Think before you click
If you suspect you have been hacked, report it immediately.
A colleague in Brazil wanted to stream a football match. The website they chose looked harmless, but it was hosting malware. Within seconds of clicking, a programme called an information stealer was unknowingly downloaded onto their work laptop.
An information stealer is designed to collect anything valuable it can find, including login details, credit card numbers and banking passwords. The stolen details can then be used to withdraw money, make payments or access company systems.
In this case, both personal and Anglo American data were put at risk, all from a single unsafe choice.
Sean White, Cyber Security Manager in Global IM, explains it simply:
“Small lapses can lead to big risks. But by reporting suspicious activity and following our policies, you help protect both yourself and Anglo American.”
This is the story behind our new Information Stealer video, which shows how easily malware can spread and why quick reporting matters.
One of seven common cyber slip ups, malware like the information stealer, is only one of the threats we face. At work, attackers look for weak spots such as:
- Phishing emails with malicious links or attachments;
- Smishing, vishing and quishing scams via text messages, phone calls or QR codes;
- Weak or reused passwords open the door for attackers to hijack multiple accounts;
- Unsafe browsing, where free streaming and illegal sites often hide malwar;
- Shadow IT, such as using unapproved apps or personal tools for work;
- Data handling mistakes, like sending the wrong file or sharing sensitive information; and
- Insider risk, where shortcuts or negligence open the door to attackers.
These threats follow us home too. Reusing a password for shopping, clicking on a fake delivery text, or letting children install unsafe apps are all ways attackers can gain access.
Phishing is still the biggest threat and remains the single biggest hazard. Attackers use email more than any other method to trick people into clicking links, downloading malware or handing over details.
In the first half of 2025, our systems blocked more than 17 million phishing emails. Some still slip through, which is why we are also sharing a new video – Could you recognise an information stealer? on phishing during Cyber Safety Awareness Month, so you can see the signs and know exactly how to report.
Five steps to protect yourself
The solution is not complicated. By following five simple steps you reduce the chance of an attack succeeding:
- Think before you click;
- Use strong, unique passwords;
- Verify requests before acting;
- Report suspicious activity; and
- Learn from your mistakes.
These apply just as much at home as they do at work.
What’s happening in Cyber Safety Awareness Month
Cyber Safety Awareness Month is here to help us embed the training we all completed in August. It is a chance to turn knowledge into practice, to remind ourselves of the threats, and to make safe behaviour part of everyday life.
On Eureka! you can find the full Cyber Safety Awareness Month toolkit including:
- Videos on phishing and the information stealer;
- A glossary that explains common cyber terms in plain language;
- A short quiz to check your knowledge; and
- A Safety Share and a recap of the five steps to stay safe.
Looking ahead, in early 2026 we will introduce a new support tool for colleagues who get caught out. It will provide tailored tips and coaching so mistakes turn into learning opportunities. Cyber Safety Awareness Month is a practical reminder to put training into practice. And that every action you take matters.
Watch the videos, explore the stories, and test yourself.
How to report a cyber incident or data breach?
If you ever find yourself in doubt, the most important thing is to report it. There are three was to report an incident:
- Use the phishing button in Outlook;
- Contact the Cybersecurity Operations Centre via email; or
- Visit the Eureka! IT Support page -> Report anything suspicious
