THE THREAT 🔴
The phishing email that writes itself and it's targeting your business
Not long ago, a phishing email was easy to spot. Bad grammar. Weird formatting. A sender pretending to be your bank but spelling it "Bnak of Ireland."
Those days are gone.
Cybercriminals are now using AI tools, the same technology behind ChatGPT, to write phishing emails that are polished, personalised, and terrifyingly convincing. They can pull your name, your job title, your company details, and even your LinkedIn posts to craft a message that looks like it came from your CEO, your accountant, or a supplier you actually use.
This is called spear phishing and AI has made it available to criminals at scale, for almost no cost.
What does one of these look like?
Imagine you get an email on a Friday afternoon. It's from your MD. It references a real project you're working on. It asks you to process an urgent invoice before the weekend — just click the link to review the details. You're busy. It looks legitimate. You click. That's all it takes.
91% of cyberattacks begin with a phishing email. AI-generated phishing attempts are up over 1,200% since 2022. SMEs are the primary target, not because you have the most money, but because you typically have the least protection.
What you should do this week:
Have a 2-minute conversation with your team about this. Awareness is your first line of defence.
Establish a simple verbal confirmation rule for any financial requests received by email no matter who they appear to come from.
Enable multi-factor authentication (MFA) on all email accounts.
THE TIP 💡
The 30 second check that could save your business
Before clicking any link in an email, especially one that feels urgent, hover over the link without clicking it. Look at the web address that appears at the bottom of your screen. Does it match the company it claims to be from?
secure-invoices-ireland.com is not the same as yourbank.ie.
Train your team to do this instinctively. It costs nothing and takes seconds.
THE TOOL 🛠️
Why every SME needs a business password manager
If your team is reusing passwords, writing them on sticky notes, or using variations of the same password across accounts, you are one breach away from a very bad day.
The one I recommend is 1Password Business. Easy for non-technical teams, works across all devices, includes admin controls for when staff leave, and monitors for breaches. At a few euro per user per month, it costs less than a coffee and could prevent a breach that costs tens of thousands.
Search "1Password Business" to try their free 14-day trial.