InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October 28. Phishing: Don't Take the Bait!
"A graphic announcing 'October is Cyber Security Awareness Month,' with text explaining the importance of creating a cyber emergency contact list in preparation for a cyber attack. It also includes a 'Cyber tip' to assess passwords, turn on MFA, and review critical accounts, especially email. A shield icon with a checkmark and a lightbulb icon are visible."
Information/Cyber Security

October 28. Phishing: Don't Take the Bait!

Phishing remains one of the most prevalent and effective cyberattack methods, tricking millions into compromising their data every year. These deceptive messages, often arriving via email, text message (smishing), or phone call (vishing), are designed to look legitimate. They aim to trick you into revealing sensitive information like login credentials, credit card numbers, or personal data, or to click on malicious links that install malware.  They may also be the start of a more complex cyber attack as a way into a system.

Always be suspicious. Phishing attempts often play on urgency, fear, or greed. Look out for:

  • Unsolicited or unexpected messages: Did you really order that package? Is your bank suddenly asking for your full credit card number via email?

  • Generic greetings: "Dear Customer" instead of your name.

  • Poor grammar and spelling: A common red flag.

  • Suspicious sender addresses: Hover over the sender's name to see the actual email address; it often won't match the purported sender.

  • Urgent or threatening language: "Your account will be suspended!" or "Click now to claim your prize!"

  • Links that don't match the description: Hover over links (don't click!) to see the true destination URL. It might look like "amazon.com" but actually lead to "https://www.google.com/search?q=amaz0n-logins.com."

If something feels off, don't click, don't reply, and don't download. Instead, verify the legitimacy of the message by contacting the organization directly using a known, trusted phone number or website (not the one provided in the suspicious message). You are the last line of defence against these cunning scams.

💡Today's Cyber Tip: Practice the "Hover and Verify" Rule!

Today, whenever you receive an email with a link, practice hovering your mouse cursor over the link (without clicking!) to reveal the actual URL. Train yourself to spot discrepancies between the displayed text and the true destination.


91% of all cyber attacks begin with a phishing email to an unexpected victim :Deloitte News Article.

Recognise and Report Phishing (Recognising Red Flags 🚩):

  • A tone that's urgent or makes you feel scared (i.e. click immediately or your account will be closed)
  • The sender email doesn't match the company it's coming from (unusual spellings)
  • An email you weren't expecting
  • Request to send personal information
  • Misspelled words, bad grammar and unusual URLs can still be a sign of phishing



Information source: CISA Cyber Security Awareness Month

General guidance for preventing a phishing attack:

  • Install security software on mobile devices.
  • Avoid browsing certain websites, block if necessary.
  • Only download reputable mobile applications from legitimate sources and restrict within an organisation.  Consider having an 'approved' software list for the organisation.
  • Exercise caution on social media.
  • Use different passwords - see previous article on Passwords: {article title="October is Cyber Security Awareness Month: 27. Passwords"}[link][title][/link]
  • [readmore]{/article}.
  • Beware of phishing emails - Article: {article title="Types of Cyber Attacks: Phishing"}[link][title][/link]{/article}.
  • Be careful when using public wireless networks.
  • Consciously keep up with current security trends and threats.

Ensure staff are trained on how to recognise a phishing email and what to do when they receive one.  Consider running a phishing campaign as a training exercise: DPE Phishing Campaign.

Review: DfE Cyber Security Standards for Schools and Colleges.

Take a look at our Drip Feed poster:
pdf Who's sending you emails(151 KB)

Review NCSC Phishing Guidance:
Phishing: Spot and report scam emails, texts, websites and calls
Phishing attacks: defending your organisation

Review DPE's previous articles about phishing:
{article title="Types of Cyber Attacks: Phishing"}[link][title][/link]
[readmore]{/article}
{article title="Cyber Threat to Health and Education Sectors"}[link][title][/link]
[readmore]{/article}
{article title="Types of Cyber Attacks: Spear Phishing"}[link][title][/link]
[readmore]{/article}
{article title="Scammers Pretending to be Family Members: Cyber Update"}[link][title][/link]
[readmore]{/article}
{article title="WhatsApp Hit by Fake Voice Message Scam"}[link][title][/link]
[readmore]{/article}
{article title="Cyber Crime: AI Generated Phishing Attacks"}[link][title][/link]
[readmore]{/article}

More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):
{module title="Checklist: Cyber Security"}
{module title="Cyber Attack Advice"}

DPE Knowledge Bank Guidance and Support:


For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress: 

   

Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:



Why not have a look at our 'specialist' trainer Harry the Hacker :

©2025 Data Protection Education Ltd.

Search