Phishing: What is it and how Irish businesses can stay ahead of it

Phishing attacks have become one of the most significant and costly cyber threats facing Irish businesses, eroding customer trust, draining financial resources and putting sensitive data at risk. Globally, phishing grew by 58% last year, making it one of the fastest-rising forms of cybercrime.

For organisations in Ireland, the picture is even starker: Ireland has now been identified as the most phished country in the world, with nearly two-thirds of the population receiving scam texts in 2024. For business owners and Heads of IT, the message is clear. Phishing is more than just a consumer nuisance, it is a systemic risk that requires serious investment and strategy.

The changing face of phishing

At its core, phishing is about deception. Criminals pose as trusted entities — banks, suppliers or even colleagues — to trick employees into handing over sensitive information such as usernames, passwords or credit card numbers. While some scams remain crude, many others are now highly polished and almost indistinguishable from genuine communications.

Email remains the most common entry point, accounting for 65% of all phishing attempts. Criminals regularly produce convincing emails that mimic everything from bank alerts to invoice requests. In most cases, the ultimate goal is the same: credential theft. Around 70% of phishing attacks worldwide are designed to steal login details that give attackers access to corporate networks and sensitive data.

The problem is not confined to email. SMS-based phishing, or “smishing,” has surged in Ireland, with text messages that appear to come from couriers, utilities or financial institutions. More than three-quarters of Irish adults — 78% — now report being targeted with scam text messages, emails, phone calls or fraudulent online content at least once a month. At the same time, social media and collaboration platforms such as WhatsApp, Facebook Messenger, Tiktok, LinkedIn and Teams are increasingly being weaponised by attackers.

The mobile challenge

For IT leaders, one of the most pressing challenges is protecting fleets of smartphones and tablets. Unlike desktop devices which typically sit behind corporate firewalls, mobile devices roam freely between home Wi-Fi, public hotspots and 5G networks. They are often used interchangeably for both personal and professional tasks, and they are more likely to be lost or stolen.

That mobility makes them highly attractive to attackers. A single compromised device can provide access to company email accounts, cloud services such as Office 365 or Google Workspace, and even sensitive conversations taking place on messaging platforms.

New techniques, same psychology

Phishing works because it exploits human behaviour. By creating a sense of urgency or authority — a fake CEO request, a warning that an account will be locked or a limited-time offer — criminals can bypass even well-trained staff.

Spoofed email addresses remain common but attackers are also deploying QR codes that redirect users to malicious websites. Voice phishing, or “vishing,” is on the rise too, with fraudsters impersonating IT support staff or financial institutions over the phone. New AI tools are making it easier to clone voices or generate convincing video, increasing the likelihood of success.

As Vodafone Ireland’s Cillian Motherway, Security Proposition Manager, explained “Cybercriminals adapt faster than any single technology can keep up with. What protects you today may not protect you tomorrow, which is why businesses need layered defence.”

“Email remains a favoured attack vector, but mobile devices are catching up fast. Any situation where employees are accessing corporate data from smartphones or laptops that could be compromised requires mobile threat defence.”

The cost of getting it wrong

The implications of a successful phishing attack for an organisation are serious. Stolen credentials can lead directly to data breaches involving confidential information, intellectual property and customer records. Financial losses can escalate quickly, whether through fraudulent transactions, ransomware demands or the cost of remediation.

Reputation is another major concern. Even if a company is only impersonated in a phishing campaign, customer trust can be eroded. For regulated industries, there is the added risk of regulatory penalties. Under GDPR, businesses face fines of up to €20 million or four percent of global turnover for mishandling personal data.

Operational disruption is often overlooked but can be just as costly. Containing and recovering from an attack can absorb IT and security resources for weeks, leaving staff unable to focus on business priorities and impacting productivity across the organisation.

Building a proactive defence

Mitigating phishing risk requires a multi-layered approach. Employee training and awareness remain essential but are no longer sufficient on their own. Multi-factor authentication (MFA) can limit the value of stolen credentials, while secure email gateways can help prevent malicious messages from reaching staff inboxes.

But crucially mobile security must now also be treated as a first-class priority. As hybrid and remote working continue to expand, protecting smartphones and tablets from phishing links, malicious apps and unsafe networks is no longer optional.

“It’s crucial to make sure your employees are aware of the danger, and understand how to recognise potential security risks, so they don’t accidentally undermine the protections you put in place,” said Cillian Motherway. “Technology can do a lot, but people are always a part of the equation.”

Tools that can help

Companies looking to harden themselves as targets against phishing attacks need to take a multi-disciplinary approach. Corporate culture and employee training are crucial but so too is putting in place the best tools to help mitigate risk.

Systems recommended by Vodafone include Lookout Mobile Endpoint Security, specifically designed for Android and iOS smartphones and tablets. It can detect phishing attempts across SMS, email and messaging apps, identify malicious applications and flag and block risky Wi-Fi connections. For companies managing fleets of devices, it provides real-time visibility and control and can help secure a distributed workforce.

For wider protection across desktops, laptops and servers, Vodafone recommends Trend Micro Endpoint Security, a system that offers defences against ransomware, zero-day exploits and phishing attacks. It provides centralised management across hybrid IT environments, making it easier for IT teams to enforce consistent policies and monitor risks.

Together, these systems offer a layered approach that significantly reduces the chance of phishing attacks succeeding.

Why this matters for Irish businesses?

For companies with more than 20 employees and a growing fleet of mobile devices, defending against phishing is now a strategic imperative. Proactive investment in tools such as Lookout and Trend Micro, delivered by Vodafone, is about more than avoiding financial loss or regulatory fines. It is about safeguarding customer trust, protecting brand reputation and ensuring uninterrupted operations in an increasingly hostile cyber environment.