Skip to content
Step 1 /
flag Introduction

What is phishing?

Phishing is the most common way scammers get into your accounts, your money, or your work systems. One wrong click, or one quick reply, is enough. In this module you will learn what phishing actually is, why you are a target too, and which channels it comes through.

target What you will learn in this module
  • check_circle What phishing is and what scammers actually want
  • check_circle Why you and your SME are targets too
  • check_circle Which channels phishing comes through and what it can cost
menu_book The essentials

Phishing in one sentence

Phishing is an attempt to trick you into voluntarily giving something up or doing something: typing a password, clicking a link, opening an attachment, transferring money, or sharing data.

The scammer pretends to be someone you trust: a courier, your bank, a well-known brand, a colleague, or even a family member. The message looks real, uses the right logo and the right tone of voice, and pressures you to act quickly.

key The core of every phishing attempt

Phishing does not exploit technology, it exploits trust and urgency. The attacker wants you to act before you think. So your best defence is simple: pause and verify.

target Targets

Why you are a target too

A lot of people think, “there is nothing worth taking from me”. But everyone is interesting to a scammer.

  • Your personal data (name, address, National Insurance number, card details) can be misused for Identity theft Scammers use your personal details to impersonate you: they open accounts, make purchases, or sign contracts in your name. The effects often last a long time and are hard to undo. .
  • Your login details give access to email, online shops, social media, or your banking app.
  • Your device can be hijacked or used to reach other people.
  • Your business is especially attractive: through one employee, an attacker can reach customer data, invoices, or payments.
storefront SMEs get targeted just as much

Attackers do not only go after large companies. SMEs often have less security and less time for checks, while they do have access to money and data. One employee clicking too quickly is enough.

hub Channels

Which channels does phishing come through?

Phishing has long stopped being just an email problem. The principles are the same each time, only the channel changes.

  • Email is the classic channel: a fake message from a brand, bank, or colleague with a link or attachment.
  • SMS and chat (smishing): a short message via SMS, WhatsApp, or iMessage, for example about a parcel or a bank account, or a “family member” urgently asking for help or money.
  • Phone (vishing): someone calls and pretends to be the bank, the helpdesk, or a government department.
arrow_forward What comes next

In the next modules you will practise specifically with email and with SMS / chat messages, because the way you check them differs slightly per channel.

payments Impact

What can it cost?

The damage from a successful phishing attack is rarely just the amount on the screen.

  • Direct loss: a transfer you will not get back, or a purchase made with your stolen card details.
  • Data breach: access to your mailbox or systems often means access to the data of your customers and colleagues too.
  • Reputation and trust: a hacked mailbox that goes on to attack your contacts damages your relationships.
  • Time and stress: recovering, resetting passwords, notifying everyone, and reporting it takes days.
gavel There is a GDPR angle too menu_bookRead more in the knowledge base

If phishing puts the personal data of customers or employees into the wrong hands, that is a personal data breach. Depending on the severity, you have to report it. Good security and awareness are therefore part of your GDPR obligations too.

cases First example

A first look at a phishing email

Below you see an example that looks convincing at first glance: the right logo, the right colours, a familiar story. But the real sender and the real link tell a different story. Do not worry if you cannot spot it yet, that is what we practise in module 2.

touch_app Inspect it yourself

Tap on the sender and on the button to reveal the real sender address and the real link behind them. This calm habit of checking before you act is the single most important skill in spotting phishing, so try it on every example in this course.

View in
Your parcel could not be delivered, action required
D
ads_click hover or tap to see the real sender
Your parcel could not be delivered, action required
DHL Express

Dear customer,

Your parcel (tracking UK84729103) could not be delivered today due to insufficient postage. Pay a surcharge of £2.49 within 24 hours to avoid cancellation.

Click the button below to confirm your delivery.

Confirm delivery ads_click hover or tap to see the real link
DHL Express © 2026 · This email was sent to you as a customer. Unsubscribe · Privacy policy

Is this message phishing or trustworthy?

quiz Practice · question 1 of 2
info Just practice, this does not count toward your certificate
What does phishing primarily exploit?
Correct: phishing is mostly a form of manipulation. The attacker pretends to be someone you trust and pressures you to act quickly. Pausing and verifying is therefore your strongest defence.
quiz Practice · question 2 of 2
Which statement about targets is true?
Correct: SMEs and private individuals are attractive targets too. Your login details, your device, and the access you have at work are all valuable to an attacker.
summarize Summary

What you take away from module 1

  • bolt Phishing tricks you into voluntarily giving something up or doing something, by pretending to be someone you trust.
  • bolt It exploits trust and urgency, not technology. Pausing and verifying is your strongest defence.
  • bolt Everyone is a target, including SMEs and private individuals.
  • bolt Phishing comes through email, SMS, chat, and phone. The principles are the same each time.
  • bolt The damage is rarely only financial: think about data breaches, reputation, and time too.
workspace_premium Module complete

Module 1 complete 🎉

You now know what phishing is, why you are a target, and which channels it comes through. In module 2 you will learn the most important skill: calmly inspecting an email to find the real sender and the real link.

lock_open 1 of 5 modules

On your way to your “Recognising phishing” certificate

Complete all 5 modules and pass the final exam (at least 70%) to receive a personal certificate of attendance in your name.

check_circle Module 1 completeradio_button_unchecked Modules 2-4radio_button_unchecked Final exam ≥ 70%
workspace_premium