Phishing scams are on the rise, and their success rate hinges on strategic manipulation and susceptibility. As these attacks become more dangerous and harder to spot, it’s important to take steps to stay vigilant. In this article, we’ll provide tips for preventing phishing attacks from impacting your business.

Understanding Why Phishing Targets SMBs

Phishing is a crime of opportunity. When you run a small business, minimal security resources, expertise, and training can make you a sitting duck. According to a 2021 Cyber security threat trends report by CISCO, at least one person clicked a phishing link in around 86% of organisations. The messaging looks legitimate, the brand impersonations seem real, and the malicious sites appear credible. Want to get better at all of the above? Focus your efforts on avoiding these three phishing hooks:

Be Cautious: Navigating Domains & Websites

  • Inspect the sender. If you don’t know them or notice that even one letter is off in their name or domain, skip until you can confirm it’s legitimate.
  • Keep cautious of PDF attachments. They’re the most common type of malicious file.
  • Noticing URL redirects or small differences in a website’s design, content, or layout? Be on alert. They could be signs you’re about to get hooked by a potential phishing attack

Get Secure: Bolstering Wi-Fi, Firewalls, & Filters

  • Investigate reputable anti-phishing add-ons that can be added to your browsers, firewalls, and security platforms. Many are free and can provide a strong line of defence when coupled with training on how to identify a potential problem.
  • Take steps to secure your network. You may choose to hide your network name by setting up a wireless access point that creates a wireless local area network, or WLAN. Be sure to create a strong password that differs from the default that comes with your router since many models can be looked up online.
  • Ensure all your security software stays patched and up-to-date, including any antivirus programs, spam filtering tools, firewalls, and web filters, all of which can prevent a phishing attempt from becoming a successful attack.

Stay Sharp: Training for Spotting a Fake

  • Craft comprehensive security training that is updated and conducted on a regular basis. See that it covers new schemes (identified inside your org and elsewhere), best practices for monitoring and identifying an issue, and ways to test the user’s knowledge.
  • Create a cheat sheet that covers tips for spotting fake emails like:
    • Inspect the sender. If you don’t know them or notice that even one letter is off in their name or domain, skip until you can confirm it’s legitimate.
    • Keep cautious of PDF attachments. They’re the most common type of malicious file.
    • Note the subject line. Seeing any of the following words should raise your hackles: Urgent, Request, Important, Payment, Attention.
  • Simulate phishing attacks with your employees to help them identify the signs of a phishing email.

The Rise of Cyber crime and Scamming as a Service

The dark web is full of scamming services for hire.
As cyber criminals become more sophisticated, they’re also becoming more efficient in their efforts to defraud individuals and businesses. With the rise of “scamming as a service” on the dark web, it’s easier than ever for even low-skilled threat actors to target SMBs. These underground virtual marketplaces offer end-to-end services for a fee, making it possible for anyone to orchestrate an attack with minimal effort.

The prevalence of scamming services means that small businesses need to take extra care to protect themselves from phishing attacks. The following tips can help reduce the risk of falling victim to these scams:

  • Ensure all employees are trained to spot potential phishing attempts, including identifying suspicious URLs and checking sender information.
  • Implement multi-factor authentication (MFA) for all sensitive accounts to provide an additional layer of protection.
  • Regularly update security software, including antivirus programs, firewalls, and web filters, to ensure they stay current and effective against new threats.
  • Consider investing in a managed IT services provider who can provide ongoing support and monitoring for your business’s security needs.
  • Encourage employees to report any suspicious emails or links to IT staff for investigation, rather than clicking on them themselves.
  • Implement policies around password strength and regular password changes, as weak passwords are often a vulnerability that cybercriminals exploit.


By taking these steps, small businesses can reduce the likelihood of falling victim to a phishing scam, and minimise the damage if one does occur. It’s important to remember that staying vigilant against cyber crime is an ongoing effort, and requires ongoing training, updates, and vigilance to stay ahead of the latest threats.

Want insights like this in your mailbox? Join our monthly mailing list

Recent Insights

How can we make your business better with IT?

    Rock IT is a Partner of the ASD (Australian Signals Directorate) Australian Cyber Security Centre and is a member of the Australian Joint Cyber Security Centre (JCSC).