Blogs & News

Back to articles

Protect your organisation from phishing attacks

Phishing is a scam where criminals try to get information or access through deception and trickery. Scammers will pretend to be a business or person your trust, or they may disguise their malware into something that looks innocent in hopes that you’ll install it onto your system.

Today, businesses and individuals are frequently exposed to phishing attacks. And those digital threats are not only increasing in number, but also in sophistication. Read our blog to see how you can keep your organisation safe from phishing attacks.

Common phishing attacks

Content injection

This type of phishing attack injects a familiar website, such as an email login page or an online banking portal, with malicious intent. This can include a link, form, or pop-up that directs users to a secondary website, where they’re asked to input confidential information.

Link manipulation

A phishing scam can sometimes come in the form of a malicious link that appears to come from a trusted source, like big companies and famous brands. If the link is clicked, it takes users to a spoofed website, where they are prompted to enter account information.

Safe from Phishing attacks
Safe from Phishing attacks
Safe from Phishing attacks
Spear phishing

By far the most common tactic on this list, a phishing email may arrive to either your personal or professional email address. This email can include instructions to follow, a web link to click, or an attachment to open.

Man-in-the-middle phishing attacks occur when a cyber criminal tricks two people into sending information to each other. The scammer may send fake requests or alter the data being sent and received by each party.

This is a more advanced form of phishing. Spear phishing targets specific individuals, rather than random targets.

Falling for a phishing attack can lead to leaked confidential information, infected networks, financial demands, corrupted data, or worse!

7 ways to protect yourself from phishing

1. Inspect the sender’s email address. Is everything in order? A misplaced character or unusual spelling could signal a fake.

2. Be wary of emails with generic greetings that ask you to act urgently. For example “Dear customer”.

3. Look for verifiable sender contact information. If in doubt, do not reply. Instead, start a new email to respond.

4. Never send sensitive information by email. If you must convey private information, use the phone.

5. Think twice about clicking unexpected links, especially if they direct you to sign into your account. To be safe, log in from the official website instead.

6. Avoid opening email attachments from unknown senders or friends who do not usually send you attachments.

7. Install a phishing filter for your email apps and enable the spam filter on your email accounts.

Further Information

If you have any questions about how to keep your organisation safe from phishing attacks, or would like more information about how to keep your organisation protected, then please contact the GCC Group Support Team on 0345 260 1151 or

GCC Security Services

The threats to businesses are not only increasing in number, but also in sophistication. GCC Security Services ensures your business is protected and can stay productive no matter what happens.


GCC Security Packs

Last year alone Microsoft blocked more than 70 billion email and identity threat attacks.
Source: Microsoft, 2023.

To help protect organisations, GCC have developed a range of ‘Security Packs’:

  • GCC Security Base Pack
  • GCC Security Pro Pack
  • GCC Security Pro Plus Pack

Each pack adopts the latest Microsoft technologies, and other cloud-based services to manage, monitor and protect an organisation’s IT infrastructure & data.

Read more

Security Awareness Training

Old school Security Awareness Training doesn’t hack it anymore.

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. More than ever, your users are the weak link in your network security.

With Security Awareness Training your business can help create a ‘Human Firewall’ which can protect against malicious emails.

Read more

Cyber Essentials

Cyber Essentials is a UK certification scheme for a business to show a level of protection in cyber security. This scheme will help you protect your business against a range of the most common cyber attacks.

The scheme is backed by the UK Government and overseen by the Cyber Security Centre.

Read more