What is phishing?

Phishing is a common and widely used form of cyber attack with the intent to steal, damage and encrypt user data. This form of cyber attack usually happens through email communication where the cyber attacker attempts to trick a user into clicking on an infected link that will download malware onto their device. Once the malware has been released, the attacker is now able to access all of the user’s data.

Phishing attacks are often linked with ransomware, this is a fraudulent act where the attacker will offer the user’s data in exchange for payment.

There are four main types of phishing attacks:

Spear fishing

As you may be able to guess from the name, spear fishing targets a specific group or an individual such as the system administrator.


Whaling refers to much bigger targets such as an CEO or the company’s managing director.


This phishing attack has the same aim but rather than attempting the attack via email, it involves a fraudulent type of phone call.


Similar to vishing, this type of phishing attack also holds the same goal for the cyber attacker but it is attempted via text messaging.

What can cause phishing attacks?

Every 30 seconds, millions of users are putting themselves at risk of a cyber attack on the internet (Usecure).

One of the most common causes of phishing attacks is the general lack of knowledge and awareness to recognise as and when these bait style phishing attacks come in. Cyber attackers are becoming more sophisticated where email addresses appear to look legitimate. This reinforces why it is so crucial for everyone to stay vigilant and pay close attention to any links or attachments that are being sent across, especially if they are unexpected.

According to Osterman Research, they have identified 3 key factors that are linked to the cause of phishing attacks on businesses:


­Lack of knowledge and awareness surrounding phishing attacks.


Not following the best cyber security practices such as backing up data or conducting employee training.


Phishing attacks are becoming more sophisticated.

Why are phishing attacks so successful?

What you don’t know, you don’t know. That’s exactly the reason why phishing attacks are so successful on businesses worldwide. If your business isn’t providing its employees with awareness programmes and training sessions surrounding cyber security, how are they expected to recognise these fraudulent types of cyber attacks?

Cyber attacks on businesses are becoming more and more sophisticated and difficult to predict. No business is safe, everyone is a possible target for cyber attackers to potentially bait and trick which can leave your businesses behind with some serious detrimental and costly damage to deal with.

You should also consider adopting better cyber security practices and technology to prevent these cyber attacks in the first place. Cyber Essentials is a government-backed scheme that was first introduced in 2014 as a way of providing businesses nationwide with protection against basic types of cyber threats.

How to prevent future phishing attacks

Phishing emails are becoming harder to spot and truthfully, there is nothing that will completely block you from receiving them. However, there are a few measures that you can take to help reduce the risk of these cyber attacks on your business. 

Employee training

Phishing attacks are always ever-changing, but there are similarities between them that can make it easier to identify these types of cyber attacks. It’s important to ensure that everyone in the workplace is aware that these types of cyber attacks exist, how to recognise them and what to do in the event of receiving one.

Think before you click

Even if you know the sender and ‘trust’ the email that has been sent to you, it’s generally good practice to question it and do some further investigating to verify whether this email is legitimate. Something that you can do to check whether the link is legitimate is to hover over the URL and check whether it is correct or just a carbon copy of what the genuine website link normally looks like.

Regular updates & password changes

We know it can be quite frustrating seeing numerous reminders about system updates, but it is so important that you do these as soon as you can! Updates come with patches that resolve any vulnerabilities or weaknesses in the system that can be exploited by cyber criminals to gain access to your data. Regular password changes should also be performed to ensure that your accounts are kept secure should a password become compromised.

Install firewalls

Did you know that firewalls are really effective at preventing external cyber attacks? Essentially, firewalls act as a barrier between your device and the attacker that is attempting to compromise your data. To further reduce the risk of a cyber criminal infiltrating your device, install firewalls on both your device and network to heighten your security.


Although there is little that can be done to completely prevent a phishing attack on your business, there are measures that can be put in place to greatly reduce the risk.

We work with all types of businesses of various sizes to help them understand how secure their IT infrastructure is against common types of cyber attacks. Our services focus on keeping your business and your assets cyber secure whilst adopting the best IT practices, learn more here.