What is phishing and how to protect yourself

10 February 2026 Cybersecurity

Introduction: Why understanding phishing matters

Phishing is one of the most common forms of cybercrime. It uses deceptive messages to trick people into revealing passwords, bank details or other sensitive data. For individuals, businesses and public organisations, falling for phishing can lead to financial loss, identity theft and data breaches. Understanding what phishing is and how it works is a key part of personal and organisational cyber security.

Main body: How phishing works and common signs

What phishing is

Phishing is a type of social engineering attack where criminals impersonate trusted sources — such as banks, colleagues, or well‑known services — to persuade recipients to take an action. That action might be clicking a link, opening an attachment, or entering credentials on a fake login page.

Common delivery methods

Phishing can arrive in many forms: email is most common, but attacks also happen via SMS (smishing), voice calls (vishing), social media messages and malicious websites. More targeted versions are called spear‑phishing, which focus on a specific individual or organisation, and whaling, which targets senior executives.

Typical indicators

Signs that a message may be a phishing attempt include unexpected requests for personal information, urgent or threatening language, generic greetings, spelling or grammar mistakes, and mismatched or unusual sender addresses and URLs. Attackers often use slightly altered domains or look‑alike branding to appear legitimate.

Practical protections

Defences include checking sender details and URLs before clicking, enabling multi‑factor authentication, keeping devices and software updated, using reputable email filters and security tools, and maintaining good password hygiene. Organisations should run regular staff awareness training and incident‑reporting procedures.

Conclusion: Outlook and significance

Phishing remains a leading cause of cyber incidents and is likely to evolve as attackers adopt new technologies, including automated and AI‑assisted techniques that can create more convincing scams. Continued vigilance, user education and layered technical defences are essential. If you suspect a phishing attempt in the UK, report it to your organisation’s IT team and to Action Fraud or your local authorities—prompt reporting helps limit harm and protect others.