Phishing Focus Kicks off European Cybersecurity Month 2025
European Cybersecurity Month 2025 opens with a clear message: phishing, the deceptive practice used to steal data and access systems, remains the most common entry point for cyberattacks. Organisers emphasise that 60% of cyberattacks begin with phishing—ranging from misleading emails to fraudulent websites designed to capture login credentials. The campaign aims to empower citizens and organisations to recognize, deter and report these schemes before they cause harm.
Understanding the phishing threat
Phishing takes many forms, from emails that appear legitimate to websites that mimic trusted brands. Attackers rely on urgency, fear or curiosity to coax users into revealing passwords, credit card numbers or personal details. In an era where remote work and online services are ubiquitous, a single successful phishing attempt can compromise a personal account or disrupt an entire network. The European initiative highlights that fighting phishing is not just a technical challenge; it is a social responsibility that requires awareness across society.
Executive Vice-President for Technological Sovereignty, Security and Democracy, Henna Virkkunen, emphasises that cybersecurity exists at the intersection of technology and governance. The campaign reiterates her message: “Cybersecurity is not just about technology, it is a critical condition for all sectors of society and a shared responsibility. Phishing attacks and other cyber threats can have devastating consequences, disrupting our critical infrastructure and businesses, and undermining our trust in the digital world. By staying vigilant and taking simple steps to protect ourselves online, we can all play our role in fighting against cyber threats while helping to build a safer, more secure digital future for everyone.”
A coordinated European effort
Organised by the European Commission and the European Union Agency for Cybersecurity (ENISA), with support from public and private partners across Europe, the campaign seeks to harden the EU against phishing through education, better awareness and practical tools. The initiative also emphasises workforce development—addressing Europe’s cybersecurity skills gap and promoting careers in the sector. This aligns with a broader strategy to ensure vital services, data, and privacy are protected as more services become digital.
What’s included in the campaign
The campaign features a mix of public awareness drives, citizen training, and capacity-building programs designed to improve digital literacy. It highlights simple, repeatable steps that individuals and organisations can adopt to reduce risk and improve resilience against phishing schemes.
What citizens can do today
Education is the first line of defense. Start by scrutinising unexpected messages, especially those asking for urgent action or personal information. Verify sender addresses, hover over links to preview destinations, and beware of messages that pressure you to act immediately. Enabling two-factor authentication adds a critical layer of protection, even if login credentials are compromised. Regular software updates and robust email filtering further reduce exposure to phishing content.
Finally, report suspicious messages to your organisation’s security team or national authorities. Reporting helps track phishing campaigns, enables faster takedowns of fraudulent sites, and strengthens collective knowledge about evolving threats.
Building a safer digital Europe through education and careers
Beyond individual actions, the European effort recognises the importance of a skilled cybersecurity workforce. By promoting cybersecurity careers and providing hands-on training, the initiative aims to close gaps in expertise that adversaries could exploit. A strong, well-supported cyber workforce is essential to securing critical infrastructure, healthcare, energy networks, finance and public administration across the EU.
<h2 Looking ahead
As European Cybersecurity Month 2025 unfolds, the focus on phishing serves as a reminder that vigilance is a shared duty. The collaboration between the European Commission, ENISA and member states, along with civil society and industry, demonstrates what is possible when information, training and resources are aligned toward a common goal: a safer, more secure digital Europe. Citizens can participate by staying informed, applying practical security habits and encouraging others to do the same.
Conclusion: a safer digital future for everyone
By combining awareness, practical steps and workforce development, Europe is building resilience against phishing and other cyber threats. The ongoing partnership between policymakers, educators and technologists aims to ensure that the benefits of digital life are protected—today and for generations to come.
