Woman uses MFA on her mobile device to protects her business against phishing attack

How to spot a phishing attack. And what to do next.

Posted 05 May 2022 by Laura

News about phishing attacks are everywhere at the moment – even the mainstream media and consumer magazines are calling it out. And for good reason. Scarily, phishing attacks are responsible for a whopping 83% of cyber breaches. 83 per cent. Take a moment to sit with that.

(As a side note, while researching this we found an article by IBM from 2009 which said phishing attacks were in decline. Oh, how things have changed).

If you’re a small (but mighty) cog in a mighty big machine, you potentially won’t have the power within your organisation to make sizeable changes to your IT infrastructure. In which case, stats like that can feel a bit disheartening. But cue the fanfare, that’s where we come in…

Taking the proactive approach

Because there’s no need to feel like your hands are tied. When 85 per cent of all security breaches involve the human touch, it’s clear that the majority of folk need to make changes and, actually, even the smallest of changes can have a huge impact on the security posture of a business.

Human error in phishing attacks often happens when the person opening the email doesn’t really know the difference between a legitimate email and a phishing email. But get educated, recognise the warning signs of breaches – and hopefully that 85% can be brought down to something a bit more manageable. As anyone who has been breached will tell you, when it does happen, it’s bloody hard work.

To find out more about working securely in the cloud, download our free handy guide to cloud identity and access management. 

And with that, here's our short checklist for protection against phishing attacks; increasing the security of the business and, if you share identities across networks and devices, at home too:

1. Make sure security software is installed across any devices that you work from. If you use your own device (laptop, PC, tablet, phone) to access your work email or applications, these all need to be protected. Set your updates to happen automatically – and always run an update if you’re prompted.

2. Install an authenticator app – and authenticate into everything that requires a login. It’s free, easy to do and, according to the dons over at Microsoft, is the single most important thing anyone can do to protect themselves against a cyberattack. Still need convincing?

3. Choose a really good password – or passphrase to be precise; a combination of three words (you could even throw in some numbers and symbols for a Brucie Bonus).

4. Don’t make yourself an easy target. Cyber criminals find out about you by scanning your social media profiles. The more info they have on you, the more personal they can be – while learning the best way to manipulate YOU into clicking THAT link.

5. Be super vigilant. When an email or SMS lands, check the sender’s contact information…do you recognise it, does it look right? Is the email or SMS constructed in a way and to a standard you’d expect from that person? If it looks odd in any way, just delete it. We all know that if someone wants to legitimately get hold of you, they’ll try again. So unless you’re absolutely sure you trust the email or SMS, don’t bother opening it.

6. It’s not uncommon to be using multiple social media platforms. But there is a way to do it safely. The National Cyber Security Centre encourages social media users to use privacy settings to manage their digital footprint on Facebook, Twitter, YouTube, Instagram, LinkedIn, Snapchat and TikTok.

7. It’s important to report a breach as soon as you’re aware of it. If you don’t know who you should report a breach to, it’s either time to find out or, dun dun duuuuun, it’s you. Either way, make sure you know the procedure so you can act swiftly and appropriately if and when needed.


There's are lots of things you can to do spot a dodgy phishing email amongst an inbox of legitimate, safe emails. Be on guard, stay alert and don't fall foul of rogue link opening. To find out more about working securely in the cloud, download our free guide to avoiding the fate of the Death Star.