Phishing is an online attack with the goal of tricking people into giving up their personal information via deceptive emails and websites. The most common ways in which hackers try to do this are:
- Encouraging you to click on a link or download an attachment containing malicious software that can infect your computer or other device
- Deceiving you into entering your personal and/or financial information into a fake website, usually by imitating a well-known company or brand
- Personal Information: If you received an email asking you for bank details, national insurance number, typical security questions (such as your mother’s maiden name) it is more than likely to be a scam. Legitimate companies don’t ask for this information via email.
- Spelling & Grammar: If an email is poorly written, in broken English, or uses incorrect use of punctuation, don’t trust it.
- Sender's Email Address: Often with fraudulent emails, the sender’s name is convincing enough, but the email address is unusual.
- Your Name: Trustworthy companies will generally take your name from their database and input it into the emails they send. If you receive a generic, informal greeting such as ‘Hi’, this could potentially be a scam.
- Contact Information: Check the contact details in the email – do they look legitimate? Are the copyright details up-to-date? If not, this is another sign that something is not right.
- Dates: A common phishing scam is a fake competition asking you to give your details in order to win a prize. However, if the closing date of the competition has already passed, it’s likely to be a scam as inconsistencies like this indicate fraud.
- Logos & Branding: If the phishing email is trying to imitate a reputable company or brand, such as bank or supermarket chain, one thing you can do is to check the logos and branding. Find the company’s real website using a search engine and see if the scammer has missed any details. You can also check if the suspicious email looks like any previous, legitimate emails the company has sent to you. If it doesn’t something is amiss.
- Check with the company: If you’re ever in doubt about the legitimacy of an email, contact the organisation that it’s claiming to be from and ask them if the email is genuine. They may already be aware of the scam due to it being reported by others, but you can also report the scam yourself at https://www.actionfraud.police.uk/report_fraud