Takes around 3 min read

Phishing

Cyber criminals use fake messages as bait to lure you into clicking on the links within their scam email or text message, or to give away sensitive information (such as bank details).

What is phishing?

Phishing emails are fake emails designed to make you click on a dodgy link, part with money or share personal information.

The email might have branding to make it look like it comes from a business or organisation you already have a connection with – your bank, your doctor, a tradesperson or HM Revenue and Customs (HMRC). Or it might appear to come from a business you’d be interested in buying from – a holiday company or fashion brand.

Phishing email checklist: what to look for

With the rise of artificial intelligence (AI), fake emails are getting more convincing all the time. But there can be some signs that an email isn’t genuine, so look out for:

an amazing, time-limited offer or strong encouragement to ‘click here/now’ – encouraging you to respond quickly
an email that doesn’t use your name – perhaps they don’t really know who you are
spelling and grammar mistakes (though phishing emails are getting more sophisticated than they used to be)
imagery or design that looks familiar but doesn’t feel quite right
an unusual email address – it might look a bit similar but does it really match the official company’s email address?
encouragement to click on an unknown link – if you’re not sure, visit the organisation’s website directly rather than clicking through
a request for you to share personal data.

What to do if you’ve suspect fraud

If you’ve seen something that doesn’t feel right, STOP!

Break the contact: don’t reply, click on any links, call any phone numbers or make any payments.

Check if it’s genuine: contact the organisation directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card or by calling 159 for banks.

Before you delete the email, forward it to [email protected].

How to report suspicious text messages, and what to do if you think you’ve responded to a scam text

For the latest advice on how to report suspicious text messages, please visit our report a phishing attempt page. Here you will learn how to report phishing messages via Android and iOS devices.

How to protect yourself from phishing attacks

1
Keep your software and apps updated.
2
Use strong, unique passwords for your accounts.
3
Be cautious of unsolicited messages and calls.
4
Verify the sender's identity before providing any personal information.
5
Regularly check your bank statements for unauthorised transactions.

What happens when you report phishing

The NCSC will analyse the suspect email and any websites it links to and use any additional information you’ve provided to look for and monitor suspicious activity. If they discover activity that they believe is malicious, they may:

1
Seek to block the address the email came from, so it can no longer send emails.
2
Work with hosting companies to remove links to malicious websites.
3
Raise awareness of commonly reported suspicious emails and methods used (via partners).

Whilst the NCSC is unable to inform you of the outcome of its review, they can confirm that they do act upon every message received.

Was this article helpful?

Fraud alert: spoofed calls

Report Fraud is warning of a spike in scam calls using spoofed numbers impersonating trusted organisations. Criminals are making the calls to steal money or personal details. Find out more here.