25% off on anonymous reporting and safeguarding tools for schools - click to find out more

Guide to Phishing Emails

Learn everything you need to know about one of the most common cyber-crimes

  1. Catalogue
  2. Resources
  3. Guide to Phishing

Am I Being Scammed?

The latest data is showing that Phishing attacks are being experienced by millions of people every single year. Being one of the easiest and most accessible ways to attack people's devices, it's not surprise that Phishing remains one of the most common forms of online attacks.  

The content on this page and accompanying articles will give you a comprehensive overview of what phishing is, the different types of attacks that can happen, how to spot an attempt at phishing, technical and human ways to prevent phishing, and a handy Phishing Flowchart to help you turn the tide on scammers.

What is Phishing?

Phishing is a type of cyber attack in which a cyber-criminal attempts to trick someone into engaging with something malicious with the end goal being to reveal sensitive information. This is usually done by sending an email, text message, or other communication that encourages the recipient to click a link, download an attachment, or enter personal details on a website.

The goal of phishing is often to collect information such as usernames, passwords, banking details, personal information, or security codes. Criminals can then use this information to access accounts, steal money, commit identity fraud, or launch further attacks.

Phishing messages are typically designed to look genuine and trustworthy. Attackers often impersonate well-known organisations such as banks, delivery companies, government services, or online platforms. The emails and websites they create are carefully styled to resemble legitimate communications, using official logos, similar email addresses, and familiar formatting to make the message appear authentic.

These messages often create a sense of urgency or concern, for example claiming there is a problem with an account, a missed delivery, or a suspicious login attempt. By encouraging quick action, attackers hope recipients will respond without carefully checking whether the message is legitimate.

Phishing is a form of social engineering, meaning it relies on manipulating people rather than directly exploiting technical vulnerabilities. Instead of hacking systems, attackers attempt to influence individuals into performing actions they would not normally take, such as sharing private information or clicking unsafe links.

Is the email I just received a phishing email?

It’s Monday. You check your email, as you normally do, and there’s an email from your bank, as there sometimes is. But this one threatens that your account will be closed in 48 hours if you don’t verify your details. All you need to do is click the link in the email and your account will be fine.

This is an example of ‘phishing’, a type of online identity theft that usually uses emails to trick the user in to doing something.

Of course, the email isn’t actually from your bank, and your account isn’t going to be closed in 48 hours, and you haven’t won a prize in a competition you knew nothing about, and there isn’t an order waiting for you at a depot. Sorry.

Phishing is devious and deceptive, playing on some of our base emotions and manipulating us when we're vulnerable.

Use our Knowledgebase Articles below to explore ways you can spot and stop phishing.

What is Social Engineering?

Social engineering is when someone attempts to manipulate another person into performing actions they would not normally do, such as opening an email, clicking a link in a message, sharing sensitive information, or downloading an attachment. Rather than exploiting technical weaknesses in systems, social engineering attacks focus on exploiting human behaviour, trust, and decision-making.

Cybercriminals often disguise themselves as trusted individuals or organisations, such as colleagues, banks, delivery companies, or IT support teams. They may create messages that appear urgent, important, or emotionally compelling in order to encourage people to act quickly without thinking carefully. 

The success of social engineering relies heavily on understanding how people respond to influence and persuasion. Many of these techniques are based on psychological principles that affect how we make decisions, particularly when we feel pressured, curious, or eager to help.

One of the most well-known frameworks for understanding persuasion comes from psychologist Robert Cialdini, whose research on influence identified six key principles that people naturally respond to. These principles are frequently used in marketing and communication, but they can also be exploited by cybercriminals when attempting to manipulate individuals.

Click the icons below to learn more about these six principles of influence and how they are used in social engineering attacks.

Knowledgebase Articles

Email Phishing Explained

The ins and outs of phishing - answering who, what, why, how, where, and when

Different Types of Phishing

The different ways cyber-criminals attempt email fraud

How to Spot Phishing Emails

Our guide to identifying phishing emails

An Example of Phishing

A real-life example of phishing

Technical Phishing Prevention

Technological ways to prevent phishing

Phishing Flowchart

Work out whether the email you've received is genuine or phishing

Cybersecurity News and Articles 

More Articles