AI Scam SensePart of AI Sure Tech

Small-business safety

Small Business Staff Scam Safety Training

A short, practical training plan that helps small-business staff recognize when to pause, what to say, and where to route unusual requests. The goal is not to make everyone a scam expert. The goal is to make verification normal and non-shaming.

Back to small businessUse Before You Act

Training summary

A short, practical training plan that helps small-business staff recognize when to pause, what to say, and where to route unusual requests. The goal is not to make everyone a scam expert. The goal is to make verification normal and non-shaming.

Five-minute talk outline

  • Scams often look like ordinary work: invoices, vendor updates, refund requests, payroll changes, support messages, social media messages, or owner requests.
  • The main stop signals are new money destinations, new access requests, unusual channels, urgency, secrecy, and requests for private information.
  • No one is in trouble for pausing a request. Pausing is part of the job.
  • Verify through a known channel instead of using contact details supplied in the unusual request.
  • Do not share passwords, one-time codes, recovery prompts, private documents, employee details, customer details, or payment information.
  • Use a pause phrase when a vendor, customer, manager, or caller pressures you.
  • Route uncertain requests to the approved reviewer and write short notes about what happened.

Pause phrases

  • I need to follow our verification process first.
  • I cannot approve that from this message alone.
  • We verify payment and account changes through a known channel.
  • I will route this to the person who reviews these requests.
  • I cannot share passwords, one-time codes, or private documents.
  • We do not grant remote access from surprise calls, popups, or messages.
  • I can continue after this is checked through our normal process.
  • Our policy is to pause when a request involves urgency, secrecy, money, access, or private information.

Role examples

Owner

A staff member says they received a message that appears to come from you asking for a quick confidential payment.

Safe response: Thank you for pausing. Requests that appear to come from me still need our normal verification and approval process.

Bookkeeper

A vendor appears to send updated payment instructions shortly before a normal payment date.

Safe response: I will hold the change and verify through a known channel before updating records or releasing payment.

Office Manager

A caller says an account will be suspended unless the business acts immediately.

Safe response: I cannot act from a surprise call. I will check this through our saved official contact path.

HR or Payroll

A message appears to request an employee record or payroll update before the next pay run.

Safe response: Employee-related changes must go through our normal internal process. I will verify through a known channel.

Front Desk or Customer Support

A customer says they overpaid and wants a fast refund through a different payment method.

Safe response: I need to match the request to our records and follow our standard refund review process.

Social Media Manager

A message says a fake page can be removed if the business shares a login code.

Safe response: We do not share passwords, one-time codes, or admin access through messages. I will use our approved account process.

Solo Freelancer

A new client sends a payment screenshot and asks for part of the money to be returned right away.

Safe response: I need to verify through my normal payment records and refund process before sending any money.

Monthly micro-drills

  • Show one fake invoice pattern and ask staff what would trigger a pause.
  • Practice two pause phrases out loud with a vendor, customer, manager, or caller example.
  • Review who approves vendor payment changes and where the known-contact list is kept.
  • Walk through a customer refund request that asks for a different payment method.
  • Review the rule: do not share passwords, one-time codes, or private documents.
  • Ask each role to name one kind of request they are allowed to pause.
  • Check whether official support contacts and social media links are easy to find.
  • Review one exception from the past month and discuss how it was documented.

Printable reminder

  • Pause when a request involves money, access, payroll, refunds, private information, or account changes.
  • Stop signals include urgency, secrecy, unusual channels, new destinations, links, attachments, popups, and QR codes.
  • Verify through a known channel before acting.
  • Do not share passwords, one-time codes, recovery prompts, private documents, employee details, customer details, or payment information.
  • Use a pause phrase instead of deciding under pressure.
  • Route uncertain requests to the approved reviewer.
  • Write short notes about what was checked.
  • Pausing is allowed and expected.

This page is educational and should be adapted to the business's own tools, policies, and qualified professional guidance when needed.