Don’t Get PhishedDon’t Get PhishedDon’t Get PhishedDon’t Get Phished
    • HOME
    • FEATURES
      • Enduring Appeal
      • How To Pull in Modern Lever Gun Owners
      • Don’t Get Phished
      • Youth Target Guns
    • COLUMNS
      • Editor’s Note
      • News Briefs
      • Five Minutes WIth …
      • FYI
    • DEPARTMENTS
      • What’s Selling Where
      • New Products
      • The Simple Truth
    • SB ARCHIVES
    • SHOT DAILY
    • ADVERTISE NOW
    ✕

    Don’t Get Phished

    Click on the wrong link or file in your email and you could be opening the door to a serious malware attack. Here’s how to protect your business.

    By Todd W. Smith

    According to the U.S. Chamber of Commerce, cybersecurity attacks are small business’s number one concern—higher even than supply chain disruptions or the risk of another pandemic. In a previous article (see SHOT Business, September-October 2024), we spoke about steps small-business owners can take to prevent crippling malware attacks. Here, we’ll take a deeper dive into the biggest source of such attacks—phishing, which targets employees through email.

    Everyone’s Achilles’ Heel

    Consulting firm Deloitte reports that 91 percent of cyberattacks begin with phishing. The scam is simple: criminals attempt to trick unsuspecting victims into revealing confidential information through the use of deceptive email messages or links. In many instances, employees are targeted to gain access to employer information, which can turn a single clicked link into a company-wide breach.

    These incidents harm businesses’ reputations, and many cause serious revenue losses. IBM’s “Cost of a Data Breach Report 2024” states that the global average cost of a data breach in 2024 was nearly $5 billion—a 10 percent increase over last year and the highest total ever.

    How do these attacks happen? People are naturally curious, and want to investigate things they don’t understand. Add to that phishing’s ability to appear urgent and credible, and almost anyone can be vulnerable.

    TotalHIPPA reports that the top reasons people are duped by phishing emails are curiosity (13.7 percent), fear (13.4 percent), and urgency (13.2 percent), followed by reward/recognition, social, entertainment, and opportunity.

    Why are small businesses such easy targets for email scammers? Lack of education on the part of owners and employees is a primary cause, as is the absence of proper security protocols. Think about it. If you’re a criminal, why would you try to break into Fort Knox when it’s far easier to rob the defenseless store down the street? Phishing small-business employees through their email is far easier, and there is less risk, than taking on large corporations that have invested in cybersecurity.

    How Cybercriminals Get You To Click

    Most phishing emails look innocent from the outset, but don’t be fooled. Here’s how data breaches from phishing generally happen:

    1. An email arrives that looks legitimate. It might appear to be coming from a trusted source—one of your vendors, your bank, a credit card company, or someone you know.
    2. The message asks you to click a link, or provide your password, business bank account, or other sensitive information. This is an automatic red flag.
    3. These messages always look real. They may even contain logos or fake email addresses designed to make you believe they are from a reputable source. Creating fake logos and email addresses is easy, however, and cybercriminals are betting that by using company names you’re familiar with or by pretending to be someone you know, you’ll let your guard down. Don’t!
    4. There is always a sense of urgency. “Respond now” or something bad will happen. Be on the alert for emails that claim to be:
      1. An official data breach notification
      2. A Fed Ex or UPS label delivery
      3. An IT reminder that your password expires in less than 24 hours
      4. An urgent message from your bank or boss.
    5. What happens next is where things can get ugly. If you click on a link or download an attachment, scammers can install ransomware or other programs that can lock you out of your data. Once installed, malware can also quickly spread through your network or lie dormant until nefarious parties decide to take your network down. Any passwords you might have shared will now be in the hands of cybercriminals who can access all those accounts.

    Fortunately, there are steps you can take to curtail phishing incidents.

    If you click on a link or download an attachment, scammers can install ransomware that can lock you out of your data. Once installed, malware can also quickly spread through your network or lie dormant until nefarious parties decide to take your network down.

    If something looks suspicious, it probably is. don't open it!
     

    Be especially wary during holiday periods. Cybercriminals are famous for attacking small businesses during the busiest times of the year, such as Christmas and tax season.

     

    10 Ways To Stop Email Attacks

    Here are some quick tips that will help safeguard your business against email-related cyberattacks:

    1. Develop a culture of cybersecurity: Educating your staff about the latest email threats is the simplest and cheapest way to prevent malware attacks. If something looks suspicious, it probably is. Don’t open it!
      1. Any email that requests sensitive information, promotes gifts in exchange for information, or contains a link to provide more information is probably a scam.
      2. It’s easy for cybercriminals to duplicate company logos and images. Study the actual images of the legitimate parent company and compare them to the logos on the phishing email. If an email contains only the name of the company or a supposed employee of the company, don’t fall for it.
      3. When in doubt on any of the above, call the vendor, bank, or company to verify whether they actually sent the email.
    2. Change passwords frequently: Changing email passwords regularly is a smart practice and passwords should be strong and unique.
        1. Strong passwords should be at least 12 characters long and include a mix of letters, numbers, and special characters. 
        2. This should be done at least every quarter.
        3. To minimize risks, use different passwords for different applications and sites so that personal email, corporate networks, banking, and social media accounts are separated.
    3. Use a two-step verification process: Most banks have this policy in place already. This is a great practice to apply to your email and business accounts.
    4. Back up your data. Make regular data backups a standard practice. That way if a phishing attack occurs and a hacker gets into your network, you can restore your data after the breach has been eliminated. Make sure your data is backed up to a secure, encrypted, and off-site location.
    5. Segment your server. Think of your server like a castle with various levels of security—a moat, outer walls, inner walls, and keep. Each offers separate levels of security. If one section is breached, the database can still be protected by its other security barriers. Emails should be segmented accordingly.
    6. Beware of attachments: Only open attachments when you are expecting them and you absolutely know what they contain, even if you know the sender.
    7. Call the sender for verification: When in doubt, call whoever sent the email to verify they are, in fact, the sender and that the email and/or attachment is legitimate.
    8. Update your software. Make sure you’re using the latest software version, as updates often contain the most up-to-date data-security measures.
    9. Be especially wary during the holidays. Cybercriminals are famous for attacking small businesses during the busiest and most stressful times of the year. Be on the lookout for phishing emails around big holidays like Christmas and during tax season.
    10. Consider installing advanced antivirus software: This software is designed to scan all inbound emails and file attachments to reduce the risk of malware attacks. OPSWAT, a company dedicated to protecting complex data environments, offers advanced protection against phishing, malware, and exploits that bypass traditional email security defenses.

    Taking proactive steps today to educate yourself and your staff about email security will pay big dividends.  A few best practices go a long way, and might just save your business

    To minimize risk to your network, use different passwords for different applications.

    Resources

    The Federal Trade Commission has some smart tips for small-business owners regarding phishing and other cybersecurity questions (ftc.gov). Your local bank can offer some great tips for spotting scams and fraud. Go to chase.com for “How to Spot Fraud and Scams.” Many security companies offer email assessments. Check out opswat.com. The Cybersecurity & Infrastructure Security Agency (CISA) offers great information and statistics on phishing (cisa.gov).

    Share
    © Copyright 2025 All Rights Reserved. SHOT Business is the official publication of the National Shooting Sports Foundation