The toll of a phishing scam on a small business owner

Avoiding phishing emails at work.

The scammers hacked into the small business owner’s PayPal account, stealing their money, personal details, and peace of mind.


Phishing emails don’t just target individuals, they target businesses too. They seem unavoidable as they continue to be a well-used tool by scammers worldwide—leading victims to feel particularly vulnerable.

Business owners aren’t immune. One had their PayPal account compromised after receiving a seemingly legitimate email that ended up costing their company £1,800—or around $2,280—in the blink of an eye.

Phishing for the target

Phishing is a scam where bad actors send you communications pretending to be an entity or someone you trust to steal your personal or sensitive information. With this, they may gain access to your bank accounts, your email, company network, social media, and other sources.

This is how it works:

  • Bait. Scammers create a fake message that looks like it’s from your bank, a friend, or a trusted company.
  • Hook. They send this message to you, often with a sense of urgency, like “We couldn’t process your payment. Your service will be canceled.”
  • Catch. You click the link or follow their instructions, thinking it’s legitimate. They gather the information you entered.
  • Steal. You unknowingly give them your personal information, like passwords or credit card numbers. They use that to wipe your account clean.

Impact of the phishing scam

For the owner, this phishing attack threatened more than their business. They lost money and their information was exposed. This incident left them feeling anxious and unprotected.

We can understand their feelings through Scam Artists—an educational campaign using art to visually demonstrate the emotional impact of cybercrime, produced in collaboration with award-winning psychologist Lee Chambers.

The owner’s brain reactions were monitored when prompted to recall their emotional states before, during and after the attack, with the final session occurring after an introduction to cyber protection.

Left to right: before, during and after visualizations of brainwave data.
Left to right: before, during and after visualizations of brainwave data.
Left to right: before, during and after visualizations of brainwave data.

The creative visuals paint a picture of how a scam victim is impacted by the ordeal. The first and third images indicate a relaxed state, however the eruption of brain activity after recalling the cyber incident suggests a moment of realization triggering responses associated with loss, feeling attacked and anger.

Evading phishing attacks

Phishing is, unfortunately, common. But there are steps you can take to help protect yourself and your business from this type of cyberattack.

Take the time to inspect the message

Sometimes our inbox is full and we’re mindlessly scrolling. That’s okay. However, if you’re clicking a link, it’s important to inspect the message first—even if it looks like it was sent by a known contact or vendor.

Most phishing messages use social engineering tactics to get you to click—meaning they might provoke an emotional response or sense of urgency. Try to avoid getting caught up in the moment, and don’t engage if you think there’s even a tiny chance that it’s a scam.

Check where the message came from

Always verify the sender’s information and links before clicking. Scammers may use email templates emulating a vendor you use. Look for slight misspellings or unusual email addresses.

If something feels off, don’t click on the links. Contact the sender directly using a known, trusted method.

Prioritize the safety of your business

Help keep you and your small business protected by taking robust online safety measures. A strong, reliable cyber security solution can help keep your company information and hard-earned money safe.

Don’t take the bait

Phishing isn’t going anywhere, but we don’t have to fall prey to these attacks. Stay vigilant, informed, and take the necessary steps to help protect you and your small business from scams. When it comes to phishing attacks, we don’t want to be the catch.

Learn more about the small business owner’s experience as featured in Scam Artists.

NJ
  • Nyrmah J. Reina
  • Managing Editor
Nyrmah J. Reina is a writer and managing editor for the company’s lifestyle blogs. She covers online safety and cybersecurity topics.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents