You’ve heard about it and you know it’s bad for your business, but are you 100% sure what it actually is?

Phishing and Spear Phishing have been around for some time and affect small businesses on a day to day basis, so let’s briefly get to grips with the terms, what they mean and how you can help secure your team from attack.


Simply, phishing is a form of fraud. An attacker will disguise themselves as a reputable person or brand via email. Emails are usually sent to the masses in the hope that there will be one or two users that will be conned into thinking the content is safe. The emails usually contain malicious links or attachments that can perform specific functions such as extracting login credentials and account information.

Some emails may be disguised better or look more genuine than others, hence why it is important for your team to know about these kinds of attacks to ensure they are vigilant. Phishing attacks don’t just come in email form though, they can come through SMS, instant messaging and social networks.

Common types of Phishing email you may recognise personally are:

  • Apple Billing emails
  • Amazon refund of payments  

Spear Phishing

Spear Phishing as the name suggests is a little more targeted. Attackers usually send emails that contain more personal information or perhaps are sent in a more personal way so that they seem to be from a person you trust. They often contain personal information (pulled from online profiles) and ask you to complete a task with a sense of urgency – perhaps asking you to send over credit card details to transfer a certain amount to a specific bank account or to click on a malicious link to purchase something.

Types of spear phishing emails:

  • Your boss or colleague asking you to complete an urgent task (involving a link).
  • A email from a friend asking you to bank transfer them some money. 

Tips to avoid attacks:

  • Be careful what kind of personal information you post online.
  • Use smart passwords – not just one generic one.
  • Train the team on email awareness and operate a think before you click culture.
  • Use logic if you receive an email from a ‘friend’ that is asking you something out of the ordinary or to take action immediately.

Please feel free to save our infographic to share with your team members or put up on your companies intranet to ensure that this topic is at the forefront of everyone’s minds. 

Alternatively, if you need some further advice on how to train your team or would like to talk to one of our friendly security experts please call 01524 811 388 or email

Content Image
Cyber Essentials ISO 9001 Cyber Essentials Plus BCS