
Summer is a busy season for small businesses. From farmers' markets to food festivals, fairs, and other community celebrations, they all offer valuable opportunities to meet new customers and boost sales.
In recent months, event organizers on both sides of the Atlantic have warned businesses that fraudsters are impersonating festival and market representatives to steal money from vendors.
Imagine you've been looking for local events where you can showcase your products and you stumble upon a popular summer festival on Facebook. You leave a comment that says you’re interested in becoming a vendor and receive a reply within minutes.
A self-described “event organizer” tells you only a few vendor spaces remain and invites you to continue the conversation through Messenger or email. They provide an application form and ask for payment to reserve your booth.
Everything looks legitimate, and you’re excited about the opportunity. They use the festival's logo, photos from previous years, and professional language. They may even answer questions about the event.
But after you send payment, the person disappears.
Unfortunately, this scenario is increasingly common. In Nevada, for example, organizers of the Fallon Cantaloupe Festival alerted businesses about fake Facebook posts offering vendor spaces and requesting payment through unofficial channels. Meanwhile, the BBC reported on a growing trend of scammers targeting vendors directly through Facebook event pages, posing as organizers and tricking businesses into paying for non-existent stalls.
For busy business owners eager to secure a spot before events sell out, these scams can be highly convincing. In some cases, the damage goes beyond the loss of a vendor fee. A fake invitation can also expose your business to phishing attacks, credential theft, malware, or even ransomware.
Small restaurants, artists, retailers, and other service providers make attractive targets for fraudsters. And what makes these scams particularly dangerous is that most of these small businesses receiving an invitation during this period seem perfectly normal. To increase the pressure, fraudsters often claim that vendor spaces are almost gone or that payment must be made immediately to avoid losing the opportunity.
If a business posts "Interested!" or asks how to become a vendor, scammers may quickly respond, posing as the organizer.
Some invite businesses into private Messenger conversations. Others direct victims to fake application websites or request payments through Zelle, Venmo, Cash App, bank transfers, or cryptocurrency.
Because these conversations happen beneath legitimate event announcements, many businesses naturally assume they're speaking with the real organizers.
Making matters worse, some of these scams don’t just focus on collecting registration payments.
A fake vendor application may ask you to create an account using your Microsoft 365 or Google Workspace credentials, allowing attackers to steal business logins, while attachments may secretly install malware when opened.
Once attackers gain access to a business device or email account, they may attempt to steal sensitive information, collect customer data, access financial information or even deploy ransomware.
For many small businesses, recovering from a cyberattack can be significantly more expensive than replacing the original vendor fee.
You may also want to read:
Before responding to any vendor invitation, look for warning signs, such as:
Any one of these warning signs is enough to slow down and independently verify the invitation. If you encounter a fake vendor invitation, let the event organizers know. Many festivals and trade shows issue public warnings once they're aware of impersonation attempts, helping prevent other small businesses from becoming victims. Reporting the scam to both social media platforms and the relevant authorities can also help disrupt the scam.
Before sending payment or sharing business information:
If someone contacts you through Facebook or Messenger, don't assume they're affiliated with the event simply because they commented on the official page.
If you realize you've responded to a fake vendor invitation, acting quickly can help limit the damage.
Employee awareness is one of your strongest defenses, but technology plays an equally important role.
Businesses should keep devices updated, enable multi-factor authentication for business accounts, regularly back up important files, and train employees to recognize phishing attempts and social engineering tactics.
A layered security solution such as Bitdefender Ultimate Small Business Security helps reduce the risk of a fake vendor invitation turning into a much more serious cybersecurity incident. It helps detect phishing attempts, blocks malicious websites, identifies suspicious downloads, protects your devices against malware and ransomware, and helps safeguard business credentials if attackers attempt to compromise employee devices.
Whether the scam begins with a fake Facebook message or a convincing email, multiple layers of protection can help stop an attack before it disrupts your business.
Scammers often impersonate legitimate event organizers, suppliers, or vendors to trick businesses into sending money or sharing sensitive information. Watch for these common warning signs:
If you're unsure, contact the event organizer using the phone number or email address listed on its official website. Never rely solely on contact information provided in an unsolicited message.
Small businesses are frequent targets because they often have limited staff and fewer cybersecurity resources. Some of the most common scams include:
Many of these scams begin with social engineering, where attackers manipulate employees into trusting a fraudulent email, message, or phone call.
Cybercriminals use a combination of technology and psychology to make their scams look legitimate. They often research businesses and employees via company websites, LinkedIn, Facebook, Instagram, and other social media platforms.
Common tactics include:
The best defense is to verify unexpected requests through trusted channels, train employees to recognize social engineering tactics, and use layered security that can help block phishing attempts, malicious websites, and malware before they compromise your business.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all posts