitimate communication from the state will come from the NC Secretary of State’s office directly at sosnc.gov—look for the .gov domain. Be skeptical of any third-party mailer that creates urgency with deadlines and threatens dissolution of your business. File your annual reports directly through the Secretary of State’s website. If something looks suspicious, call the Secretary of State’s office at (919) 814-5400 before taking any action. You can also sign up for the NC Secretary of State’s free e-notification subscription to monitor your business filings and catch unauthorized changes.

Tax Season Scams Are in Full Swing

Tax season has officially begun, and scammers are exploiting a perfect storm of confusion this year. The IRS has confirmed that its Direct File program—the free, government-run filing tool used by hundreds of thousands of taxpayers—is not available for the 2026 filing season. That means many people who used Direct File last year are now looking for alternatives, and scammers are ready to take advantage of that uncertainty.

The IRS published its annual warning on January 8, 2026, highlighting the top threats for this filing season. Here’s what small business owners need to know:

IRS Impersonation Scams: Criminals are sending emails, texts, and making phone calls that claim to be from the IRS. Messages often say your refund is on hold, your account has been flagged, or you owe taxes that must be paid immediately. They use official-looking logos, fake case numbers, and links to convincing websites. Remember this: the IRS will never initiate contact by email, text, or social media. Their first contact is always a letter sent through the U.S. mail.

W-2 and Payroll Phishing: Scammers target businesses specifically by sending emails that appear to come from company executives, requesting copies of employee W-2 forms. Once they have this data, they file fraudulent tax returns in your employees’ names. The IRS recommends that companies require two-person verification for any request involving employee tax data.

Fake Tax Preparers: With Direct File no longer available, the Better Business Bureau is warning about a surge in tax company impostor scams. Criminals pose as tax preparation firms, pressure victims to pay quickly, promise unrealistically large refunds, or charge fees based on a percentage of your refund rather than a flat rate. Nationally, thousands of people reported being targeted by tax scams over the past 12 months, with scammers attempting to steal nearly $6 million.

Social Media Tax Schemes: The IRS warns that bad tax advice on social media is misleading taxpayers about credit and refund eligibility. Influencers may encourage filing false claims for credits like the Fuel Tax Credit, the Employee Retention Credit, or fabricated withholding amounts. These schemes can result in penalties, audits, and criminal prosecution.

How to protect your business:

Never share sensitive tax information in response to unsolicited emails or calls. Verify any tax-related communication by going directly to IRS.gov—never click links in messages. If you use a tax preparer, verify their Preparer Tax Identification Number (PTIN) and check their credentials. Consider getting an Identity Protection PIN from the IRS to prevent someone from filing a return using your Social Security number. Keep your EIN (Employer Identification Number) secure and update it promptly using Form 8822-B if anything changes. Free filing options still exist through the IRS Free File program at IRS.gov/freefile for taxpayers with an adjusted gross income of $89,000 or less.

Phishing Emails Are More Convincing Than Ever

If you think you can spot a phishing email, think again. In 2026, AI-generated phishing attacks have made fraudulent messages nearly indistinguishable from legitimate ones. Scammers can now produce highly personalized emails that reference your real clients, vendors, and internal terminology—because they research your business using publicly available information before they strike.

Small businesses are disproportionately targeted. According to recent industry data, small and mid-sized businesses accounted for over 70% of data breaches in 2025, largely because smaller teams are stretched thin and often lack dedicated IT security staff. The FBI reported over 859,000 cybercrime complaints in 2024 with $16.6 billion in losses—up 33% year over year. Business email compromise alone accounted for $2.7 billion in losses.

Common phishing scenarios targeting small businesses include fake invoices from vendors you actually use, urgent wire transfer requests appearing to come from executives, direct deposit change requests from “employees,” calendar invites with malicious links, and gift card purchase requests from someone posing as your boss.

How to protect yourself:  Contact us today for a conversation about protecting your business.

Always verify the sender’s actual email address—not just the display name. Hover over links before clicking to check the real URL. Establish internal verification protocols for any financial transaction, especially wire transfers and payment changes. Train your employees to recognize phishing attempts and encourage them to report anything suspicious. Use strong, unique passwords for every account and enable multi-factor authentication everywhere possible. Keep all software and operating systems updated with the latest security patches.

The Deepfake Danger: Voice and Video Fraud

This is the emerging threat that should concern every business owner. Criminals are now using AI to clone voices and create realistic video of real people. In one widely reported case, a deepfake video of a company’s CFO convinced a finance department employee to wire $25.6 million across 15 overseas bank accounts.

While most small businesses won’t face scams of that magnitude, the same technology is being used to create convincing voicemails from “your bank,” video calls from “your business partner,” and audio messages from “your accountant.” If a call or message creates urgency around money, always hang up and call back using a number you know is legitimate.

Other Scams to Watch for Right Now

Toll Road Text Scams: These surged 900% in 2025 and are continuing into 2026. You receive a text claiming you have unpaid tolls and must pay immediately. The link leads to a credential-harvesting site. Legitimate toll operators do not request payment by text message.

Fake Business Awards: You receive an email or call informing you that your business has won a prestigious award or recognition. To “claim” it, you need to pay a fee or share personal information. Research any such offer thoroughly before responding.

Directory Listing Scams: A caller claims you need to update or confirm your listing in an online directory. After the call, you receive an unexpected bill for services you never authorized.

OSHA and Compliance Mailers: Pennsylvania’s Department of State recently warned about deceptive mailers from companies charging $295 to prepare “required” safety manuals, using real OSHA law references to create false urgency. Similar mailers targeting businesses in other states are likely.

The Bottom Line: Pause Before You Pay

Every one of these scams relies on the same psychology—urgency, fear, and the appearance of authority. The best defense is simple: pause before you act. If a letter threatens your business, verify it directly with the issuing agency. If an email demands immediate payment, pick up the phone and call a known number. If a text says you owe money, delete it and check through official channels.

Keep these principles in mind: Government agencies contact you by mail first, never by email, text, or social media. Legitimate organizations won’t threaten immediate dissolution or arrest. If someone is rushing you to act, that’s the biggest red flag of all. When in doubt, go directly to the official .gov website—never trust links in messages.

Let Pendergrass Consulting Watch Your Back

Scammers are getting smarter, but you don’t have to face them alone. At Pendergrass Consulting, we provide cybersecurity services, employee security awareness guidance, and IT support designed specifically small businesses. From email security to network protection, we help you build defenses that keep the criminals out.

Don’t wait until you’ve been scammed to get serious about security. Contact us today for a conversation about protecting your business.