BAKERSFIELD, Calif. (KGET) — Nicole Rossi just wanted to lift up the owner of another small business.

“I just thought she needed help,” Rossi said. “So I sent her all the information.”

Rossi, owner of hand-potted plant shop The Gifting Garden, received a message weeks ago from what seemed to be a small enterprise like hers, starting a new clothing line. She clicked a link.

“About thirty minutes later,” Rossi said, “I realized via email that I was now locked out of my account.”

Rossi was the victim of a new scam targeting small businesses with little or no cyber defense.

“Most of them aren’t large corporations or targets, they’re small to medium-sized businesses,” Grapevine MSP chief information officer Robert Miles said.

She wasn’t alone. Miles says in the past weeks, he’s seen multiple businesses hit by the same scam.

That may be little consolation to Rossi, who makes essentially all of her sales through Instagram and other social media.

“It’s really affected our credibility,” Rossi said. “Not only that, but our business, the way we operate business.”

Rossi reported the attack to the local branch of the FBI, but she still doesn’t have control of her Instagram.

“I have recovered it twice, only for them to take it over yet again for a third time,” Rossi said.

She’s speaking out now in the hopes that businesses like hers might be more aware.

“Just change the new passwords, set up two-way authentication, set up a secondary email, make sure all of that is in place,” Rossi said.

Even the most basic security measures could make a small business too much trouble to attack.

“That old adage, ‘Be faster than the cheetah? No, you just have to be faster than the guy next to you,'” Miles said. “Same principle in security, you just have to be better than anybody else, and you’re less likely to get attacked.”