According to a 2019 report by The Radicati Group, there are more than 3.9 billion email users worldwide. With this number only expected to grow, it is no surprise that scammers rely heavily on email to virtually attack businesses. One of the most common types of email-based attacks is phishing.


Phishing attacks are email or virtual message attacks intended to trick the recipient into sharing sensitive personal or business information with a scammer. There are several types of phishing to be aware of, each with a slightly different approach:
  • Deceptive phishing — scammers target masses (like whole companies) and do not necessarily have prior knowledge of the target.
  • Spear phishing — scammers target an individual or group (like a director or a department) and have enough knowledge to make a compelling cover.
  • Whaling — a form of spear phishing geared to elicit a response from high-level company employees (like CEOs).

Identifying a scam

One of the most challenging parts of identifying phishing scams is that they are specifically designed to look legitimate. From websites to email addresses, scammers will attempt to duplicate enough of their persona as to appear like the real deal. Signs of a phishing email may include:
  • Email address doesn’t match the company URL.
  • Sender requests that you confirm or share personal or confidential information.
  • Sender asks you to click an external link to view the full message or input data.
  • Message is highly urgent with some variation of actionable requests.
  • Reply-to address is different from the sender.

Safeguarding your business

Fortunately, for a phishing attack to work, a recipient has to take some kind of action—by way of clicking a link, intentionally responding with requested details, etc. By requiring security awareness training for all staff, investing in data security measures, and following the steps below, you should be able to mitigate the risk of a phishing attack on your small business.
  • Slow down — review messages you receive in full before taking requested actions.
  • Go directly to the source — if something seems “phishy,” reach out directly to the source via phone to confirm that they generated the message; if an email asks you to enter or edit confidential details, navigate to the site in question directly and change details in a new window.
  • Trust your gut — if a message seems too urgent, too good to be true, or otherwise off, it probably is.
Has your small business been targeted by a phishing attack? Comment below or contact us to share the message(s) you received.