Serving Plant City, Tampa & Central Florida 📞 (508) 243-7410 ✉ brendan@beardedbytes.com

Phishing Scams Hitting Florida Small Businesses Right Now

The phishing emails landing in Tampa Bay inboxes today — Sunbiz fees, hurricane invoices, MSP impersonation — and how to spot them before your team clicks.

Stylized illustration of a fisherman with a computer caught on the fishing line — representing phishing emails landing in small business inboxes

If you run a small business in Tampa Bay, your inbox is being probed today. I see it in the firewall logs at every client I onboard — a steady drip of phishing attempts targeting Florida businesses specifically, often by name, often surprisingly well-tailored.

The generic “Nigerian prince” stuff is mostly gone. What’s landing in inboxes in 2026 is researched, local, and timed to whatever’s going on in the news. Here are the five scams I’m watching most closely right now, all of them currently hitting Florida small businesses — including a couple I’ve cleaned up at clients in the last month.

1. The Sunbiz “annual report” email

This is the one I see most often. Every Florida LLC has to file an annual report with Sunbiz by May 1, and the real fee is $138.75. Scammers know this. They’re sending emails — and in some cases physical-looking letters — that mimic Sunbiz branding and demand “expedited filing fees” of $200–$500, or threaten dissolution if you don’t pay a fake “compliance fee.”

The tells:

If you’re not sure, log into sunbiz.org directly and check your filing status. Never click the link in the email.

2. Hurricane and storm-themed invoice fraud

Florida’s hurricane season runs June through November, and the scams ramp up the moment a system enters the Gulf. The pattern I keep seeing: a fake invoice from a “tree service,” “roofing company,” or “FEMA contractor” gets emailed to AP a week after a storm, when real invoices are pouring in and the office is overwhelmed.

The amounts are usually $1,500–$8,000 — low enough that nobody calls to verify, high enough to be worth the scammer’s time. They count on you assuming someone else on the team authorized the work.

If anyone in your office can pay an invoice without a matching purchase order or work authorization, you have this vulnerability. The fix is simple: no invoice gets paid without a PO or a written approval from someone who actually authorized the job.

3. Fake MSP or IT support calls

This one’s been hammering medical and legal practices in Plant City and Lakeland especially. Someone calls, says they’re from “your IT provider,” and asks the front desk to install a “security update” or read out an MFA code. The voice on the phone often knows your real MSP’s name — that information is on your website, on LinkedIn, or in a service agreement that leaked somewhere.

Your IT provider should never need an MFA code from you. Ever. If you’re a client of mine, I will never call asking for one. If somebody does, hang up and call us back at the number you already have.

If you don’t already have a written rule about this, write one today and tape it to every front-desk monitor.

4. Voice-cloned wire transfer requests

This one’s newer and it’s working. Scammers scrape thirty seconds of audio from a podcast appearance, a Facebook video, a Chamber of Commerce panel — and clone the owner’s voice with consumer AI tools. Then they call the bookkeeper, sound like the boss, and request an urgent wire to a “new vendor.”

Two clients in the last six months have come close. One actually sent the money. The other caught it because the bookkeeper had a callback rule — any wire above $5,000 gets confirmed on a separate channel before it goes out.

If you don’t have a callback rule for wires, that’s the single highest-ROI security policy you can write this month.

5. DBPR and DOR impersonation

Licensed trades — contractors, electricians, HVAC, cosmetology — are getting targeted with fake notices that look like they’re from the Department of Business and Professional Regulation or the Department of Revenue. “Your license is suspended pending payment.” “Your sales tax filing is past due — pay this $1,250 fee immediately.”

Real DBPR and DOR communications go through their official portals. They don’t email you a Stripe link. If something feels off, call the agency directly using the number on their official .gov site, not the number in the email.

A quick defensive checklist

A few things you can do this week that will block the majority of what I’ve described above:

If you’d like a hand putting any of these in place, book a free 30-minute consultation and I’ll walk through your current setup and show you the highest-impact fixes for your business. I work with small businesses across Plant City, Tampa, Lakeland, and the rest of Central Florida — here’s where we’d usually start on the cybersecurity side if you want a sense of what that looks like.

The scams aren’t going to slow down. The good news is the defenses don’t have to be complicated — they just have to actually exist.

Tags: #phishing#cybersecurity#small business#florida#tampa bay

Need help with this in your business?

Bearded Bytes provides on-site IT support, cybersecurity, and managed services across Plant City and the Tampa Bay area. Book a free consultation.

Talk to Brendan →