Favicon

Kaspersky reveals 2026 phishing and email threats targeting businesses

Reported By: ST Report July 8, 2026, 3:00 pm Category: Metropolitan
Kaspersky reveals 2026 phishing and email threats targeting businesses
Photo : Courtesy
Kaspersky reveals 2026 phishing and email threats targeting businesses

Ahead of International SMB Day on June 27, Kaspersky warns that SMBs face growing phishing and scam threats in 2026. Cybercriminals are impersonating financial institutions to steal business data and targeting social media accounts with fake verification or suspension notices to obtain corporate credentials.

“Fraudsters can potentially use stolen data from businesses or entrepreneurs in their schemes or sell it on the dark web market. As for compromised corporate accounts on social networks or in messengers, attackers can use them for fraud targeting customers of the affected business. Employees and business owners should remember: if you encounter a suspicious website, don’t rush to enter any data or credentials. First, examine it: does the organization actually exist? How old is the website? Check WHOIS records and users’ reviews before entering anything on the page”, says Olga Altukhova, cybersecurity expert at Kaspersky.

Email remains a primary attack vector against SMBs. In 2026, Kaspersky detected phishing emails disguised as HR, accounting, delivery, compliance, invoice, or product-related communications. Opening malicious links or attachments could expose corporate data to phishing attacks or infect devices with malware, putting business operations and sensitive information at risk.

“In 2026 attackers frequently distribute emails using various legitimate third-party services, for example, collaboration or survey platforms. This helps phishers and scammers attempt to bypass traditional email filters and exploit user trust in reputable brands. The lures — the subjects and texts — of malicious or phishing emails can appear relatively harmless and even quite trivial, as in the schemes attackers may use everyday topics that corporate users constantly encounter in their daily correspondence. But in reality, fraudulent emails can pose a serious cyberthreat to corporate data and devices. Therefore, email protection and improving employees' digital literacy should remain among the priorities for businesses, including small and medium-sized ones”, adds Anna Lazaricheva, senior spam analyst at Kaspersky.

Learn more about the cyber threat landscape for SMBs on Securelist. 

Kaspersky recommends SMBs adopt scalable security solutions suited to their size and needs, implement email protection, use managed detection and response services if needed, establish clear access and usage policies, and regularly back up critical data. These measures help strengthen resilience against evolving cyberthreats and minimize business risks.