What Is Take Five to Stop Fraud?
Cybercrime in the UK is rampant. According to the 2025 Cyber Security Breaches Survey, nearly 300,000 UK businesses fell victim to cyber crime in the past year alone, and experts estimate small firms face millions of phishing, malware and payment fraud attacks annually. Even though government data shows some decline in breaches recently, the numbers are still shocking – roughly half of businesses report a breach or attack each year. In this landscape, no company is too small to be targeted.
A recent high-profile example drives the point home. Marks & Spencer – an iconic British retailer – was hit by a ransomware cyber attack in spring 2025 that froze its online sales for weeks. M&S admitted that hackers stole customer records (names, addresses, phone numbers, order history, etc.) during the breach. The incident cost millions in lost sales and sent its share price tumbling. Even worse, it left customers vulnerable to follow-on scams. The takeaway for small business owners is clear: if a retail giant can be compromised, any business can be a target.
The Take Five to Stop Fraud campaign is a UK-wide fraud-awareness initiative (led by UK Finance and backed by the government) that offers plain-language advice to prevent scams. Its core message is deceptively simple: “Stop. Challenge. Protect.” – in other words, take a brief pause before sending money or information, verify anything unusual, and shield your business if a scam happens. As the campaign puts it, “Criminals are experts at impersonating people… Stop and think. It could protect you and your money.”. In practice, this means literally taking five minutes to double-check any unexpected request. By slowing down and verifying, you have a much better chance to spot fakes.
Why Take Five to Stop Fraud (Taking five Minutes) Works
Learning from Take Five’s advice can save you from disaster. The Take Five to Stop Fraud campaign boils it down to three steps (often framed as bullet-point guidance for clarity):
- Stop. If you receive a request for an urgent payment, a change in a supplier’s bank details, or any sensitive financial information, pause for five minutes and think. Don’t let “urgent” language panic you. Take Five explicitly warns that it’s OK to reject or ignore any request that feels suspicious.
- Challenge. Ask yourself honestly: “Could this be fake?” Verify any changes or requests through a separate channel before acting. For example, call your supplier on a phone number you trust (not the number or link in the suspicious email) to confirm if they really sent it. Only criminals will try to rush you or pressure you into bypassing normal checks.
- Protect. If at any point you suspect something is a scam, report it immediately. Contact your bank straightaway and file a report with Action Fraud (the UK’s fraud reporting centre). The quicker you raise the alarm, the better the chances of stopping the scam and limiting losses.
This simple “Stop–Challenge–Protect” formula has real impact. As UK finance experts note, business email scams often succeed because employees don’t pause; one accounts clerk famously saved her company half a million euros by stopping and double-checking an unusual supplier email. In her words: “Taking a few minutes to confirm bank details directly with suppliers… can have huge rewards. Only criminals will try to rush you…”. It really is that straightforward: spend five minutes verifying, and you might save your business thousands of pounds.
Common Scams Targeting Small Firms
Scammers use many tricks, but several patterns keep popping up in small-business fraud:
- CEO or “boss” fraud: A criminal impersonates the CEO or a senior manager and emails someone in finance to make an “urgent” payment outside normal procedures. They might spoof the boss’s email or gain access to it. Hearing your boss demand a quick money transfer can be scary – but always double-check with the person (in person or by phone) before you hit send.
- Invoice/mandate fraud: Criminals pretend to be a legitimate supplier and say their bank account has changed. You then reroute payments into the scammer’s account. In reality the real supplier never asked for a change. This is very common; UK Finance warns that businesses often fall prey by simply updating payment details without checking.
- Phishing emails: Malicious emails try to trick staff into clicking links, opening attachments or revealing passwords. According to government surveys, phishing is by far the most common attack – about 90% of businesses that suffered cybercrime report it was due to phishing. These emails might masquerade as HMRC, a bank, a parcel delivery, or even fake customer inquiries. Always be suspicious of links and attachments in emails, especially from unknown or unexpected senders.
- Fake tech-support or IT alert calls: Scammers claim there’s a problem with your network or computers and ask to connect remotely or hand over login details. Legitimate tech companies don’t do this uninvited. If you get such a call, hang up and call the official support number on your own – after checking online or with colleagues.
Whatever the scam, the common threads are pressure and impersonation. Criminals will hurry you, exploit your trust, or use fear (like a claim “your taxes are overdue” or “your security is breached”) to rush a payment. Keep in mind the sage advice: if something feels off, it probably is.
Practical Tips to Keep Your Business Safe
Beyond the Take Five to Stop Fraud rules, there are other simple precautions small firms can take:
- Educate Your Team: Make sure everyone knows the Stop–Challenge–Protect steps and is trained to spot scams (like unexpected invoices or “urgent” requests). Even one careless click can let an attacker in. Regular reminders (e.g. safety posters or quick meetings) help keep vigilance high.
- Protect Information: Be careful what you share publicly about your business. UK Finance cautions to “be wary of any unexpected contact requesting an urgent payment and… be careful with the type of information you share online about your business.”. The more details you expose (e.g. about employees, systems or operations), the easier scammers can craft convincing messages.
- Verify Before Paying: Never change payment instructions or send large transfers without a multi-step check. Always use pre-existing procedures (like contacting the boss who ordered it or calling the supplier at a known number). As one expert put it, do not “step outside your usual payment processes” even if someone tells you to hurry.
- Strong Cyber Hygiene: Use strong, unique passwords and multi-factor authentication for business accounts. Keep software and antivirus tools up to date. Even a basic firewall or VPN (for remote work) can foil many common attacks (as image security warnings remind us).
- Check for Spoofing: If you get an email from a bank or government agency, look carefully at the sender’s address and any URLs (hover over links). Many scam emails use addresses that almost, but don’t quite, match real ones. And remember: banks or HMRC will never email asking for your full PIN or password.
Using these practices – along with that crucial five-minute pause – makes it much harder for fraudsters to succeed. And if the worst happens, acting fast (calling your bank, shutting down the compromised system, reporting to Action Fraud) can reduce the damage.
Cybercrime may be on the rise, but so is awareness and readiness. By embracing the Take Five advice and staying alert, UK small businesses can make life very difficult for scammers. A quick pause and a phone call can be worth far more than five minutes’ worth of losses. Stay safe, and remember: If in doubt, check it out!
Sources: Official campaign guidance and UK finance reports were used in this article to ensure accuracy and relevance.
