Phishing

Published date:

Stay Sharp: Recognise and Report Phishing Scams 

Phishing remains one of the most prevalent cyber threats, targeting both individuals and organisations. The National Cyber Security Centre (NCSC) have advised that as of August 2025 more than, 45 million scams have been reported which has resulted in 230,000 scams being removed from 412,00 URLs.

These deceptive messages often appear as legitimate communications, aiming to trick recipients into revealing sensitive information or installing malicious software. 

Understanding Phishing 

Phishing is a form of social engineering where attackers impersonate trusted entities to deceive individuals. Common tactics include emails or text messages that:

  • Contain urgent requests or alarming statements to prompt immediate actions.
  • Include links to counterfeit websites designed to steal credentials.
  • Attach malicious files that can compromise your device.

Spotting the Signs 

Be vigilant for indicators of phishing attempts: 

  • Generic greetings: messages starting with “Dear Customer” instead of your name.
  • Poor grammar and spelling: legitimate organisations typically proofread their communications.
  • Suspicious links or attachments: hover over links to check their destination before clicking.
  • Unusual sender addresses: email addresses that don’t match the organisation’s official domain.
  • Attackers now use QR codes embedded in posters or emails to direct victims to malicious sites.
  • AI-generated messages that mimic real colleagues or services with alarming accuracy.
  • Voice phishing (vishing) is also on the rise, where scammers use realistic audio to impersonate trusted contacts over the phone.

Protective Measures 

To safeguard against phishing:

  • Enable Multi-Factor Authentication (MFA): this adds an extra layer of security to your accounts.
  • Use strong and unique passwords: consider using a password manager to keep track of them.
  • Keep software updated: regular updates patch security vulnerabilities.
  • Educate yourself and others: stay informed about the latest phishing techniques
  • Consider running phishing simulations in your workplace to test awareness and improve response times.

Reporting Phishing Attempts

If you receive a suspicious email, forward it to – report@phishing.gov.uk. Reporting helps authorities take down malicious sites and warns others. 

Every report counts; your vigilance helps protect others and contributes to shutting down scam networks. Phishing scams are evolving but so are we. 

Stay alert, report suspicious messages, and help build a safer digital community.

Find more detailed guidance check out the NCSC website:

  1. For recognising and reporting phishing scams .
  2. For information on defending your organisation from Phishing attacks.