Attacks typically begin with a phishing attempt. Cyber criminals dangle an enticing link or attachment in front of you and hope you take the bait.

Users are presented with fraudulent emails, texts and social-media messages designed to look like the real deal, complete with a credible problem and request for the user to click a link or open an attached file.

There's often no reason to suspect any criminal activity. Once you've clicked, however, the hackers have you on their hook, and it takes just moments for them to reel in your data.

Trusted brands are targeted for misappropriation. Last year, a mobile phishing scam targeted users via a simple SMS, linking to an ostensibly legitimate banking site.

A similar ploy involves cybercriminals masquerading as the Australian Tax Office. They gather information from people's social-media accounts to personalise fraudulent emails and make them appear to be from the ATO.

Global surveys reveal that nearly a third of company cyber breaches in 2016 were caused by phishing scams.

Businesses can elude phishing expeditions by taking simple preventive steps.

First, know what to look for.

Education is an essential defence: employees need to be taught to differentiate legitimate and fraudulent emails.

Suspect domain names, spelling errors, and low-resolution or out-of-date logos are warning signs of a phishing email.

Be wary of unsolicited attachments and any email that purports to be from a bank, an insurer or the tax office. Think before you act.  

If you've received a suspicious email from a friend, don't open it until you've called to check it's genuine.

By raising awareness and educating your employees, you essentially patch the biggest weakness hackers can exploit.

Users should have a solid back-up,  a spam filter, an up-to-date anti-virus program and make sure their system is constantly being patched.