Protecting yourself against scams
25 January 2023
The purpose of the following advice is to provide useful tips for our Customers and is not designed to replace professional advice. It does not necessarily deal with every aspect of a topic and if you are in any doubt, you should consult a qualified expert for their help. You should never attempt to carry out any activity which may put you or others at risk or which may cause damage to your or anyone else's property and the activities described must not be attempted by anyone under the age of 18.
Always read any manuals and safety instructions alongside the advice.
Scams come in all shapes and sizes, constantly adapting to the environment that they appear. However, they have one thing in common – their aim is to gain as much personal information as possible. The more information they harvest, the more likely they are to successfully commit identity fraud or steal your money.
But never fear, as sophisticated as these cons become, there are a few tell-tale signs to spot them. We’ve put together a straightforward guide to the latest scams and how to spot them.
Phishing emails
What is a phishing email?
Phishing is a process where scammers use emails, text messages or phone calls to trick victims into handing over their personal details. These cons often require the victims to visit a website which may download a virus onto their device or steal bank details or other personal information.
How to identify a Phishing email?
As mentioned previously, phishing emails have become more sophisticated as victims become more educated. However, there are some signs that you can look out for to spot a bogus email, these include:
- Urgent actions or threats – be wary of any emails or text messages that claim you must click, call or open an attachment immediately. On many occasions, they say you need to act now to claim a reward, avoid a penalty, or a membership from being cancelled.
- Infrequent or first-time senders – While it isn’t uncommon to receive an email from someone for the first time, especially if they’re outside of your work organisation or social group, this can be a sign of phishing. When you get an email from someone you don’t recognise, take a moment to examine it before continuing to open it.
- Generic greetings – An organisation or brand that interacts with you regularly should know simple personal information about you, such as your full name. If the emails start with a generic greeting, such as “dear sir or madam”, that’s usually a tell-tale sign that it’s not from your bank or favourite shopping site.
- Poor spelling and grammar – Legitimate companies and organisations typically have editorial staff to ensure customers receive high-quality content. If an email features obvious spelling or grammatical errors, it might be a scam. Although it’s possible that a member of staff is just having an off day, simple mistakes in the tone of voice or spelling are present it could be the result of awkward translation from a different language or a deliberate ploy to evade safety filters.
- Unexpected attachments or suspicious links – If you receive an emails or text message that features an unexpected attachment or link, don’t open it. If you’re on a laptop or computer, hover your mouse over the item, making sure not to click on it. This will allow you to check if the address matches the link that was typed in the message. Resting the mouse on the link will reveal the true web address in the box with the yellow background.
- Mismatched email domains – if you receive an email that claims to be from a reputable company, but the emails are being sent from a different email domain, such as Gmail.com, it’s possibly a scam. Keep an eye out for slightly misspelt domains of legitimate companies, like micros0ft.com, these are common traits of a phishing email. Sometimes, you can check if the same on the email is the same as the email address by hovering over sender’s name in the ‘from’ section. If the names do not match up, there’s a possibility that the email is fraudulent.
What to do if you receive a phishing email?
Receiving a suspicious email can leave you feeling nervous, but there’s no need to be. If you suspect an email is malicious follow these four steps:
- Do not click on any link in the email
- Do not open any attachments
- Do not reply to the email
- Report the email to your email provider or the government
How to report a phishing email
If you think you’ve received a phishing email, there are a few ways to report the incident.
Firstly, most major email domain providers have their own email addresses where you can forward suspicious mail. For example, if you own a Microsoft outlook account, you can select the suspicious message, choose “report message” from the ribbon, and select “phishing”. Alternatively, if you’re using outlook.com, you can tick the box next to the email, then select the arrow next to “junk”, followed by the “phishing” option.
If you’re working with a Gmail account, you can report the harmful message by filling in the Gmail abuse form.
If you wish to report the email directly to the government, you can forward the suspicious message to report@phishing.gov.uk.
Find out more about phishing emails and how to report them on the NCSC (National Cyber Security Centre) website.
Text message scams
What are text message scams?
Text message scams tend to notify victims of a missed parcel delivery, where they need to pay a fee to receive their goods. However, this isn't the only trick scammers use. More recently, due to the end of the free lateral Covid-19 flow testing, there have also been SMS messages claiming that you need to pay for testing.
Signs of text message scam
Scammers will try to quickly gain your trust through text messages and phone calls, pressuring you to act drastically without thinking.
If a message or call makes you feel pressured, stop, break the contact and consider the language used. Although cons can vary, scams often do feature one or more of the following signs:
- Authority – Is the message claiming to be from someone official, like your bank, doctor, or government department? Criminals often use these trusted organisations or job roles to trick people into supplying personal information. If you’re not expecting contact from the source in question, or do not recognise the number, don’t engage in contact.
- Urgency – Is there a time limit element to the message (such as ‘within 24 hours’ or ‘immediately’)? Urgent wording is often used in scam messaging to increase the victim’s anxiety, forcing them to make rash decisions.
- Emotion – Does the message make you feel hopeful and curious? Or does it sway you the other way, to panicked and fearful? Both methods are applied by criminals to play on our emotions, whether through threatening language or claims that seem too good to be true.
- Scarcity – Is the message offering something in short supply, such as concert tickets or a cure for a medical condition? Fear of missing out on a great deal or opportunity can cause us to respond with haste. Remember to ask yourself if the opportunity presented seems too good to be true. If so, it could be a scam.
- Current events – Scammers often exploit current events and specific times of the year (like your tax reporting) to fake legitimacy and relevance. Keep your eye out for messages that pray on these elements, and if you’re in doubt, contact the organisation they claim to be directly.
How to check if a text message is genuine?
If you have any doubts about the legitimacy of a message, contact the organization directly. Don’t use the numbers, emails address or postal address mentioned in the suspicious message - as they’re likely to be held by the scammer. Instead, source the correct details from the company’s official website.
Remember, your bank or any other official source with never ask you to supply personal information via text, email, phone or letter. If you suspect some is not who they claim, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details can usually be found on them.
How to report a suspicious text message?
Most UK phone providers are part of a security scheme that allows customers to report suspicious text messages by forwarding them to 7726 for free. Once passed on, your provider can investigate the origin of the text and arrange to block or ban the sender if the message is believed to be malicious.
The process of forwarding an SMS message varies depending on the mobile phone’s make and model. To help, we’ve supplied a step-by-step guide to the process for both Android and IOS users.
IOS — How to forward a text message?
1. Take a note of the number that sent you the suspicious message.
2. Press and hold on the message bubble.
3. Tap the More option.
4. Select the message or messages you wish to forward.
5. Tap the arrow on the bottom right of your screen.
6. Input 7726 info the to: field and send.
Android — How to forward a text message?
1. Take a note of the suspicious number that sent you the message.
2. Enter the conversation, then press and hold on the message bubble.
3. Tap on the three vertical dots on the top right of your screen.
4. Tap the Forward option.
5. Input the 7726 number into the to: field and send.
Phone call scams
What are phone call scams?
Much like text message scams, phone call phishing typically involves criminals posing as an official organisation or respected member of society, such as your bank or healthcare provider, in the hope of extracting personal information over the phone.
Signs of a phone call scam
Spotting a phishing phone call can sometimes be tricky, as it’s hard to confirm the identity of the person who contacted you. However, there are a few things you should look out for if you suspect something isn’t right:
- Asking for passwords – Whether it's over the phone, by letter or by email, a reputable company will never ask you for your password or bank PIN. If they need you to reset your password, they’ll send you a link to a secure page on their official website, which will allow you to do so safely. You should never give your password or PIN number to any individual person.
- Using threatening language – It's not uncommon for scammers to use threats within their calls to spur victims into action. Claiming your bank account will be permanently closed without action is a common example of this method, so be wary if you spot language that encourages you to take urgent action.
- Deflecting language – If you ask for proof of where they are calling from or ask to speak to a supervisor, they tend to change the subject or make you feel at fault for asking for more information.
- You can’t call the company back on their official number – as technology becomes more sophisticated, so do the scammers. Nowadays, criminals can hide their caller ID or mimic phone numbers, so it looks like you’re being called by a legitimate company. If you suspect something isn’t right with the call you’ve received, always hang up and call the organisation’s official phone number yourself.
If you’ve received a phone call from a legitimate source, they shouldn’t take issue if you hang up and call them back using their official contact number. If they provide you with a different number to call, check that it belongs to the trusted source before calling it. A simple Google of the number should show you who owns the number. If it’s not the company’s number, call the brand on their official number to check when they last wanted to contact you by phone.
Be wary of callers who don’t want to end the call or try to discourage you from calling them back on the company’s official number.
If you’re concerned, take the name of the person you’re speaking to, hang up and call the official company directly. If you can, call them from a different phone. Some scammers can keep the phone line open after you’ve hung up, meaning they can still hear your conversation after you’ve hung up. If you’re unable to use another phone, wait at least 10 minutes before making the call to the trusted organisation.
In conclusion
Scams are constantly evolving to outsmart technology and the general public. However, once you know a few tell-tale signs, it’s much easier to pick up on criminal activity.
We hope you’ve found this guide to identifying scams helpful and can apply the tips we’ve discussed to your everyday life. In the meantime, why not check out some more of our insightful guides on My Place?