Phishing is one of the most common forms of cyber attack. It involves sending emails that appear legitimate in order to trick recipients into revealing sensitive information, clicking malicious links or downloading harmful attachments. The messages often impersonate trusted organisations, suppliers or colleagues and act as bait designed to lure people into taking action.
At this year’s National Cyber Security Show, visitors to Stand M37 will have the chance to see just how convincing these messages can be by taking part in a live phishing challenge hosted by De Montfort University Leicester (DMU).
On Tuesday 28 and Wednesday 29 April at the NEC Birmingham, participants will review a real-world email example and decide whether it is genuine or fraudulent. Led by DMU student cyber ambassador Ilya Smut, the exercise highlights the subtle warning signs that are often missed, from small inconsistencies in email domains to behavioural red flags in messaging tone.
Ilya said: "Phishing is one of the biggest threats targeting individuals and enterprises across the UK. Interestingly, the best way to tackle this type of attack is not a bespoke security tool or a super-intelligent AI solution. Historically, the most effective way to combat these attacks has been by raising awareness and educating the public on how to spot suspicious emails and what to do when they encounter them. That is exactly what we will aim to do on the day."
The aim is not to catch people out. Instead, it demonstrates how easily even experienced professionals can hesitate when faced with a convincing message and how structured training helps people make better decisions under pressure.
Every participant will receive practical guidance on improving phishing awareness. Those who correctly identify the attempt will also earn a spin of the prize wheel. All participants will receive an RFID card blocker to help protect contactless bank and access cards from unauthorised scanning, reinforcing the importance of everyday digital vigilance.
The challenge reflects a wider reality. Phishing remains one of the most effective cyber attack methods worldwide. Despite advances in security software and filtering systems, attackers continue to succeed because phishing does not primarily target technology. It targets people.
Cyber criminals know that convincing emails can trick individuals into accidentally revealing sensitive information or clicking malicious links. Even those who believe they would never fall for such tactics can be caught out.
Recent findings from the UK Government’s 2025 Cyber Security Breaches Survey highlight just how widespread the issue remains. Of organisations that experienced a breach or attack in the last 12 months, phishing was the most prevalent and disruptive incident, affecting 85 per cent of businesses and 86 per cent of charities.
Phishing attacks are also particularly time consuming to manage. Large volumes of suspicious emails, the need for investigation and ongoing staff training place sustained pressure on internal teams. At the same time, organisations are seeing increasingly sophisticated techniques emerge, including AI driven impersonation, raising the stakes for those relying solely on traditional awareness methods.
For organisations of every size, the question is no longer whether phishing attempts will occur, but whether employees can confidently recognise and respond to them.
Why phishing remains such a risk
Phishing attacks have evolved significantly. Today’s attempts often:
- Mimic trusted suppliers or internal colleagues
- Use realistic branding and professional language
- Exploit urgency, fear or financial pressure
- Target specific individuals through tailored messages
Technical controls remain essential, but human judgement continues to be a critical line of defence. A single click can bypass even robust systems.
That is why cyber resilience must include continuous skills development and awareness training, not just infrastructure investment.
Education as a strategic defence
As highlighted in our previous blog following the East Midlands Cyber Security Summit in February, phishing is not simply an IT issue. It is a workforce capability issue.
Organisations that invest in cyber education:
- Reduce the likelihood of successful attacks
- Strengthen internal reporting culture
- Improve compliance and audit readiness
- Build long term digital confidence
At the show, DMU will also be sharing how its professional cyber skills training, apprenticeships and workforce development programmes help organisations embed cyber awareness at every level.
From executive understanding of cyber risk to technical upskilling for IT teams, structured education plays a central role in reducing exposure and improving resilience.
Visit Stand M37
If you are attending the National Cyber Security Show at the NEC Birmingham, visit Stand M37 on Tuesday or Wednesday to take part in the phishing challenge and explore how education can become one of your strongest cyber defences.
Posted on Thursday 5 March 2026