8. Phishing Awareness

Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. It is responsible for a significant number of frauds and scams and the majority of cyber attacks start this way.


Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.

Take Five – Stop Fraud is a national initiative to reduce fraud including phishing. Find guidance and a quick test of your skill in spotting scams, frauds and phishing at:

Take Five to Stop Fraud

Spear Phishing

Phishing emails can hit companies of any size and type, or individuals. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against the company you work at, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

Spear Phishing: Don’t Take the Bait

Protect Others – Report Phishing

You can report phishing to Action Fraud who will take action where possible. This may be public campaigns or it may be working with the National Cyber Security Centre to get the scam sites at the end of the links taken down. You will be protecting lots of other people who didn’t spot the scam!


Google’s Jigsaw branch have created a simple online phishing quiz which you can use to have a go at spotting phishing.