By Trevor Ashford

Cybersecurity Expert

4 Minutes Read

When you’re a small business owner, you’ll do everything you can to protect your investment and give it the best chance of success. You want to do your market research, make things as easy as possible for the customer and hire the right people to support you – but have you considered your cybersecurity measures against attacks such as phishing?

Without the right protection and constant vigilance, your hard work could be at risk. That’s why it’s so important to know what to look out for, and know what to do if anything concerning does arise. In this post, we explore four types of phishing threats that your small business may face.

Email phishing

Modern businesses rely on emails – they’re often a primary source of communication, useful for everything from quotes to invoices and purchase confirmations. However, with 90% of cyberattacks starting with an email, they’re also a way for scammers to slip under the radar and access company information. 

Often, these emails imitate genuine emails that you may be expecting to receive, such as parcel tracking links, failure to send notifications, bills or invoices, or ‘your session expired, please log in here’ messages. Because they don’t seem out of the ordinary, especially in a busy inbox, it’s easy for you and your employees to miss the red flags. 

Once you’ve clicked the link, scammers can gain access to login details that you enter, bank details or even download malicious malware to your device. In some cases, you may not even realize they’ve done it. 

Spear phishing

Information can be just as valuable as money, especially for companies that are willing to pay out to protect their customers. A spear phishing attack is focused on targeting one or a few important individuals at a company, in order to covertly access sensitive details or pressurize them into giving out important information. Scammers use key details like names and job titles to make the emails seem genuine, in order to gain the victim’s trust. In comparison, regular phishing uses a large batch of generic emails – hence the more specific name for this focused type of attack. 

New or junior employees can be particularly susceptible to this kind of attack, because they may not realize that the request for information or ‘help’ with a task is anything out of the ordinary. Additionally, turning down a request from the managing director, for example, can be a hard ask for any employee who doesn't feel able to speak up, so company culture is vital for tackling and preventing spear phishing. 

MFA phishing

These days, many of us use multi-factor authentication (MFA) as standard practice for emails and logins, which is a great first step towards preventing cyberattacks. Adding a second layer of authentication can really deter scammers, and make it harder for them to access your information.

Unfortunately, criminals have developed a new technique called push-bombing, where they take advantage of the genuine authentication process. First, they discover your login details, and then they slide a fake authentication notification in amongst the real ones, in the hope that you accidentally or unknowingly click on their scam one. They can then gain access to your emails or other apps using the initial password they’ve stolen. 

This can be a real area of concern for businesses, particularly those who share a team inbox, for example. Not only can employees unwittingly approve a fake authentication request when they themselves are logging in, they may be tempted to approve any other requests that come through, wrongly assuming they’re granting access to their colleagues.

Smishing and vishing

Emails and MFA logins are not the only targets for phishing attacks – your SMS messages and voicemails are susceptible too. Especially with the rise of artificial intelligence (AI), it’s relatively easy for scammers to create realistic voice models or real-time texts, which can be hard to spot as fraudulent. 

Additionally, in a small business, it’s totally feasible that your team speak to a new customer, supplier or delivery partner who they haven’t had contact with before, meaning they don’t notice anything out of the ordinary. Unfortunately, all of this means it’s relatively simple for scammers to convince your employees to give over important information. 

Stay vigilant

Phishing scams are an unpleasant but unfortunately relatively common problem that small businesses may face. Make sure that you take time to review your security measures and educate your team to give yourself the best chance of defense.