Phishing is still the number one way small businesses get breached, not because the attacks are sophisticated, but because they are convincing and constant. Here are the five patterns we see most, and the tells that give each one away.
1. The invoice that almost makes sense
An email arrives with a PDF invoice from a vendor name you half-recognize, asking you to confirm payment details. The goal is to get you to update banking information or open a malware-laced attachment. The tell: the sender domain is subtly wrong, and the request creates a small sense of urgency around money.
2. The Microsoft 365 “re-authenticate” page
A message says your email password is expiring and links to a login page that looks exactly like Microsoft’s. It is not. The tell: hover the link, the domain is never login.microsoftonline.com. Real Microsoft prompts happen inside apps, not via email links.
3. The CEO text message
Someone posing as your boss texts asking you to buy gift cards or move money quickly and quietly. The tell: urgency plus secrecy plus an unusual channel. No real executive runs finance over surprise texts.
4. The shared-document lure
A fake “You have a shared file” notification mimicking SharePoint, Google Drive, or DocuSign. The tell: you were not expecting a document, and the link goes to a credential-harvesting page.
5. The renewal you didn’t sign up for
A receipt for an expensive subscription you never bought, with a “call this number to cancel” line. The tell: the phone number leads to a scammer who will try to take remote control of your computer.
What actually protects you
- Multi-factor authentication on every account, so a stolen password is not enough
- Email filtering that flags lookalike domains before they reach the inbox
- A 10-minute team habit: when in doubt, verify through a known channel, never the one in the message
- Reporting culture, make it easy and blameless for staff to flag suspicious mail
None of this requires an enterprise budget. It requires the right configuration and a team that knows the patterns. That is exactly the kind of thing we set up and manage for clients.

Founder of Drive Technologies and a Director of Technology overseeing IT, fleet, and facilities for a multi-site nonprofit. He writes about managed IT, cybersecurity, healthcare technology, and running technology like a business. His work spans US and Kenya markets.
The five phishing patterns every small business will see this quarter
