Skip to main content
Business Operations
Back to News
Cyber Awareness Month 2024

Cyber Security and Phishing Awareness

ENISA Month, or European Cybersecurity Month (ECSM), is an annual campaign organised by the European Union Agency for Cybersecurity to raise awareness about the importance of cybersecurity across Europe. Held in October, it promotes best practices to protect individuals and organisations from rising cyber threats. A critical element of ENISA Month is phishing awareness, as phishing attacks are among the most common and effective methods used by cybercriminals to steal sensitive information. 

Phishing attacks are a malicious fraudulent practice that is used by cybercriminals to try and get a target to disclose sensitive information such as username, password, credit card details, and more. These scams are typically carried out through emails, texts, phone/voicemail or websites that appear to be from reputable sources. 

Common Phishing approaches used include:

  • The attacker sending emails posing as a legitimate entity like a bank or credit card company.
  • Targeted phishing attacks that are customised for a specific individual or organisation.
  • Targeting high-profile individuals like CEOs or government officials. The attacker generally impersonates a peer within the target’s organisation.  
  • Sending text messages to mobile phones posing as a legitimate entity.
  • Phishing you for your personal information by phoning you or by voicemail.

Recognising the Scam:  

Being aware of the common signs of a Phishing scam can help you to avoid falling victim, and there are some red flags that you should watch out for.  These include receiving the following:  

  • An Unexpected Request: Be cautious of unsolicited emails, calls, or texts asking for personal or financial details.
  • A Poorly Written Message: Watch for spelling errors or generic greetings.
  • Sense of Pressure: Scammers often invoke urgency or fear to prompt hasty decisions.
  • An Unrealistic Offer: If an offer seems too good to be true, it most likely is.
  • An Unconventional Payment Request: Beware of anyone asking for payments via wire transfers, gift cards, or cryptocurrencies.

Reducing the Risk:

There are several cyber practices that can be followed to greatly reduce the risk of falling victim to a phishing attack. These include:

  • Verify the sender:  Check the sender's address or phone number for authenticity.
  • Urgency:  Be cautious of messages demanding immediate action or creating panic.
  • Inspect Links:  Hover over links to see the actual URL before clicking.
  • Poor Grammar:  Spelling mistakes or awkward phrasing are red flags.
  • Attachments:   Avoid opening unexpected files from unknown sources.
  • Requests for Sensitive Information: Legitimate organisations won't ask for passwords or financial details via email or text.

HSE staff can gain additional insights and awareness from the mandatory Cyber Training and Awareness programme available on HSeLanD.

If you suspect you have been targeted by a phishing attempt, you can report the phishing attack to our National Service Desk (NSD) on 0818 300 300 or log a ticket on Ivanti.

In addition, you should contact the company being impersonated to help prevent others from falling victim to similar scams.