Phishing: What You Need To Know
What is it?
Phishing is an email-based cybercrime where attackers impersonate real organisations or people you know in order to trick you into clicking a link, entering passwords or bank details, paying fake invoices, or sharing data.
The Risks:
Phishing(email)/Vishing(phone)/Smishing(text) is one of the leading cause of cyber security breaches, and a major path into organisations.
Around 60%+ of breaches involve the human element* – people being tricked, making mistakes, or having credentials stolen. Phishing and pretexting (carefully crafted, “believable” messages) are still the leading cause of social-engineering incidents and a major path into organisations.
AI tools have massively boosted volume and realism of phishing email scams, contributing to billions in losses globally.**
*The 2025 Verizon Data Breach Investigations Report (DBIR) delivers a clear warning: nearly 60% of breaches involve a human element, whether through error, manipulation, or malicious misuse.
What this looks like for staff:
“Your Microsoft 365 session has expired – click here to re-authenticate.”
Fake CEO/CFO emails asking finance to “urgently” pay a new supplier.
Fake parcel / HMRC / bank messages asking you to “confirm” details.
Fraudulent WhatsApp or SMS messages to drivers/engineers about job changes or payment details.
Precautions you should always take:
Treat any unexpected link, invoice, payment change or “urgent” request as suspicious – instead communicate directly with the person in question but DO NOT REPLY TO THE SUSPICIOUS EMAIL OR MESSAGE!
Use company-managed password managers such as BitWarden or One Password, plus unique password - don’t store passwords in browsers or unapproved apps.
Report suspicious emails using the phishing/report button instead of just deleting.
