The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040.

At Kaspersky, we track how this surge in online shopping activity is mirrored by cyber threats. In 2025, we observed attacks which targeted not only e‑commerce platform users but online shoppers in general, including those using digital marketplaces, payment services and apps for everyday purchases. This year, we additionally analyzed how cybercriminals exploited gaming platforms during Black Friday, as the gaming industry has become an integral part of the global sales calendar. Threat actors have been ramping up their efforts during peak sales events like Black Friday, exploiting high demand and reduced user vigilance to steal personal data, funds, or spread malware.

This report continues our annual series of analyses published on Securelist in 2021, 2022, 2023, and  2024, which examine the evolving landscape of shopping‑related cyber threats.

Methodology

To track how the shopping threat landscape continues to evolve, we conduct an annual assessment of the most common malicious techniques, which span financial malware, phishing pages that mimic major retailers, banks, and payment services, as well as spam campaigns that funnel users toward fraudulent sites. In 2025, we also placed a dedicated focus on gaming-related threats, analyzing how cybercriminals leverage players’ interest. The threat data we rely on is sourced from the Kaspersky Security Network (KSN), which processes anonymized cybersecurity data shared consensually by Kaspersky users. This report draws on data collected from January through October 2025.

Key findings

• In the first ten months of 2025, Kaspersky identified nearly 6.4 million phishing attacks which targeted users of online stores, payment systems, and banks.
• As many as 48.2% of these attacks were directed at online shoppers.
• We blocked more than 146,000 Black Friday-themed spam messages in the first two weeks of November.
• Kaspersky detected more than 2 million phishing attacks related to online gaming.
• Around 1.09 million banking-trojan attacks were recorded during the 2025 Black Friday season.
• The number of attempted attacks on gaming platforms surged in 2025, reaching more than 20 million, a significant increase compared to previous years.
• More than 18 million attempted malicious attacks were disguised as Discord in 2025, a more than 14-time increase year-over-year, while Steam remained within its usual five-year fluctuation range.

Shopping fraud and phishing

Phishing and scams remain among the most common threats for online shoppers, particularly during high-traffic retail periods when users are more likely to act quickly and rely on familiar brand cues. Cybercriminals frequently recreate the appearance of legitimate stores, payment pages, and banking services, making their fraudulent sites and emails difficult to distinguish from real ones. With customers navigating multiple offers and payment options, they may overlook URL or sender details, increasing the likelihood of credential theft and financial losses.

From January through to October 2025, Kaspersky products successfully blocked 6,394,854 attempts to access phishing links which targeted users of online stores, payment systems, and banks. Breaking down these attempts, 48.21% had targeted online shoppers (for comparison, this segment accounted for 37.5% in 2024), 26.10% targeted banking users (compared to 44.41% in 2024), and 25.69% mimicked payment systems (18.09% last year). Compared to previous years, there has been a noticeable shift in focus, with attacks against online store users now representing a larger share, reflecting cybercriminals’ continued emphasis on exploiting high-demand retail periods, while attacks on banking users have decreased in relative proportion. This may be related to online banking protection hardening worldwide.

Financial phishing attacks by category, January–October 2025 (download)

In 2025, Kaspersky products detected and blocked 606,369 phishing attempts involving the misuse of Amazon’s brand. Cybercriminals continued to rely on Amazon-themed pages to deceive users and obtain personal or financial information.

Other major e-commerce brands were also impersonated. Attempts to visit phishing pages mimicking Alibaba brands, such as AliExpress, were detected 54,500 times, while eBay-themed pages appeared in 38,383 alerts. The Latin American marketplace Mercado Libre was used as a lure in 8,039 cases, and Walmart-related phishing pages were detected 8,156 times.

Popular online stores mimicked by scammers, January–October 2025 (download)

In 2025, phishing campaigns also extensively mimicked other online platforms. Netflix-themed pages were detected 801,148 times, while Spotify-related attempts reached 576,873. This pattern likely reflects attackers’ continued focus on high-traffic digital entertainment services with in-service payments enabled, which can be monetized via stolen accounts.

How scammers exploited shopping hype in 2025

In 2025, Black Friday-related scams continued to circulate across multiple channels, with fraudulent email campaigns remaining one of the key distribution methods. As retailers increase their seasonal outreach, cybercriminals take advantage of the high volume of promotional communications by sending look-alike messages that direct users to scam and phishing pages. In the first two weeks of November, 146,535 spam messages connected to seasonal sales were detected by Kaspersky, including 2,572 messages referencing Singles day sales.

Scammers frequently attempt to mimic well-known platforms to increase the credibility of their messages. In one of the recurring campaigns, a pattern seen year after year, cybercriminals replicated Amazon’s branding and visual style, promoting supposedly exclusive early-access discounts of up to 70%. In this particular case, the attackers made almost no changes to the text used in their 2024 campaign, again prompting users to follow a link leading to a fraudulent page. Such pages are usually designed to steal their personal or payment information or to trick the user into buying non-existent goods.

Beyond the general excitement around seasonal discounts, scammers also try to exploit consumers’ interest in newly released Apple devices. To attract attention, they use the same images of the latest gadgets across various mailing campaigns, just changing the names of legitimate retailers that allegedly sell the brand.

Scammers use an identical image across different campaigns, only changing the retailer’s branding

As subscription-based streaming platforms also take part in global sales periods, cybercriminals attempt to take advantage of this interest as well. For example, we observed a phishing website where scammers promoted an offer for a “12-month subscription bundle” covering several popular services at once, asking users to enter their bank card details. To enhance credibility, the scammers also include fabricated indicators of numerous successful purchases from other “users,” making the offer appear legitimate.

In addition to imitating globally recognized platforms, scammers also set up fake pages that pretend to be local services in specific countries. This tactic enables more targeted campaigns that blend into the local online landscape, increasing the chances that users will perceive the fraudulent pages as legitimate and engage with them.

Banking Trojans

Banking Trojans, or “bankers,” are another tool for cybercriminals exploiting busy shopping seasons like Black Friday in 2025. They are designed to steal sensitive data from online banking and payment systems. In this section, we’ll focus on PC bankers. Once on a victim’s device, they monitor the browser and, when the user visits a targeted site, can use techniques like web injection or form-grabbing to capture login credentials, credit card information, and other personal data. Some trojans also watch the clipboard for crypto wallet addresses and replace them with those controlled by the malicious actors.

As online shopping peaks during major sales events, attackers increasingly target e-commerce platforms alongside banks. Trojans may inject fake forms into legitimate websites, tricking users into revealing sensitive data during checkout and increasing the risk of identity theft and financial fraud. In 2025, Kaspersky detected over 1,088,293* banking Trojan attacks. Among notable banker-related cases analysed by Kaspersky throughout the year, campaigns involving the new Maverick banking Trojan distributed via WhatsApp, as well as the Efimer Trojan which spread through malicious emails and compromised WordPress sites can be mentioned, both illustrating how diverse and adaptive banking Trojan delivery methods are.

*These statistics include globally active banking malware, and malware for ATMs and point-of-sale (PoS) systems. We excluded data on Trojan-banker families that no longer use banking Trojan functionality in their attacks, such as Emotet.

A holiday sales season on the dark web

Apparently, even the criminal underground follows its own version of a holiday sales season. Once data is stolen, it often ends up on dark-web forums, where cybercriminals actively search for buyers. This pattern is far from new, and the range of offers has remained largely unchanged over the past two years.

Threat actors consistently seize the opportunity to attract “new customers,” advertising deep discounts tied to high-profile global sales events. It is worth noting that year after year we see the same established services announce their upcoming promotions in the lead-up to Black Friday, almost as if operating on a retail calendar of their own.

We also noted that dark web forum participants themselves eagerly await these seasonal markdowns, hoping to obtain databases at the most favorable rates and expressing their wishes in forum posts. In the months before Black Friday, posts began appearing on carding-themed forums advertising stolen payment-card data at promotional prices.

Threats targeting gaming

The gaming industry faces a high concentration of scams and other cyberthreats due to its vast global audience and constant demand for digital goods, updates, and in-game advantages. Players often engage quickly with new offers, making them more susceptible to deceptive links or malicious files. At the same time, the fact that gamers often download games, mods, skins etc. from third-party marketplaces, community platforms, and unofficial sources creates additional entry points for attackers.

The number of attempted attacks on platforms beloved by gamers increased dramatically in 2025, reaching 20,188,897 cases, a sharp rise compared to previous years.

Attempts to attack users through malicious or unwanted files disguised as popular gaming platforms (download)

The nearly sevenfold increase in 2025 is most likely linked to the Discord block by some countries introduced at the end of 2024. Eventually users rely on alternative tools, proxies and modified clients. This change significantly expanded the attack surface, making users more vulnerable to fake installers, and malicious updates disguised as workarounds for the restriction.

It can also be seen in the top five most targeted gaming platforms of 2025:

Platform	The number of attempted attacks
Discord	18,556,566
Steam	1,547,110
Xbox	43,560
Uplay	28,366
Battle.net	5,538

In previous years, Steam consistently ranked as the platform with the highest number of attempted attacks. Its extensive game library, active modding ecosystem, and long-standing role in the gaming community made it a prime target for cybercriminals distributing malicious files disguised as mods, cheats, or cracked versions. In 2025, however, the landscape changed significantly. The gap between Steam and Discord expanded to an unprecedented degree as Steam-related figures remained within their typical fluctuation range of the past five years,  while the number of attempted Discord-disguised attacks surged more than 14 times compared to 2024, reshaping the hierarchy of targeted gaming platforms.

Attempts to attack users through malicious or unwanted files disguised as Steam and Discord throughout the reported period (download)

From January to October, 2025, cybercriminals used a variety of cyberthreats disguised as popular related to gamers platforms, modifications or circumvention options. RiskTool dominated the threat landscape with 17,845,099 detections, far more than any other category. Although not inherently malicious, these tools can hide files, mask processes, or disable programs, making them useful for stealthy, persistent abuse, including covert crypto-mining. Downloaders ranked second with 1,318,743 detections. These appear harmless but may fetch additional malware among other downloaded files. Downloaders are typically installed when users download unofficial patches, cracked clients, or mods. Trojans followed with 384,680 detections, often disguised as cheats or mod installers. Once executed, they can steal credentials, intercept tokens, or enable remote access, leading to account takeovers and the loss of in-game assets.

Threat	Gaming-related detections
RiskTool	17,845,099
Downloader	1,318,743
Trojan	384,680
Adware	184,257
Exploit	152,354

Phishing and scam threats targeting gamers

In addition to tracking malicious and unwanted files disguised as gamers’ platforms, Kaspersky experts also analysed phishing pages which impersonated these services. Between January and October 2025, Kaspersky products detected 2,054,336 phishing attempts targeting users through fake login pages, giveaway offers, “discounted” subscriptions and other scams which impersonated popular platforms like Steam, PlayStation, Xbox and gaming stores.

The page shown in the screenshot is a typical Black Friday-themed scam that targets gamers, designed to imitate an official Valorant promotion. The “Valorant Points up to 80% off” banner, polished layout, and fake countdown timer create urgency and make the offer appear credible at first glance. Users who proceed are redirected to a fake login form requesting Riot account credentials or bank card details. Once submitted, this information enables attackers to take over accounts, steal in-game assets, or carry out fraudulent transactions.

Another phishing page relies on a fabricated “Winter Gift Marathon” that claims to offer a free $20 Steam gift card. The seasonal framing, combined with a misleading counter (“251,110 of 300,000 cards received”), creates an artificial sense of legitimacy and urgency intended to prompt quick user interaction.

The central component of the scheme is the “Sign in” button, which redirects users to a spoofed Steam login form designed to collect their credentials. Once obtained, attackers can gain full access to the account, including payment methods, inventory items, and marketplace assets, and may be able to compromise additional services if the same password is used elsewhere.

Examples of scams on Playstation 5 Pro and Xbox series X

Scams themed around the PlayStation 5 Pro and Xbox Series X appear to be generated from a phishing kit, a reusable template that scammers adapt for different brands. Despite referencing two consoles, both pages follow the same structure which features a bold claim offering a chance to “win” a high-value device, a large product image on the left, and a minimalistic form on the right requesting the user’s email address.

A yellow banner promotes an “exclusive offer” with “limited availability,” pressuring users to respond quickly. After submitting an email, victims are typically redirected to additional personal and payment data-collection forms. They also may later be targeted with follow-up phishing emails, spam, or malicious links.

Conclusions

In 2025, the ongoing expansion of global e-commerce continued to be reflected in the cyberthreat landscape, with phishing, scam activity, and financial malware targeting online shoppers worldwide. Peak sales periods once again created favorable conditions for fraud, resulting in sustained activity involving spoofed retailer pages, fraudulent email campaigns, and seasonal spam.

Threat actors also targeted users of digital entertainment and subscription services. The gaming sector experienced a marked increase in malicious activity, driven by shifts in platform accessibility and the widespread use of third-party tools. The significant rise in malicious detections associated with Discord underscored how rapidly attackers adjust to changes in user behavior.

Overall, 2025 demonstrated that cybercriminals continue to leverage predictable user behavior patterns and major sales events to maximize the impact of their operations. Consumers should remain especially vigilant during peak shopping periods and use stronger security practices, such as two-factor authentication, secure payment methods, and cautious browsing. A comprehensive security solution that blocks malware, detects phishing pages, and protects financial data can further reduce the risk of falling victim to online threats.

Introduction

Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some are getting a second life. This post details some of the unusual techniques malicious actors are employing in 2025.

Using PDF files: from QR codes to passwords

Emails with PDF attachments are becoming increasingly common in both mass and targeted phishing campaigns. Whereas in the past, most PDF files contained phishing links, the main trend in these attacks today is the use of QR codes.

This represents a logical progression from the trend of using QR codes directly in the email body. This approach simplifies the process of disguising the phishing link while motivating users to open the link on their mobile phone, which may lack the security safeguards of a work computer.

Email campaigns that include phishing links embedded in PDF attachments continue to pose a significant threat, but attackers are increasingly employing additional techniques to evade detection. For example, some PDF files are encrypted and protected with a password.

The password may be included in the email that contains the PDF, or it may be sent in a separate message. From the cybersecurity standpoint, this approach complicates quick file scanning, while for the recipients it lends an air of legitimacy to attackers’ efforts and can be perceived as adherence to high security standards. Consequently, these emails tend to inspire more user trust.

Phishing and calendar alerts

The use of calendar events as a spam technique, which was popular in the late 2010s but gradually faded away after 2019, is a relatively old tactic. The concept is straightforward: attackers send an email that contains a calendar appointment. The body of the email may be empty, but a phishing link is concealed in the event description.

When the recipient opens the email, the event is added to their calendar – along with the link. If the user accepts the meeting without thoroughly reviewing it, they will later receive a reminder about it from the calendar application. As a result, they risk landing on the phishing website, even if they chose not to open the link directly in the original message.

In 2025, phishers revived this old tactic. However, unlike the late 2010s, when these campaigns were primarily mass mailshots designed with Google Calendar in mind, they are now being used in B2B phishing and specifically target office workers.

Verifying existing accounts

Attackers are not just updating the methods they use to deliver phishing content, but also the phishing websites. Often, even the most primitive-looking email campaigns distribute links to pages that utilize new techniques.

For example, we observed a minimalistic email campaign crafted to look like an alert about a voice message left for the user. The body of the email contained only a couple of sentences, often with a space in the word “voice”, and a link. The link led to a simple landing page that invited the recipient to listen to the message.

However, if the user clicks the button, the path does not lead to a single page but rather a chain of verification pages that employ CAPTCHA. The purpose is likely to evade detection by security bots.

After repeatedly proving they are not a bot, the user finally lands on a website designed to mimic a Google sign-in form.

This page is notable for validating the Gmail address the user enters and displaying an error if it is not a registered email.

If the victim enters a valid address, then, regardless whether the password is correct or not, the phishing site will display another similar page, with a message indicating that the password is invalid. In both scenarios, clicking “Reset Session” opens the email input form again. If a distracted user attempts to log in by trying different accounts and passwords, all of these end up in the hands of the attackers.

MFA evasion

Because many users protect their accounts with multi-factor authentication, scammers try to come up with ways to steal not just passwords but also one-time codes and other verification data. Email phishing campaigns that redirect users to sites designed to bypass MFA can vary significantly in sophistication. Some campaigns employ primitive tactics, while others use well-crafted messages that are initially difficult to distinguish from legitimate ones. Let’s look at an email that falls in the latter category.

Unlike most phishing emails that try to immediately scare the user or otherwise grab their attention, the subject here is quite neutral: a support ticket update from the secure cloud storage provider pCloud that asks the user to evaluate the quality of the service. No threats or urgent calls to action. If the user attempts to follow the link, they are taken to a phishing sign-in form visually identical to the original, but with one key difference: instead of pcloud.com, the attackers use a different top-level domain, p-cloud.online.

At every step of the user’s interaction with the form on the malicious site, the site communicates with the real pCloud service via an API. Therefore, if a user enters an address that is not registered with the service, they will see an error, as if they were signing in to pcloud.com. If a real address is entered, a one-time password (OTP) input form opens, which pCloud also requests when a user tries to sign in.

Since the phishing site relays all entered data to the real service, an attempt to trick the verification process will fail: if a random combination is entered, the site will respond with an error.

The real OTP is sent by the pCloud service to the email address the user provided on the phishing site.

Once the user has “verified” the account, they land on the password input form; this is also requested by the real service. After this step, the phishing page opens a copy of the pCloud website, and the attacker gains access to the victim’s account. We have to give credit to the scammers: this is a high-quality copy. It even includes a default folder with a default image identical to the original, which may delay the user’s realization that they have been tricked.

Conclusion

Threat actors are increasingly employing diverse evasion techniques in their phishing campaigns and websites. In email, these techniques include PDF documents containing QR codes, which are not as easily detected as standard hyperlinks. Another measure is password protection of attachments. In some instances, the password arrives in a separate email, adding another layer of difficulty to automated analysis. Attackers are protecting their web pages with CAPTCHAs, and they may even use more than one verification page. Concurrently, the credential-harvesting schemes themselves are becoming more sophisticated and convincing.

To avoid falling victim to phishers, users must stay sharp:

• Treat unusual attachments, such as password-protected PDFs or documents using a QR code instead of a link to a corporate website, with suspicion.
• Before entering credentials on any web page, verify that the URL matches the address of the legitimate online service.

Organizations are advised to conduct regular security training for employees to keep them up-to-date on the latest techniques being used by threat actors. We also recommend implementing a reliable solution for email server security. For example, Kaspersky Security for Mail Server detects and blocks all the attack methods described in this article.

Cyberattackers often view small and medium-sized businesses (SMBs) as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to breach corporate networks. With SMBs generally being less protected than large enterprises, this makes them especially attractive to both opportunistic cybercriminals and sophisticated threat actors.

At the same time, AI-driven attacks are becoming increasingly common, making phishing and malware campaigns easier to prepare and quickly adapt, thus increasing their scale. Meanwhile, cybersecurity regulations are tightening, adding more compliance pressure on SMBs.

Improving your security posture has never been more critical. Kaspersky highlights key attack vectors every SMB should be aware of to stay protected.

How malware and potentially unwanted applications (PUAs) are disguised as popular services

Kaspersky analysts have used data from the Kaspersky Security Network (KSN) to explore how frequently malicious and unwanted files and programs are disguised as legitimate applications commonly used by SMBs. The KSN is a system for processing anonymized cyberthreat-related data shared voluntarily by opted-in Kaspersky users. For this research, only data received from the users of Kaspersky solutions for SMBs were analyzed. The research focused on the following applications:

• ChatGPT
• Cisco AnyConnect
• Google Drive
• Google Meet
• DeepSeek
• Microsoft Excel
• Microsoft Outlook
• Microsoft PowerPoint
• Microsoft Teams
• Microsoft Word
• Salesforce
• Zoom

Between January and April 2025 alone, nearly 8,500 SMB users encountered cyberattacks in which malware or PUAs were disguised as these popular tools.

Among the detected threats, the highest number (1652) of unique malicious and potentially unwanted files mimicked Zoom, the widely used video conferencing platform. This accounted for nearly 41% of all unique files detected, a 14-percentage point increase compared to 2024. Microsoft Office applications remained frequent targets for impersonation: Outlook and PowerPoint each accounted for 16%, Excel for nearly 12%, while Word and Teams made up 9% and 5%, respectively.

Share of unique files with names mimicking the nine most popular legitimate applications in 2024 and 2025 (download)

A comparison of the threat landscape in 2024 and 2025 reveals a clear shift: with the growing popularity of AI services, cyberattackers are increasingly disguising malware as various AI tools. According to our analysis, the number of unique malicious files mimicking ChatGPT grew by 115%, reaching 177 in the first four months of 2025. This contributed to a three-percentage-point increase in the tool’s share among the most mimicked applications. DeepSeek, a large language model launched only in 2025, has immediately appeared on the list of impersonated tools.

Another cybercriminal tactic to watch for in 2025 is the growing use of collaboration platform brands to trick users into downloading or launching malware and PUAs. As mentioned above, the share of threats disguised as Zoom increased by 14 percentage points, reaching 1652 unique files, while Microsoft Teams and Google Drive saw increases of over three and one percentage points, respectively, with 206 and 132 cases. This pattern likely reflects the normalization of remote work and geographically distributed teams, which has made these platforms integral to business operations across industries.

Attackers are clearly leveraging the popularity and credibility of these services to increase the success rate of their campaigns.

Malicious file names mimicking popular services	2024	2025	2025 vs 2024
Zoom	26.24%	40.86%	14.62 p.p.
Microsoft Teams	1.84%	5.10%	3.25 p.p.
ChatGPT	1.47%	4.38%	2.9 p.p.
DeepSeek	0	2.05%	–
Google Drive	2.11%	3.26%	1.15 p.p.

The total number of unique malicious and unwanted files imitating legitimate applications slightly declined year-over-year, from 5,587 in 2024 to 4,043 in 2025.

Main types of threats affecting the SMB Sector, 2025 (download)

The top threats targeting SMBs in 2025 included downloaders, Trojans, and adware.

Leading the list are downloaders, potentially unwanted applications designed to install additional content from the internet, often without clearly informing the user of what’s being downloaded. While not inherently malicious, these tools are frequently exploited by attackers to deliver harmful payloads to victims’ devices.

Trojans ranked next. These are malicious programs that carry out unauthorized actions such as deleting, blocking, modifying, or copying data, or disrupting the normal operation of computers and networks. Trojans are among the most prevalent forms of malware, and cyberattackers continue to use them in a wide range of malicious campaigns.

Adware also made the top three list. These programs are designed to display advertisements on infected computers or substitute a promotional website for the default search engine in a browser. Adware often comes bundled with freeware or shareware, effectively serving as the price for using the free software. In some cases, Trojans silently download and install adware onto the victim’s machine.

Among other common types of threats were DangerousObject, Trojan-Dropper, Backdoor, Trojan-Downloader, HackTool, Trojan-PSW, and PSW-Tool. For instance, we recently identified a campaign involving a Trojan-Downloader called “TookPS“, which was distributed through fake websites imitating legitimate remote access and 3D modeling software.

How scammers and phishers trick victims into giving up accounts and money

We continue to observe a wide range of phishing campaigns and scams targeting SMBs. Attackers aim to steal login credentials for various services, from delivery platforms to banking systems, or manipulate victims into sending them money.

To do this, cyberattackers use a variety of lures, often imitating landing pages from brands commonly used by SMBs. One example is a phishing attempt targeting Google business accounts. The bait lures victims with the promise of promoting their company on X. It requires them to first log in to a dedicated platform using their Google account with credentials that will end up in cyberattackers’ hands.

Another fake landing page impersonated a bank that offered business loans: a “Global Trust Bank”. Since legitimate organizations with that name exist in multiple countries, this phishing attempt may have seemed believable. The attackers tried to lure users with favorable business loan terms – but only after victims submitted their online banking credentials, giving the criminals access to their accounts.

We also saw a range of phishing emails targeting SMBs. In one recent case detected by our systems, the attacker sent a fake notification allegedly from DocuSign, an electronic document-signing service.

SMBs can even find themselves targeted by classic Nigerian scams. In one recent example, the sender claimed to represent a wealthy client from Turkey who wanted to move $33 million abroad to allegedly avoid sanctions, and invited the recipient to handle the funds. In Nigerian scams, fraudsters typically cajole money. They may later request a relatively small payment to a manager or lawyer compared to the amount originally promised.

Beyond these threats, SMBs are bombarded daily with hundreds of spam emails. Some promise attractive deals on email marketing or loans; others offer services like reputation management, content creation, or lead generation. In general, these offers are crafted to reflect the typical needs of small businesses. Not surprisingly, AI has also made its way into the spam folder – with offers to automate various business processes.

We have also seen spammers offering dubious deals like purchasing a database of over 400,000 businesses for $100, supposedly to be used for selling the company’s B2B products, or manipulating reviews on a review platform.

Security tips

SMBs can reduce risks and ensure business continuity by investing in comprehensive cybersecurity solutions and increasing employee awareness. It is essential to implement robust measures such as spam filters, email authentication protocols, and strict verification procedures for financial transactions and the handling of sensitive information.

Another key step toward cyber resilience is promoting awareness about the importance of comprehensive security procedures and ensuring they are regularly updated. Regular security training sessions, strong password practices, and multi-factor authentication can significantly reduce the risk of phishing and fraud.

It is also worth noting that searching for software through search engines is an insecure practice, and should be prohibited in the organization. If you need to implement new tools or replace existing ones, make sure they are downloaded from official sources and installed on a centralized basis by your IT team.

Cybersecurity Action Plan for SMBs

1. Define access rules for corporate resources such as email accounts, shared folders, and online documents. Monitor and limit the number of individuals with access to critical company data. Keep access lists up to date and revoke access promptly when employees leave the company. Use cloud access security brokers to monitor and control employee activities within cloud services and enforce security policies.
2. Regularly back up important data to ensure the preservation of corporate information in case of emergencies or cyberincidents.
3. Establish clear guidelines for using external services and resources. Create well-defined procedures for coordinating specific tasks, such as implementing new software, with the IT department and other responsible managers. Develop short, easy-to-understand cybersecurity guidelines for employees, with a special focus on account and password management, email protection, and safe web browsing. A well-rounded training program will equip employees with the knowledge they need and the ability to apply it in practice.
4. Implement specialized cybersecurity solutions that provide visibility and control over cloud services, such as Kaspersky Next.