Phishing: Spot and report scam emails, texts, websites and calls
Page 8 of 8
How to spot a scam email, text message or call
Recognising online scams
Cyber criminals may contact you via email, text, phone call or via social media. They will often pretend to be someone (or an organisation) you trust.
It used to be easier to spot scams. They might contain bad spelling or grammar, come from an unusual email address, or feature imagery or design that feels ‘off’. But scams are getting smarter and some even fool the experts.
Criminals are increasingly using QR codes within phishing emails to trick users into visiting scam websites. As we explain, QR codes are usually safe to use in pubs and restaurants, but you should be wary of scanning QR codes within emails.
How to spot scam messages or calls
Scammers try to quickly gain your trust. They aim to pressure you into acting without thinking.
If a message or call makes you suspicious, stop, break the contact, and consider the language it uses. Scams often feature one or more of these tell-tale signs.
-
Authority
Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
-
Urgency
Are you told you have a limited time to respond (such as 'within 24 hours' or 'immediately')? Criminals often threaten you with fines or other negative consequences.
-
Emotion
Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
-
Scarcity
Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
-
Current events
Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
How to check if a message is genuine
If you have any doubts about a message, contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website.
Remember, your bank (or any other official source) will never ask you to supply personal information via email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.
How to report suspicious communications
If you have received a suspicious message or call, or visited a suspicious website you should report it.
Make yourself a harder target
Criminals use information about you that’s available online (including on social media sites) to make their phishing messages more convincing.
You can reduce the likelihood of being phished by thinking about what personal information you (and others) post about you, and by reviewing your privacy settings within your social media accounts.
