Phishing Attacks: How to Spot Them and What to Do
The most common way UK businesses get hacked — in plain English. What to look for and how to protect your team.
Why phishing is the biggest threat to small businesses
Phishing is responsible for the majority of successful cyber attacks on UK businesses. It works because it targets the weakest link in any security system — people.
A well-crafted phishing email bypasses the most sophisticated technical defences by simply convincing a human being to do something — click a link, open an attachment, enter a password, or transfer money. No technical exploit required.
Types of phishing attacks
Standard phishing
Mass emails sent to thousands of addresses. Usually impersonate well-known brands — HMRC, Royal Mail, your bank, Microsoft. Spotted by poor grammar, generic greetings, suspicious links.
Spear phishing
Targeted attacks aimed at a specific person or business. The email may reference real people, projects, or events to appear convincing. Much harder to spot.
CEO fraud / whaling
An attacker impersonates the CEO or a senior executive, emailing the finance team to request an urgent bank transfer. Often sent when the real CEO is known to be travelling.
Smishing
The same technique but via text message. Fake delivery notifications, HMRC texts, bank alerts.
Voice phishing (vishing)
Phone calls impersonating banks, HMRC, or IT support. Often follows up an email to add legitimacy.
How to spot a phishing email
No single sign guarantees an email is phishing — sophisticated attacks can appear very convincing. But these warning signs should trigger caution:
- Unexpected urgency — "Your account will be closed in 24 hours," "Immediate action required"
- Requests for passwords or sensitive information — legitimate organisations never ask for passwords by email
- Mismatched email addresses — the display name says "HMRC" but the actual address is a random Gmail
- Suspicious links — hover over links before clicking; the URL shown should match where it claims to go
- Unexpected attachments — especially .zip, .exe, or Office files asking you to enable macros
- Slightly wrong details — wrong logo, odd formatting, your name spelled incorrectly
- Requests that bypass normal process — "Don't tell anyone about this," "This needs to be done today"
What to do if you receive a suspicious email
Don't click anything
Don't click any links, open any attachments, or reply to the email.
Verify through a different channel
If the email claims to be from your bank, HMRC, or a known contact, call them on a number you find independently — not the one in the email.
Report it internally
Tell whoever is responsible for IT in your business. Even if it turns out to be legitimate, it's better to check.
Report it to the NCSC
Forward phishing emails to report@phishing.gov.uk — this helps the NCSC track and take down phishing campaigns.
Delete it
Once reported, delete the email. Don't forward it to colleagues.
If someone has clicked a phishing link
Act quickly but calmly:
- Disconnect the device from the internet immediately
- Change passwords for any accounts that may have been compromised — from a different device
- Enable MFA on those accounts if not already in place
- Tell your IT company or IT contact what happened
- Run a full antivirus scan on the affected device
Phishing protection is one of the five areas covered in our free security assessment. It will tell you what email filtering you have in place and whether your team's awareness is adequate.
Find out where your business stands
Complete our 10-minute plain-English assessment and get a professional security report aligned to Cyber Essentials.
Start Your Free Assessment →£49 for the full report · No account required