Skip to content
Microsoft Industry Blogs - Canada

Graphic with text that reads 55,000 devices per month were compromised in 2016

Welcome to Day 7 of Business Self-Defense from Microsoft Canada. Today, we look at how every small business should stand up to phishing scams! BLOCK this form of online fraud that wreaks havoc on businesses, big and small, across Canada. Follow this advice to help you better protect your business from phishing and other criminal activity.


Phishing is a form of online fraud that describes when criminals use email, websites, phone calls, and other media to misrepresent themselves and steal sensitive information. While you may associate phishing with comically absurd spam, phishing occurs worldwide, and it a serious and sophisticated form of crime.

Graphic with text that reads 180,000-200,000 Approximate number of phishing emails Microsoft detected each month, over three months

Not just email

The Microsoft Security Intelligence Report (which tracks cyberthreats worldwide), reports that attackers often use malicious websites to conduct phishing attacks. Most often fraudsters pose as financial institutions and online service providers, but not exclusively. Unfortunately for everyone, modern phishing takes many shapes.

Graphic with text that reads Phishing can take many shapes,including Email links and attachments Domain spoofs User impersonation domain impersonation Links to fake SaaS apps

Start with training

Don’t just send another email. Act! Train your people to watch out for scams. Teach them how to identify fraudsters and avoid security issues before they start. As part of their training, show them what to do/where to report in case they think they may have compromised a device or system by clicking somewhere they shouldn’t have.

The Government of Canada’s Anti-Fraud Centre page on phishing offers the following five tips on how users can protect themselves:

  • Beware of unsolicited emails, text messages or phone calls from individuals or organizations prompting you to click on an attachment or link.
  • Watch for spelling and formatting errors.
  • Check the embedded hyperlink in the suspicious email by hovering your mouse over the link to verify the address.
  • Do not click on any attachments; they can contain viruses and spyware.
  • Go with your gut. If an email seems fishy it probably is.

To further your fight against phishing, follow these three steps on every device you use, including spare laptops and tablets…

  1. Update your browsers

We all use web browsers (and some of us, all day long), but what version? Most of us don’t know or care. Regardless, start by making sure you run the latest browser available on all devices: desktops, laptops, tablets, and phones. Running the latest version of browser ensures you benefit from the latest possible security updates, including alerts.

Use a browser that offers advanced security features, like Microsoft EdgeNSS Labs found that Edge is safer than Chrome or Firefox and protects from phishing attacks and social engineered malware.

  1. Upgrade your email

Criminals count on small businesses not having the technical knowledge or budget to upgrade. If you rely on free consumer-grade email service or run email on an old server somewhere, stop! Upgrade to business-class email, like Exchange Online, which is part of Office 365. It costs very little and features enterprise-class security and availability.

Data loss prevention

Data loss prevention solutions also protect against the dissemination of sensitive information over email. By providing warnings to employees and notifying administrators of a potential leak of credit card information, social insurance accounts, or other sensitive data, this type of prevention service can pay for itself many times over.

  1. Keep Windows up-to-date

Upgrading to Windows 10 allows businesses to benefit from built-in security features like Windows Defender. No longer worry about system updates. Windows Defender identifies and prevents/remediates known security issues, including trojans, viruses, malware, and the like.

If you run Windows 7, take note that extended support of this product ends effective 2020. Upgrade your device to Windows 10 so you can benefit from the best security technology available.


  • Train your people to stay vigilant and watch for bogus email, websites, etc.
  • Update browsers on all your devices and consider switching to Microsoft Edge
  • Upgrade to business-class email and explore data loss prevention services
  • Update devices to Windows 10 and keep those devices up-to-date

Free ebook

Image of Microsoft Security Intelligence Report cover


Learn about the latest cyber threats to make sure your company’s security keeps up with the evolving threat landscape. The Microsoft Security Intelligence Report Volume 23 analyzes key security trends from the past year—and provides actionable recommendations on how you can respond today. Link here.