Get In Touch

Phishing Attacks: Key advice for SMEs

Phishing attacks, where cybercriminals mimic legitimate sources via emails or social media, are prevalent in Australian sectors like government, healthcare, and IT. These have seen financial losses of between $45,000 and $97,000 incurred by SME’s.

For businesses of all sizes, risk is inevitable. How you manage those risks can set you apart in your industry. With increasing cybercrime, SMEs will always prove to be a lucrative target.

The Ticking Clock

Download our whitepaper to get your Comprehensive Guide to Navigating a Business Email Compromise (BEC) Crisis

Download our BEC whitepaper

Steps you can take to prevent phishing attacks

To protect against phishing, it’s vital to empower your team and clients with knowledge.

  • Educate them on recognizing phishing signs and the risks involved.
  • Share best practices for avoiding and reporting such attacks.
  • Give clear guidelines on how to verify the authenticity of emails and messages from your company.

A sound email security system can help you filter out spam and malicious emails and prevent them from reaching your customers or staff. You should:

  • Use encryption, authentication, and digital signatures to secure your email communications.
  • Implement rule-based filtering to remove unverified and unwanted emails and texts.
  • Monitor your email domains and addresses for any signs of spoofing or compromise.

It’s essential to strengthen your defence against phishing with robust passwords. Encourage your team and clients to:

  • Use complex, unique passwords for each account, mixing numbers, characters, and symbols.
  • Change passwords regularly and keep them confidential.

Boost your defence against phishing by advocating for complex, regularly updated passwords and implementing a password manager across your organization for enhanced security.

Target Employee

Can include a combination of malicious cyber tactics including phishing and malware to gain access to an employee with financial responsibility.

Goal of Attacker

To compromise an employee’s legitimate business email to send invoices to outside vendors and request money to a fraudulent bank account.

Signs to look out for

  • Unrecognised sent or deleted emails
  • Mismatch of bank details on invoices

Target Employee

This attack initially targets lawyers to penetrate a business on the law firm’s client list.

Goal of Attacker

To compromise a legitimate law firm’s email account to access their client list and request billed hours to be paid to a fraudulent bank account.

Signs to look out for

  • Out of the blue request for lawyers fees
  • Different bank details than previous transfer
  • Unusual tone in email or a sense of urgency for payment.

Many of the above scams have similar attack features but are usually delivered searching for a different goal of compromise. These may include more BEC scams as cyber-attacks and criminals become more sophisticated.

How do you defend against BEC Attacks?

The best line of defence starts with ensuring all employees, from top to bottom, understand the kind of risks that are out there. On top of this, it’s essential to have a range of tight-knit security controls and policies in place to mitigate incoming threats.

Here are some tips to secure your business against BEC attacks.

  • Secure your domain by ditching free web-based emails for a company domain

  • Add layers of security for email accounts through Multi-Factor Authentication (MFA)

  • Be cautious of unknown emails, links, and attachments

  • Guard your domain by registering variations of your business name to protect against spoofing

  • Always verify every sender’s address for irregularities

  • Forward emails where possible, including relevant cc’d parties

  • Limit oversharing on social media and websites

  • Verify transfers before sending with trusted contacts

  • Watch for abrupt changes in customer or vendor habits

  • Keep up to date with scam types and trending cyber attack vectors


As technology and cyber criminals evolve, SMEs must adapt to the ever-changing cyber threat landscape. Fostering a cyber-secure and conscious culture within your team is critical in protecting your business from cybercriminals. You should also pair this with a concrete incident response plan.

In essence, the emphasis on cyber resilience underscores the Australian government’s commitment to ensuring business continuity and protecting its citizens’ digital assets and information. The digital future is bright only if we do our due diligence.

Want to protect your company against Phishing attacks? Get in touch with our team at LEAP Strategies today.

Customer Stories

Platatac logo

Platypus Outdoor Group

Platypus Outdoor Group is a Melbourne-based company that offers military, law enforcement, and emergency responder footwear, clothing and field gear for public and government purchase.

LEAP Strategies joined forces with Platypus in 2001 to implement and manage their technology solutions. Since the partnership began, LEAP has built a trusted relationship with Platypus through successfully establishing and maintaining their servers, network and security. Security is paramount due to their direct dealings with law enforcement and military forces in Australia and worldwide.

Bob Stewart: Our family serving you since 1925

Bob Stewart – A Spotlight on Success

Third generation family business, Bob Stewart is a hallmark retailer in the world of school uniforms around Australia.

Partner centric in our approach, LEAP Strategies has collaborated with Bob Stewart for 15 years, adapting technology solutions to suit evolving business needs.

Let’s Start the Conversation.

Transform your tech landscape with LEAP Strategies.

Reach out to discuss our innovative solutions