Phishing attacks are a common way to gain access to someone’s personal details that can then be used to gain access to systems or conduct fraud. Phishing involves sending emails to addresses that contain links or attachments designed to obtain personal details. These are surprisingly effective because many people will click on the link or open the attachment.
The best defence is not to open attachments or click on links from unknown emails or texts. Phishing attacks are also becoming more sophisticated and harder to detect. In many cases the sender will appear to be legitimate and it could seem to be a legitimate request. A good spam filter will help remove most suspicious emails to reduce some of the risk. Think about how to tell whether the email or text is legitimate before you open or click on it.
There are also targeted Phishing attacks which have become more common. These target particular individuals, roles or organisations. The attacker may even know something about the person or organisation that makes it appear real. Be very suspicious of unusual requests from outside your organisation and verify the authenticity using another method. Care should be taken that the verification is a trusted source and not the website, phone number or email provided by the attacker.