--- description: Are phishing attacks on the rise in Canada? What implications could these attacks have on businesses? Read our survey report to learn more. image: https://gdm-localsites-assets-gfprod.imgix.net/images/getapp/og_logo-94fd2a03a6c7a0e54fc0c9e21a1c0ce9.png title: Phishing attacks: How are businesses dealing with them? --- # Phishing attacks in Canada: How are businesses dealing with them? Canonical: https://www.getapp.ca/blog/4206/phishing-attacks-in-canada Published on 2023-09-26 | Written by Smriti Arya. ![Phishing attacks in Canada: How are businesses dealing with them?](https://images.ctfassets.net/63bmaubptoky/2BRzkA4tjMEtCOz3FXxIwy/b5f18e671b2fe288ee440632e4580415/Phishing-attacks-CA-GetApp-Header.jpg) > Since the present-day workplace landscape involves more remote and hybrid workers, the scope of cybersecurity attacks may also be increasing. GetApp surveyed 457 employees and managers who have received phishing attacks at least once at work to understand how they deal with such attacks. ----- ## Article Content Since the present-day workplace landscape involves more remote and hybrid workers, the scope of cybersecurity attacks may also be increasing. GetApp surveyed 457 employees and managers who have received phishing attacks at least once at work to understand how they deal with such attacks.What we will coverRise of phishing attacks over the past 3 yearsNearly 9 in 10 respondents have received a phishing attack via emailFinancial and and customers' private data loss are the most severe implications4 ways you can protect your business from phishing attacksPhishing attacks are rising visibly, with a 61% increase in the six months ending October 2022 compared to last year. Such attacks are designed to fool users into providing confidential information such as bank account numbers or business-related confidential details.What is a phishing attack?A phishing attack is a type of cyberattack that is designed to fool users into downloading malware, revealing confidential data, or exposing themselves or their companies to significant risks. For example, employees may receive an email from a domain similar to their organization saying ‘Your password has expired, please update it’. It can ask them to click a link and add their personal/professional details. Attackers can then make use of these details either to sell on the web or commit fraud online. Since workers nowadays usually connect to a variety of online services and applications hosted on public or private networks, their information may be more vulnerable to cyberattacks. However, tools like cybersecurity software can help prevent unauthorized access to information stored online. To understand how businesses in Canada are impacted by phishing attacks and the protective measures they take, we have surveyed 457 full-time or part-time workers who use computers/laptops for their daily tasks and have faced one or more phishing attacks at work. The survey respondents have been divided into two groups: employees and senior management/leadership. The full methodology can be found at the bottom of this article.Rise of phishing attacks over the past 3 yearsAccording to Help Net Security, the number of email-based phishing scams has increased by 464% in the first half of 2023 when compared with 2022. Our findings also indicate that 23% of respondents reported experiencing an increase of more than 40% in phishing attacks over the last three years.It is quite clear from the graph above that phishing attacks are substantially on the rise in Canada and can pose serious threats to businesses. In this context, it is ideally important for businesses to work on strengthening cybersecurity measures to prevent such incidents from happening, which is something we discuss further in the article.Nearly 9 in 10 respondents have received a phishing attack via emailEmails are usually the first point of communication for all the stakeholders in an organization. The number of emails sent and received each day globally has been increasing. In 2022, around 333 billion emails were sent and received worldwide and the number is expected to increase to 392.5 billion by 2026, according to Statista. Having said that, we can safely assume that emails play a crucial role in communication.While phishing attempts can be made by cyber criminals through various modes, we found that emails are one of the most common ways of receiving phishing attacks at work.As we can see from the graph, nearly 9 in 10 respondents across all respondent groups have received phishing attacks via email. Using email security software may help organizations protect their email accounts from data leaks and phishing attacks by filtering out emails sent from bad IP addresses or blocking links embedded within emails to prevent users from succumbing to phishing attempts.Tips for businesses on tackling phishing emails:Schedule regular backups: businesses should regularly schedule backups to make sure that data remains fully recoverable in case of an emergency or unforeseen incident. Enable multi-factor authentication: deploy multi-factor authentication solutions at work that can prevent hackers/attackers from logging in to email accounts even if they have access to one password. Enforce security policies for remote workers: if a business has a remote setup, they should establish security policies for their remote workers that require employees to connect to the company’s server over a VPN to work securely and restrict access to suspicious sites. Types of phishing attacks respondents received at workPhishing attacks are usually designed to trick people into providing login details or confidential information. Such attempts are designed in different ways such as sending a link to a fake website or deceptively asking people to update their passwords. We asked our survey respondents about the kind of phishing attacks they have received at work. This is what they had to say:45% of the total respondents say they have faced company impersonation attacks in which bad actors pretend they are a trusted company to fool recipients. 30% of the survey-takers report receiving package delivery alerts as phishing attacks where victims get an email or message saying their parcel is ready for delivery. Typically, they then get tricked into entering sensitive information such as address or payment details.29% of the total respondents have received bank impersonation phishing scams at work where hackers pretend to represent a bank and ask for sensitive information.Another 27% report receiving an attack where someone impersonates a co-worker to trick recipients into providing sensitive project or client details.What are some common types of phishing attacks? 1. Spear phishingSpear phishing is a type of phishing attack in which attackers attempt to steal your information by impersonating a trusted company or individual. For example, employees may receive an email from a person pretending to be their co-worker and asking for some private company information. 2. Social engineeringSocial engineering refers to manipulating a person psychologically in order to trick them into giving sensitive information or making security mistakes in a hurry. For example, attackers may pose as construction workers and ask victims to allow them to enter restricted areas by creating a storyline to emotionally manipulate them. 3. Pop-up phishingPop-up phishing is a type of attack where victims may fall prey to pop-up ads appearing on their browsers which may result in them downloading malware. For example, an employee is browsing the web and sees a pop-up ad saying that their computer is infected with a virus. In order to protect a system from the virus, they get tricked into installing malware in their systems, which may lead to data leaks. Since there are different ways attackers can use to steal a business’s confidential information or money, businesses may not be able to stop every phishing attempt, but they can look out for ways to prevent or minimize such scams. For example, SMEs should run security awareness programs at the workplace to make sure employees are able to differentiate between fake emails and real ones.Financial and and customers' private data loss are the most severe implicationsPhishing attacks may result in several consequences for an organization, which can be financial or reputational. Our study indicates that a combined total of 9 in 10 senior managers consider phishing attacks a cause for concern at some level. Delving deeper into the issue, we further asked our respondents who identified themselves as senior management, executive management, and owners —whom we will refer to as senior management— about the implications a successful phishing attack could have on their organizations. Financial loss and customers' private data loss each came out to be on the top of that list for 66% of senior managers.Phishing attacks may involve transferring funds from a company’s account to a fraudulent organization or individual, resulting in financial loss for a business. Also, failure to defend data against phishing attacks could result in heavy regulatory fines on companies. Another severe implication businesses may have to deal with is the loss of customers' private data. Clicking on any malicious link an attacker shares via email or messages may provide them access to the client’s and organization’s data. Hackers may misuse that data for various purposes such as deletion, corruption, or publicly leaking sensitive company information.We discuss various measures businesses can take to protect against such attacks in the sections below.8 in 10 decision-makers believe it is harder to spot phishing scamsGone are the days when employees could easily spot fraudulent attacks by looking at spelling mistakes and strange sentence formations. Now, AI chatbots are helping hackers rectify poor spelling and grammar mistakes in long emails or messages less likely to be identified by spam filters. This could be one of the reasons why it is becoming harder for companies to spot phishing attacks. In fact, our data indicates that 84% of senior management respondents think phishing attempts are harder to spot. This could raise the level of risks companies have around phishing attacks. Let’s look at how businesses can stay protected against such cyberattacks.4 ways you can protect your business from phishing attacksThe data collected from our survey indicates that phishing attacks are on the rise in Canada and remain a significant risk for businesses. Although it may not be possible for organizations to completely prevent such attacks, they can at least put efforts into minimizing the repercussions using some best practices.We've listed some ways that companies can prevent phishing attacks:1. Protect all the work computers with cybersecurity softwareMake sure to have security software installed on all the computers/laptops within the organization and keep them updated so that they are capable of dealing with any new security issues. 2. Organize security awareness training programsRun security awareness training programs for your employees and managers to ensure they are able to identify phishing attacks and report such attacks. In fact, our survey revealed that 62% of employee respondents that they have received a training program that majorly consists of videos explaining what phishing attacks are and how to avoid them. Additionally, 48% of them have received it via written resources explaining the company’s policy on dealing with such attacks. We further asked the same group that admitted to having received the security training program if it helped them, and this is what we found:55% of respondents said, 'Yes, it taught me how to spot and avoid phishing attempts and how to report them.'37% of survey takers said, 'Yes, although I already knew how to spot them, it helped me understand how to report them.'Looking at the numbers, we may infer that security awareness training programs can ideally help companies train employees on how to deal with such cyberattacks.3. Change passwords regularly Organizations can enforce policies that require employees to keep changing their passwords after a certain period of time. This could act as a critical line of defense against hackers who are attempting to steal a company’s sensitive information. 4. Restrict employee access to confidential informationEnsure that your business enforces controlled data access. In order to minimize the chances of data breaches, organizations should potentially allow only trusted members to have access to any sensitive data.In part two of this survey series, we will cover how companies in Canada are investing in anti-phishing software and what other actions they are taking to protect against such phishing attacks. Looking for cybersecurity software? Check out our catalogue\! ## Disclaimer > MethodologyTo collect this data, Capterra interviewed 457 employees at companies in Canada in August 2023. Of these, 347 were regular employees and 110 held senior or executive management positions or were owners.The candidates had to meet the following criteria:Canadian resident Between 18 and 65 years of ageEither full-time or part-time employed in a company and use laptops/computers to perform daily tasks at work either always or sometimes. Had to be able to identify the correct definition of a phishing attack after being shown a definition: “Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication usually by impersonating senders known to the recipient (e.g., package delivery, prizes, public entities, etc.). A phishing attack aims to trick the recipient into falling for the attacker’s desired action, such as revealing financial information, system login credentials, or other sensitive information. Phishing attacks are very often perpetrated against companies through their employees”Was aware of the existence of phishing attacks before reading the above-mentioned definition  Has received one or more phishing attacks at work ## About the author ### Smriti Arya Smriti is a Content Analyst for GetApp, helping SMBs deliver key insights into software, business and tech trends. ## Related Categories - [Accounting Software](https://www.getapp.ca/directory/236/accounting/software) - [Cloud Security Software](https://www.getapp.ca/directory/291/cloud-security/software) - [CRM Software](https://www.getapp.ca/directory/230/crm/software) - [IT Service Software](https://www.getapp.ca/directory/1049/it-service/software) - [Project Management Software](https://www.getapp.ca/directory/332/project-management/software) ## Related Articles - [Grocery checkout trends: 79% show interest in checkout-less shopping](https://www.getapp.ca/blog/2554/grocery-checkout-checkoutless-survey) - [Top 6 software companies in Canada as reviewed by Canadians](https://www.getapp.ca/blog/3560/top-canadian-software-companies) - [Digital reputation: How can SMEs reassure consumers about cybersecurity?](https://www.getapp.ca/blog/3629/digital-reputation-perceptions) - [A checklist for startup funding in Canada: 4 Steps to keep in mind](https://www.getapp.ca/blog/2134/grants-startup-funding-canada) - [eCommerce trends: How do consumers in Canada shop and pay online?](https://www.getapp.ca/blog/2992/ecommerce-trends-canada) ## Links - [View on GetApp](https://www.getapp.ca/blog/4206/phishing-attacks-in-canada) - [Blog](https://www.getapp.ca/blog) - [Home](https://www.getapp.ca/) ----- ## Structured Data