What small businesses need to know about email phishing in 2020

There are many cyber threats facing small businesses today, but arguably none are as potentially harmful as email phishing attacks. Given how easy such attacks are to deploy, it's no wonder why cyber criminals continue to leverage phishing emails even when more sophisticated options are available. In 2019 alone, the Australian Competition and Consumer Commission (ACCC) received more than 25,000 reports of phishing-related scams. Those incidents cost Australians roughly $1.5 million, but the total cost of email phishing – including unreported scams – is likely significantly higher.

With stakes as high as they are, small businesses need to address the threat of email phishing head on. All it takes is one click of a mouse to compromise systems, expose sensitive data and wind up spending a small fortune remediating the threat. The key to preventing costly phishing attacks is to fully understand how they work and what red flags employees should look out for. Here's what every small business should know about email phishing.

Scammers feast on times of uncertainty

Economic downturns, social upheaval and global crises are times of plenty for phishing scammers who can prey on other people's uncertainty and fear. The COVID-19 pandemic has given cyber criminals yet another way to add context and flavour to their phishing emails, taking advantage of targets who are worried about the ongoing public health crisis and are eager to open any email addressing it. The ACCC reported a spike in phishing reports in the weeks and months following the onset of the novel coronavirus pandemic in Australia, noting that in several instances, scammers pretended to represent entities ranging from insurance companies to the Australian Government in their phishing emails.

Employees should always view unsolicited emails with a healthy degree of scrutiny under any circumstance, but it's especially important during the current global climate to follow cyber security best practices. The ACCC recommends avoiding clicking on hyperlinks sent through email, text or social media, unless the recipient can completely verify the authenticity of that message.

Cyber criminals have a number of ways to make phishing emails more effective.Cyber criminals have a number of ways to make phishing emails more effective.

Phishing attacks leverage your own data

Phishing techniques have grown much more sophisticated over the years, incorporating personal information to add more detail to emails and fool targets into clicking on a malicious link or downloading a malware attachment.

Cyber criminals have a number of avenues at their disposal to tailor phishing emails according to their specific targets. For instance, scammers will comb through a potential victim's social media presence to gather intel about their job, social circle, personal life and more. With a little legwork, malicious actors could easily get the name of a person's supervisor and craft an email that references a particular work-related issue that seems entirely genuine.

Because of these risks, it's important to remind small business employees that they should exercise restraint when it comes to sharing information – both personal and professional – on publicly available social media platforms.

The dark web is another valuable source of information and tools for cyber criminals who want to conduct phishing attacks. Phishing kits and stolen personal information are widely available on the dark web at a relatively low cost, allowing anyone who is even remotely tech-savvy to send targeted phishing emails.

Defend your business against email phishing

Phishing may be a major threat facing small businesses in Australia, but it is not an insurmountable challenge. Business leaders can take several steps right now to improve their security posture and defend themselves against these types of attacks:

  • Train employees on the latest security best practices.
  • Assess the effectiveness of current security measures with a thorough audit.
  • Employ email threat analysis solutions.

Biztech can help small businesses with each of those demands by analysing security readiness, educating staff and implementing the latest data security measures. Download our latest eBook to learn more about email phishing – and how we can help protect small businesses against such attacks.