Off the Hook - Don't be Phished this Cybersecurity Month!

Back to News

Press Release Oct 01,2025

October is European Cybersecurity Month, ENISA and the European Commission join forces to promote cybersecurity awareness to help you navigate digital services securely. This year attention is drawn to phishing, the primary method for initial intrusion in cyberattacks

The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations. Promoted by EU Member States as well public and private organisations across Europe, ENISA together with the European Commission, support this initiative to bring cybersecurity awareness across Europe.

Executive Vice-President for Technological Sovereignty, Security and Democracy, Henna Virkkunen, said: “Cybersecurity is not just about technology, it is a critical condition for all sectors of society and a shared responsibility. Phishing attacks and other cyber threats can have devastating consequences, disrupting our critical infrastructure and businesses, and undermining our trust in the digital world. By staying vigilant and taking simple steps to protect ourselves online, we can all play our role in fighting against cyber threats while helping to build a safer, more secure digital future for everyone.

ENISA Executive Director, Juhan Lepassaar added: "The activities, part of European Cybersecurity Month, provide an important occasion to highlight the need for cybersecurity if we want each citizen to reap the benefits of a secure digital EU market.”

Phishing – thorn in my (web)site 

ENISA finds that phishing remains the primary initial intrusion vector, accounting for approx. 60% of cases. Phishing continued to be the primary method for initial intrusion, remaining an effective technique to carry out cyberattacks.

Phishing can occur in many ways such as deploying fake CAPTCHA prompts on compromised or fraudulent websites, which trick users into executing commands under the pretext of human verification.

Furthermore, phishing-as-a-Service platforms, which are designed to automate the generation of branded phishing kits by cloning login pages and distributing links have enabled cybercriminals and other cyber threat actors to imitate trusted brands and trick users

It can also be observed that large language models (LLMs) are used to create more convincing phishing emails. By early 2025, AI-supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide.

For these reasons, this October, we urge all users to be aware of the variety of phishing and cyber scams that exist including:

  • Phishing - email-based phishing
  • Quishing - QR code phishing
  • Spearphishing -targeted phishing
  • Smishing - SMS text phishing
  • Vishing - voice-based phishing
  • Whaling – top leadership phishing
  • BEC – business email compromise scams
  • Deep fakes – AI-based scams

The campaign aims to provide up-to-date online security information through awareness raising and the sharing of good practices. Once again, hundreds of activities such as workshops and webinars and online campaigns are ready to take place across Europe to promote digital security and cyber hygiene.

The Cybersecurity Month also intends to serve as an incentive to career development in cybersecurity.

Cybersecurity Awareness as part as the objective to bridge the skills gap

As such the campaign is complementary to the other activities engaged at EU level to promote cybersecurity careers and to develop the workforce needed in the area.

Initiatives serving this purpose include both the European Cybersecurity Challenge (ECSC) and the International Cybersecurity Challenge (ICC). These yearly events allow young talents to compete and showcase their skills.

Cybersecurity challenges are designed to inspire the younger generations to engage in a trendy and highly competitive career for which a wide range of skills are needed. Such demanding competitions test both technical competences such as cryptography, reverse engineering, forensic, web exploitation but also such soft skills as team work, communication, navigating stressful situations and working effectively with people from different backgrounds and nationalities.

#THINKB4UCLICK

The first edition of the European Cybersecurity Month in 2012 gathered momentum over the years with the slogan ‘Cybersecurity is a Shared Responsibility’. The campaign developed by joining efforts with Member States in order to unite against cyber threats. In 2020 ‘Think Before U Click’ became the official motto of the ECSM campaign.

A promotional graphic for European Cyber Security Month (October) by ENISA. The image features cartoon illustrations of diverse people using technology.

Contact

For press questions and interviews, please contact:
[email protected].

Access to the press office

Related topics

Content written for: Citizens | Private Sector

Related content

European_Cybersecurity_Month_2023-Campaign_report.png

European Cybersecurity Month 2023 - Campaign report

European Cybersecurity Month (ECSM) 2023 took a different approach than in 2022.

European Cybersecurity Month 2022 Campaign Report

The campaign was coupled with the commemoration of the ECSM 10th anniversary in 2022 and focused on two of the most prominent threats: 1. Phishing: so that users may detect and react to the most common attack against individuals. 2.

European Cybersecurity Month 2021 - Deployment report

The deployment report of the European Cybersecurity Month (ECSM) for 2021, summarises the activities introduced towards reducing cyber incidents. It evaluates the campaign of last year and provides insights for the future.

Boosting your Organisation's Cyber Resilience - Joint Publication

ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices.

BROWSE ALL PUBLICATIONS

#CyberSecMonth 2022: ENISA - APWG webinar on phishing outbreaks in 2022

2022 Oct 13

1st Cybersecurity Awareness Raising Conference - Reframing Cybersecurity Awareness Raising

2024 Nov 27

2nd Cybersecurity Awareness Raising Conference - Empowering the Human Element

2025 Nov 27

BROWSE ALL EVENTS

Reframing Cybersecurity Awareness Raising: Exploring the human factor in cybersecurity communication

News Item

The Cybersecurity Awareness Raising Conference, powered by ENISA C-level cybersecurity awereness guide, brought together professionals of both the public and private sector.

Promoting security in the digital world during the European Cybersecurity Month

News Item

This year’s campaign theme is social engineering, a prevalent cybersecurity threat in the digital landscape.

Custom-made Awareness Raising to enhance Cybersecurity Culture

Press Release

The European Union Agency for Cybersecurity (ENISA) empowers organisations by publishing the updated version of the ‘Awareness Raising in a Box’.

Emerging technologies make it easier to phish

Press Release

The European Cybersecurity Month (ECSM) campaign will focus on social engineering, a top cyber threat.

BROWSE ALL NEWS

SecureSME

How to secure your employees and business from cyberattacks. 

Cybersecurity doesn’t necessarily have to be costly for SMEs to implement and maintain. There are several measures that can be implemented, without the company having to…

BROWSE ALL TOOLS