Businesses are embracing technology and relying more heavily on the web for communications —  attracting cybercriminals with new attack methods. Phishing is a tactic defined by the U.S. government as an online scam that targets users by sending emails that appear to be from a well-known source. The sender could be posing as the CEO of your company or even as a business you frequently use such as Microsoft or Amazon. 

Even tech giants Facebook and Google suffered a phishing attack lasting more than two years in which a cybercriminal posed as a large Asian-based manufacturer they regularly did business with. The criminal conned Facebook and Google out of $100 million using fake corporate stamps, email addresses, and invoices. 

Businesses of all sizes are targeted. An SMB can suffer from downtime, lost revenue, loss of trust, stolen data, and more due to phishing. There could be more severe consequences, as SMBs often don’t have resources to remediate an attack. According to a 2016 survey sponsored by Cloudmark, the average cost of handling a phishing attack on a mid-sized organization is $1.6 million. An even worse figure, reported by Deloitte, states that one in every three consumers will actually drop your company after it suffers a cybersecurity breach. 

What is the main goal of phishing?

Hackers use phishing to:

• Obtain your personally identifiable information (PII) or business data
• Upload malware or ransomware to your device(s) 
• Impersonate a trusted person or business to request money

This allows them to:

• Exploit your data for money 
• Encrypt or destroy your data 
• Steal passwords, usernames, and more 

All it takes is for an employee to: 

• Click a malicious link or attachment
• Enter sensitive information 
• Fall for a false corporate email or stamp 

How can you spot phishing emails?

Look for the following suspicious elements when opening your next email.

What to do if you suspect a phishing attack

Ask yourself — Do I know this person or this company contacting me?

• If yes, contact the person or company by phone or by going on the company website. Do not click any links or download any attachments.
• If no, go back and review the tips for how to recognize phishing. If you see the signs, report the message to the email provider as spam and delete it. Warn other employees if it’s a business email domain. 

New signs scammers are targeting SMBs 

Users of Software-as-a-Service (Saas) and webmail services – common SMB tools – are now being targeted more than any other group, according to the Anti-Phishing Working Group. The category became the biggest target for the first time in Q1, accounting for 36% of all phishing attacks.

In order to stay ahead, keep your antivirus software up to date and secure your network traffic to mitigate phishing risk at your company. Avast Business offers advanced cybersecurity solutions to protect businesses and their employees from falling victim to phishing emails, as well as keeping software patched and secure. Contact us to learn more about protecting your network.