Trick or Treat? How Cyber Criminals Use Fake Emails to Scare Your Staff

When the Email in Your Inbox Is More Frightening Than a Haunted House

October is Cybersecurity Awareness Month. While costumes and candy are harmless fun, there’s one trick that keeps SMB owners up at night. That trick is phishing emails. For small and midsize businesses across Texas, a single click on a fake message can unleash real financial damage.

Phishing attacks disguise themselves as legitimate emails. These can be invoices, HR notices, or shipping alerts. They might even appear as messages from your bank or CEO. The goal? To trick your staff into clicking a malicious link or handing over credentials.

That “urgent” request from accounting may just be a hacker in disguise.

Why SMBs Are Prime Targets

Cybercriminals know small businesses often lack dedicated IT teams, making staff the weakest link. According to industry reports, phishing remains one of the top causes of data breaches among SMBs.

The risks include:

  • Financial loss — Fraudulent wire transfers or stolen banking credentials.
  • Data exposure — Confidential client files and employee records stolen or sold.
  • Operational downtime — Systems locked by ransomware delivered via phishing.
  • Reputation damage — Customers may never trust your brand again after a breach.

Signs of a Phishing Email Every Employee Should Know

Phishing emails can be polished, but most still carry telltale signs:

  1. Suspicious sender addresses (a misspelling away from legitimate domains).
  2. Urgency or fear tactics (“Act now, your account will be closed!”).
  3. Unexpected attachments or links (especially with strange file types).
  4. Generic greetings (“Dear User” instead of your name).
  5. Too-good-to-be-true offers (fake refunds, gift cards, or prizes).

Training employees to pause and verify before clicking is the best first line of defense. HERE is the process to recognize and notify as told by the CISA.

Phishing Email Protection SMB Strategy

True protection requires more than a spam filter. SMBs need a layered defense because no single tool or policy can stop every threat. Just like locking the front door doesn’t secure the windows, relying on spam filters or antivirus alone leaves dangerous gaps. A layered approach blends employee training, strong password management, multi-factor authentication, and advanced monitoring to cover every angle of attack. This combination makes phishing attempts much harder to succeed. Even if one safeguard fails, the others keep your business protected. For Texas SMBs, this strategy balances affordability with enterprise-grade security.:

  • Employee Awareness Training — Regular simulations and workshops help staff recognize red flags.
  • Password Security — Using tools like 1Password prevents compromised logins from being re-used across accounts.
  • Multi-Factor Authentication (MFA) — Stops attackers even if a password is stolen.
  • Advanced Email Filtering & Monitoring — Filters catch known malicious senders before they hit inboxes.
  • Incident Response Planning — A documented process ensures fast action if a click happens.

At SofTouch Systems, we combine enterprise-class tools (Bitdefender, 1Password, VPN solutions) with human-focused training designed for Texas SMBs.

No-Surprise IT: Predictable, Proven Results

Competitors may bury phishing email protection inside generic “security packages.” We take a different approach:

  • Flat per-user pricing so you know exactly what you’re paying for.
  • Documented proof reports showing phishing test results, password adoption, and patch compliance.
  • Local, bilingual support so your frontline staff — in English or Spanish — never feel left behind.

Don’t Let Your Staff Be Tricked

Phishing emails prey on fear, urgency, and distraction, the same emotions marketers use to get clicks. The difference? One leads to candy, the other to chaos.

Now’s the time to turn tricks into treats by strengthening your frontline defenses.

Stop phishing threats — get STS employee training today.

Cyber Attack on Asahi Brewing Giant: A Wake-Up Call for Businesses Everywhere

A Proactive Security Strategy with Multiple Layers Beyond Grandma’s Lasagna

A global brand like Asahi is Japan’s biggest brewer and the owner of Peroni, Pilsner Urquell, and Fuller’s. When such a brand suffers a cyber-attack, it shuts down shipping and customer service in its home market. Business owners everywhere should take note. If a multinational enterprise with thousands of employees is affected, then businesses with global resources can also be disrupted. Therefore, small and midsize businesses (SMBs) in Texas are even more at risk.

At SofTouch Systems (STS), we view incidents like this as real-life lessons. These events are not distant news. They show what happens when systems aren’t properly shielded against today’s threats.

Ashi Brewing Giant hit by Cyber Attack showing big business risk.

What Happened to Asahi?

According to the BBC, Asahi reported a systems failure caused by a cyber-attack that:

  • Halted order and shipment operations across Japan
  • Suspended customer service
  • Left no timeline for recovery

The company confirmed no personal data leaks but admitted its Japanese operations — which account for roughly half of global sales — were severely affected. European brewing and UK operations were spared, but Japan is Asahi’s core market.

What makes this even more concerning? In its 2024 corporate report, Asahi openly listed cyber-attacks as a “main risk.” These attacks have the potential to disrupt business. They can damage brand value and choke cashflow. They knew it was a threat. Yet even with that foresight, the attack still succeeded.

Lessons for Texas Businesses

You don’t need to run a global brewery for this story to apply to your company. It doesn’t matter if you operate a 25-seat nonprofit, a construction firm, or a medical practice. The risks are the same. Only your resources to recover are smaller.

Here’s what SMBs should learn from Asahi’s misfortune:

  1. Downtime costs money — No sales, no shipping, no revenue. Even if no data leaks occur, operations grinding to a halt bleeds cash.
  2. Customer confidence is fragile — Service disruptions erode trust. Once clients doubt your reliability, they may not return.
  3. Acknowledging risk isn’t enough — Asahi’s own report listed cyber-attacks as a danger. Recognition without robust prevention is little more than a note on paper.
  4. Recovery takes time — Without tested backup and recovery processes, your “return to normal” can stretch into days or weeks.

How STS Shields Businesses from “System Failure”

At SofTouch Systems, we’ve built our No Surprise IT approach around one simple idea: transparency plus prevention. We provide SMBs with enterprise-level security without enterprise-level costs or confusion.

  • 24/7 Monitoring & Response — constant watch over email, devices, and networks
  • World-Class Tools — partnerships with Bitdefender (endpoint protection), 1Password (password management), and ???VPN (secure connectivity)
  • Backups & Disaster Recovery — tested, verifiable, and ready for fast restoration
  • Compliance & Reporting — aligning with HIPAA, PCI-DSS, and other frameworks so you stay audit-ready
  • Continuity of Support — named local tech teams and bilingual help desk for Central and South Texas businesses

This isn’t about plugging one gap — it’s about creating a shield that keeps operations running, day and night.

The Hard Truth About Budgets and Targets

What Asahi hasn’t said is just as important as what it did:

  • The company’s public statement does not disclose how much it spends on security.
  • It also hasn’t revealed what this attack has cost in lost revenue, recovery expenses, and reputational damage.

But one thing is certain: If your security budget is too low, you are putting a target on your back. The risk increases when your income is too high. Cybercriminals don’t discriminate — they go where the payoff is.

For Texas SMBs, the lesson is clear: invest proportionally in your IT defense. Security isn’t an expense to cut — it’s insurance for your future.

You have the Power!

Don’t wait for your company’s name to make the headlines. Schedule a free Cybersecurity Health Check with SofTouch Systems today. Let us show you how “No Surprise IT” can keep your operations safe. It can also make them predictable and resilient.

Contact STS for a Free Security Assessment

Extending Windows 10 Support, Legally

Microsoft Recently announced that they will be extending Windows 10 Security Updates to eligible Windows 10 installs, until October 13th, 2026.

What’s Happening?

For years, Microsoft has signaled that Windows 10’s end of support would arrive in October 2025. That date made businesses and home users nervous. Many had no budget, appetite, or need to rush into a full Windows 11 migration.

Recently, Microsoft confirmed that security updates for Windows 10 will now be available until October 13, 2026—but with conditions. This doesn’t mean every Windows 10 computer is automatically safe. The updates will be delivered through a paid “Extended Security Updates” (ESU) program. This approach is similar to how Microsoft handled legacy versions like Windows 7.

So, what does this mean for you, your business, and your IT strategy? Let’s walk through the key questions.

Extending Windows 10 Support, Legally: Microsoft recently announced that they will be extending Windows 10 Security Updates to eligible Windows 10 insalls, until October 13th, 2026.

Why Did Microsoft Extend Support?

Microsoft rarely changes support timelines unless the customer base is still very large. Hundreds of millions of devices are still running Windows 10. This includes government agencies, healthcare providers, nonprofits, and small businesses. Cutting off security patches in 2025 would have left too many systems vulnerable.

By offering this extension, Microsoft provides breathing room for organizations to:

Budget migrations without disrupting daily operations.

First, the requirements.

Plan hardware refreshes more strategically.

Test Windows 11 compatibility with industry-specific software.

  • Your device must be already running Windows 10 22H2. Home, Professional, Pro Education, and Workstation editions all qualify.
  • This offer from Microsoft is FREE for consumers. Organizations will need to work with their IT support staff to understand Microsoft’s rules for corporate devices. Specifically, devices joined to a domain are ineligible.
  • Devices must have internet access to complete the enrollment. Note that a single Microsoft account can enable up to 10 devices for Extended Support.

Based on the requirements, and stated cost for corporate PCs, SofTouch Systems expects Microsoft to extend this offer to consumers further, next year, but likely with a price tag attached.

— Derek

What are the advantages?

You need just a small extension if you’re simply not ready for a new PC. Or you might be investigating other options, like migrating to Mac or Linux. This will give you that time.

If you are looking at migrating to Linux, chances are that your existing PC can run it just fine.

  • More Time to Prepare
  • Businesses can continue running Windows 10 without fearing an immediate security cliff. That extra year offers time to schedule IT projects. It allows for staff training on Windows 11. Upgrades can be staggered to match budget cycles.
  • Reduced Business Disruption
  • Some industries rely on critical legacy apps that don’t yet run smoothly on Windows 11. This extension buys them time to ensure full compatibility before migrating.
  • Predictable IT Costs
  • Instead of emergency upgrades in 2025, companies can plan gradual rollouts. This approach balances licensing, hardware, and IT labor expenses across two fiscal years.
  • Legal and Secure
  • Unlike sticking with unsupported systems, the ESU program ensures machines continue to receive Microsoft-backed security patches. This keeps businesses compliant and auditors satisfied.

What are the disadvantages?

Obviously, putting off purchasing a new PC if you need one can be very counter productive.

  • It’s Not Free
  • Extended Security Updates are a paid service. The exact cost structure varies, but historically Microsoft increases the price each year of extension. That means the longer you hold onto Windows 10, the more expensive it gets.
  • Delay Can Breed Complacency
  • While extra time is helpful, it’s easy for organizations to push migrations off indefinitely. That can lead to a last-minute rush in 2026—costlier and riskier than planning ahead now.
  • Limited Scope of Updates
  • The ESU program provides security patches only. No new features, performance upgrades, or bug fixes will be released for Windows 10. Businesses risk falling behind in user experience and productivity features available only in Windows 11.
  • Hardware May Still Be Aging
  • Even if Windows 10 is supported until 2026, your physical machines are still aging. Old hardware often becomes the weakest link—slower, less reliable, and harder to secure against modern threats.

Obtaining Extended Support

Step 1, go to Settings, and locate the section that states “Enroll in Extended Support Updates”.

Windows Settings (in dark mode) with enrollment option for Windows Extended Security Updates for 2025.

Choose Enroll Now.

Step 2, Windows Extended Security Updates (ESU) dialog will appear.

Choose Next.

Step 3, Sign into your Microsoft Account. Enter your account email address.

Again you need to enter your account password.

Enter your two-factor (2fa) code.

You do have 2fa turned on for all your important accounts, right?

Step 4, read the extensive Extended Security Update Terms of Use, and Privacy Statements.

Click Enroll.

That’s it! The next screen will show that you are enrolled.

All done!

For more information, take a look at Microsoft’s Extended Security Update page, here:

https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates