Email Scams Are on the Rise: What We’ve Done to Protect Your Business

In today’s digital world, email is a vital tool for running a business—but it’s also a common entry point for cybercriminals. One of the most widespread threats we see at Excelero IT Solutions is phishing: emails designed to trick you into handing over sensitive information or downloading malicious files.

So how does phishing actually work, and what can your business do to avoid it?

🎣 What Is a Phishing Email?

Phishing emails appear to come from a trusted source—your bank, Microsoft, Australia Post, or even your boss. Their goal is to trick you into clicking a malicious link, opening a dangerous attachment, or revealing sensitive information.

They often:

• Warn you that your account will be locked
• Claim a payment failed or is overdue
• Include links to fake websites that capture passwords
• Disguise malicious attachments as invoices or forms

💻 What Can Go Wrong?

Once a phishing attempt is successful, cybercriminals can:

• Steal login credentials or financial data
• Access business systems or emails
• Send fraudulent emails from compromised accounts
• Install ransomware or other malware
• Cause reputational and financial damage

For example, we’ve seen phishing scams pretending to be from Australia Post, asking users to click a link to track a parcel. The fake site collects credit card details without the user even realizing it.

🛡️ What Excelero IT Solutions Has Done to Protect You

To help small businesses stay ahead of cyber threats, Excelero IT Solutions has implemented a range of advanced email security measures across our clients’ Microsoft 365 environments:

1. External Sender Flags
   Emails from outside your organisation are clearly marked, making it easier to spot when someone is trying to impersonate a staff member or director.

2. Report Phishing & Email Header Tools in Outlook
   These tools allow users to report suspicious messages with one click and help IT admins analyse potential threats quickly and effectively.

3. Microsoft-Recommended SPAM Policies
   We’ve applied up-to-date anti-spam and anti-malware settings based on Microsoft’s best practices to reduce the risk of malicious emails reaching your inbox.
4. Enhanced Safe Links Protection
   All web links in emails are scanned in real-time to detect and block access to dangerous websites—even if the link was safe when the email arrived but later becomes malicious.
5. Disabled Insecure Email Methods (POP/IMAP)
   These older email connection methods don’t support multi-factor authentication. We’ve disabled them to ensure all email access is secure and compliant with modern standards.
6. Disabled email forwarding to external email accounts. 
   Hackers will attempt to forward emails from compromised accounts so they can monitor any messages that may alert the user to the compromise. We have disabled their ability to do this.

✅ What You Can Do

Even with these protections in place, security is a shared responsibility. We recommend:

• Sign up for our Staff training on how to recognise and report phishing
• Think before you click—pause and verify before taking action on emails that ask for sensitive info