How to Stay Safe from Phishing - Cybersecurity Month
October marks European Cybersecurity Month (ECSM)—an annual initiative led by ENISA and the European Commission to raise awareness about digital safety across the EU. This year, the spotlight is on phishing, the most common method used by cybercriminals to initiate attacks.
The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations. Promoted by EU Member States as well public and private organisations across Europe, ENISA together with the European Commission, support this initiative to bring cybersecurity awareness across Europe.
Know the Scams: A Quick Guide
This year’s campaign highlights the many faces of phishing:
- Phishing – deceptive emails
- Quishing – malicious QR codes
- Spearphishing – targeted attacks
- Smishing – SMS-based scams
- Vishing – voice call fraud
- Whaling – executive-level targeting
- BEC – business email compromise
- Deepfakes – AI-generated impersonations
Cybersecurity Is a Shared Responsibility
Henna Virkkunen, Executive Vice-President for Technological Sovereignty, Security and Democracy, emphasizes:
“Cybersecurity is not just about technology—it’s a shared responsibility across society. Staying vigilant and taking simple steps online helps build a safer digital future.”
ENISA Executive Director Juhan Lepassaar adds:
“European Cybersecurity Month is a key moment to remind citizens of the importance of digital security in a connected EU.”
Empowering the Next Generation
Beyond awareness, ECSM also aims to bridge the cybersecurity skills gap. Events like the European Cybersecurity Challenge (ECSC) and the International Cybersecurity Challenge (ICC) offer young talents a platform to showcase their skills in cryptography, reverse engineering, forensics, and more—while also developing teamwork and communication abilities.
How to Join the Movement
Hundreds of workshops, webinars, and online campaigns are planned across Europe this October. Whether you're a business leader, student, or everyday user, #THINKB4UCLICK and take part in building a more secure digital world.
European Cybersecurity Challenge 2025
Taking place in Warsaw, Poland from October 6th to 9th 2025, the European Cybersecurity Challenge is an initiative by the European Union Agency for Cybersecurity (ENISA) and aims at enhancing cybersecurity talent across Europe and connecting high potentials with industry leading organizations. National cybersecurity teams made up of 10 best talents aged between 14 and 25 take part in the competition, which is held annually in one of the European countries.
Learn more2nd Cybersecurity Awareness Raising Conference - Empowering the Human Element
Following the success of ENISA’s first Awareness Raising Conference held in Ljubljana, Slovenia, on 27 November 2024, the second edition will continue to explore and strengthen the human dimension of cybersecurity communication.
Practical information
Date: Nov 27,2025 from 9:00am to 5:00pm (Europe/Zagreb)
Place: The French Pavilion, Savska cesta 25, 10000, Zagreb, Croatia
Registration: Registration is open!
Phishing – thorn in my (web)site
ENISA finds that phishing remains the primary initial intrusion vector, accounting for approx. 60% of cases. Phishing continued to be the primary method for initial intrusion, remaining an effective technique to carry out cyberattacks.
Phishing can occur in many ways such as deploying fake CAPTCHA prompts on compromised or fraudulent websites, which trick users into executing commands under the pretext of human verification.
Furthermore, phishing-as-a-Service platforms, which are designed to automate the generation of branded phishing kits by cloning login pages and distributing links have enabled cybercriminals and other cyber threat actors to imitate trusted brands and trick users
It can also be observed that large language models (LLMs) are used to create more convincing phishing emails. By early 2025, AI-supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide.
