Example Text

YOUVE BEEN HACKED... only kidding

(This is a test sent by your employer to see if you spotted the scam)If you are reading this then oops, you clicked the link. But no panic. You are part of the learning. Let’s turn this little mistake into a big win for your online awareness.

What really happened

Cybercrime is not just something that happens to big companies or secret government labs. It is happening every single day in ordinary businesses, homes, and inboxes across the UK.

Hacking vs Phishing vs Online Fraud

Hacking is when someone breaks into a computer or network to steal, alter, or destroy data. Imagine a burglar picking your lock.Phishing is when someone tricks you into handing over the keys yourself. It is a con game through email, text, or fake websites that looks real but is not.Online fraud covers all the sneaky ways criminals try to steal money or data. It can include phishing, hacking, identity theft, fake invoices, and payment scams.So in short

• Hacking is breaking the lock
• Phishing is tricking you to open the door
• Fraud is everything they do once inside

The scary but true statistics

• According to the UK Government’s Cyber Security Breaches Survey 2025, 93 percent of businesses and 95 percent of charities that experienced a cyber incident said phishing was involved.
• The National Cyber Security Centre (NCSC) says over 41 million suspicious emails have been reported to their Suspicious Email Reporting Service.
• Around 41 percent of small businesses in the UK have experienced fraud, losing an average of £4,000 per incident according to Ramsac.
• About 46 percent of cyber attacks in financial services start with a phishing email according to Beyond Encryption.
• Around 37 percent of UK businesses say they experience a cyber attack at least once a month, and 13 percent say they are attacked almost every day, based on Wavex research.

So if you thought “this would never happen to us,” well, statistically it already has.

Why phishing still works

• People are busy. Scammers know we click before we think.
• Emails look convincing. Fake addresses and logos are easy to copy.
• Spam filters are not perfect. Even the best systems miss a few.
• We underestimate risk. Most people think they are too smart to fall for it.

And that overconfidence is what keeps cyber criminals in business.

The big red flags

1. The sender’s email address does not match their name.
2. The link looks strange when you hover over it.
3. The message uses words like “urgent” or “immediate action.”
4. You were not expecting the file, invoice, or message.
5. The email asks for a password or code.

If you see any of these signs, stop. Count to three. Then report it.

What to do if you clicked

If you clicked but did not enter your password, you are fine. Just close the tab and report it.If you did enter your password, tell IT immediately. They will lock your account and reset it. No one will be cross. Mistakes happen. The only real mistake is not reporting it.

The official stuff

Here are official UK Government videos and pages that show how to spot and report scams:

• 🎥 Watch the NCSC video on spotting phishing emails
• 🎥 Watch the NCSC playlist of cyber security videos for staff and small businesses
• 📘 Read the NCSC guide on phishing and scams
• 📨 Read the GOV.UK page on reporting suspicious emails, websites, and texts
• 🔒 Visit Get Safe Online for simple, practical security tips

How to report suspicious stuff

• Forward dodgy emails to report@phishing.gov.uk
• Forward fake HMRC emails to phishing@hmrc.gov.uk
• Forward scam texts to 7726 (it spells SPAM on your keypad)
• If money has been stolen, report it to Action Fraud or call 0300 123 2040

Every report helps shut down real scams and protects others.

A bit of humour to remember

Phishing works the same way as fishing.

Criminals throw out bait and hope someone bites.

Your job is simple.

Don’t be the fish. If it looks odd, smells odd, or comes with a free offer that sounds too good to be true, keep your mouse in your pocket.

What you can do right now

1. Pause before you click.
2. Check the sender’s address.
3. Hover over links.
4. Report anything suspicious.
5. Tell IT immediately if you think you made a mistake.

In summary

Cyber criminals are clever but not unbeatable. Awareness beats panic. Curiosity beats fear. And a good laugh beats a bad link. So next time you see something fishy, remember this post, smile, and hit “Report.” You are now officially harder to hack.