Skip to content Skip to bottom

What is Phishing? Learn how this type of cyberattack works


Phishing is a type of social engineering cyber threat. It’s where an attacker sends emails designed to trick the receiver into revealing sensitive information or clicking on malicious links.

This video shows you what phishing is, the type of data hackers are after, and the importance of a zero-trust approach.

The severity of phishing attacks

Phishing is conducted by cyber criminals, and targets can be contacted by email, telephone or text message. The attacker poses as a legitimate source in an attempt to steal private information or encourage recipients to click on malicious links. If the phishing attack is successful, the data consumed is often used to access private information and accounts which can result in financial loss and identity theft of the victim. Or, the links direct recipients to harmful websites or deploy malware on to the users system.

According to the UK cyber security breaches survey 2022, 39% of businesses identified and reported a cyberattack of some kind. Out of that 39%, the most common threat vector by far was phishing attempts at 83%. This form of cybercrime is popular weapon of choice for hackers. Therefore, it’s important to be aware of the red flags.

Phishing attempts – the red flags

95% of security breaches are caused by human error. The best defence against phishing attempts is to educate yourself and other employees on the red flags that may signal a phishing attack. Things to look out for are:

  • Urgent requests from the sender
  • The feeling that it’s too good to be true
  • Grammar and spelling mistakes
  • Unusual email addresses or addresses that don’t look right
  • The sender can’t provide proof of identity
  • Suspicious links and attachments
  • All-image email signatures instead of text

In phishing attempts, hackers typically pose as someone you know or trust or as a representative of a reputable organisation. If their tone of voice seems ‘off’, their email address seems suspicious, or they are pushing you for an urgent response, verify the sender via a different channel. You should also delete the email to be safe.

Looking to improve security awareness and controls in your business?

Adopting a zero-trust approach in your business can be difficult. 848 is a trusted IT partner with 11 years of experience in configuring, scaling and securing cloud-first solutions. Our team of cyber security experts can help you and your business stay aware of and protected from cyber threats and attacks.