Phishing Awareness: Protecting Yourself and Your Organisation

Cybercriminals are becoming increasingly sophisticated, leveraging technologies such as AI to create highly convincing scams designed to deceive individuals more effectively. These attacks attempt to trick employees into revealing sensitive information, such as passwords or financial details, by pretending to be legitimate sources. Phishing attacks remain the biggest cybersecurity threat we face organisations today as they continue to be the most common way criminals steal sensitive information, compromise accounts, and gain access to our systems. As an employee, your vigilance is crucial in safeguarding  personal and company sensitive data. Here’s what you need to know to protect yourself and organisation from phishing attempts.

Understanding Phishing

Phishing is a form of cyber-attack where attackers use emails, text messages, or phone calls to deceive individuals into providing confidential information. These messages often appear to come from a trusted entity, such as a manager, a bank, or even a well-known company.

Phishing attacks can take different forms, including:

• Email Phishing – Fraudulent emails containing links to malicious websites or attachments with malware.
• Spear Phishing – Targeted attacks directed at specific individuals within an organisation.
• Whaling – Aimed at high-profile targets such as executives and senior management.
• Smishing and Vishing – Phishing attempts conducted via SMS (smishing) or voice calls (vishing).

How to Protect Yourself and Your Organisation

• Check Egress banners – Use banners to help guide you in determining the authenticity of the email.
• Verify the Sender – Always check the sender’s email address carefully. If in doubt, contact the sender directly using a known and trusted method.
• Think Before You Click – Do not click on links or download attachments from unexpected or suspicious emails.
• Report Suspicious Emails – If you receive a suspected phishing email, report it to your IT or security team, or use your organisation’s reporting tools such as clicking ‘Report Phish” button in your Outlook ribbon.
• Enable Multi-Factor Authentication (MFA) – GSMA has enabled Okta multi-factor authentication on all corporate systems and platforms.
• Keep Software Updated – Ensure that your operating system, email client, and antivirus software are up to date to protect against malware. If prompted to update and reboot, do so at a convenient moment.
• Stay Educated – Participate in regular security awareness training to stay informed about the latest phishing techniques.

What to Do If You Fall Victim

If you suspect you’ve fallen for a phishing attack, act quickly:

• Report it immediately to your IT or click ‘Report Phish” button in your Outlook ribbon.
• Change your passwords if you have entered your credentials on a fraudulent site.

Understanding and Preventing Social Engineering Attack

Social engineering is the practice of manipulating individuals into revealing information or performing actions that compromise security. Think of it as a con artist’s toolkit, applied in the digital world.

Examples include:

• Phishing emails that trick you into clicking malicious links or sharing login details.
• Phone calls or text messages posing as IT support, vendors, or even leadership.
• Impersonation on collaboration platforms or social media.

Why Social Engineering Is So Dangerous

Unlike malware or system exploits, social engineering doesn’t rely on flaws in software – it relies on us letting our guard down. Even the most security-savvy organisations can be put at risk if just one employee is deceived.

Recent incidents across industries have shown that a well-designed phishing campaign or impersonation attempt can lead to:

• Unauthorised access to sensitive company data.
• Theft of intellectual property or trade secrets.
• Financial fraud or fraudulent payments.
• Significant reputational damage.
• Breach of sensitive personal information.

How You Can Help – Stay Vigilant

Security isn’t just the responsibility of IT and security teams – it’s part of everyone’s daily role. Here are some practical ways to protect yourself and your organisation:

• Pause before you click. If an email or link seems unexpected, double-check before engaging.
• Verify requests through trusted channels. If you receive an urgent message asking for credentials, payments, or sensitive information, confirm it by phone or in-person with the requester.
• Watch for red flags. Spelling errors, unusual tone, or odd formatting are common in phishing attempts.
• Guard your credentials. Never share passwords, multi-factor authentication codes, or system access with anyone. No one legitimate will ever ask for them.
• Report suspicious activity. Forward questionable emails or incidents to  your IT or security team – it’s better to be cautious than to assume.
• Be cautious about oversharing. Details about projects, planned absences, or team structures posted publicly can help attackers craft convincing scams.

Our Collective Responsibility As technology and AI advance, so too will the methods used by cybercriminals. Our most effective defence is fostering a culture of vigilance, where every employees approaches unexpected digital interactions with a cautious and questioning mindset.