This phishing, vishing and pretexting toolbox talk template equips front‑line staff with comprehensive guidance on detecting and responding to social‑engineering attacks. The template addresses the three main threat vectors – phishing emails, vishing phone scams and pretexting impersonation – and explains specific hazards such as credential theft, ransomware infection, unauthorised payments and data breaches. It provides practical steps to verify sender identities, use multi‑factor authentication, check caller ID, and follow secure verification processes. The content is suitable for customer‑service teams, retail workers, call‑centre operators and any employees who interact with the public or handle sensitive information. Compliant with: UK GDPR, Data Protection Act 2018, Computer Misuse Act 1990, Network and Information Systems Regulations 2018. Article 7 of the UK GDPR and NCSC guidance on phishing and vishing are referenced throughout. The ICO also provides guidance on recognising phishing attempts (ICO phishing guidance) and recommends periodic simulated phishing campaigns to test staff awareness. Regularly audit phishing simulations and update the talk to reflect new tactics such as deep‑fake voice scams. Ongoing refresher training and periodic awareness quizzes keep knowledge current and reduce the likelihood of successful attacks. Review this talk annually and update it to address emerging threats such as deep‑fake voice scams.