Protecting yourself against scams
05 April 2023
Scams come in all shapes and sizes, constantly adapting to the environment. However, they have one thing in common – their aim is to gain as much personal information as possible. The more information they harvest, the more likely the people behind them can successfully commit identity fraud or steal your money.
But never fear, as sophisticated as these cons become, there are a few tell-tale signs that will help you spot the risks. We’ve put together a simple guide, to help you spot a few of the more common scams.
Please note: The following advice provides useful tips against scams, however it is not designed to replace professional advice. If you are in any doubt, you should consult a qualified expert for their help.
Phishing emails
What is a phishing email?
Phishing is a process where scammers use emails, text messages or phone calls to trick victims into handing over their personal details. These cons often require the victims to visit a website which may download a virus onto their device or steal personal information. There are some obvious signs that could indicate a bogus email, these include:
- Urgent actions or threats – be wary of any emails that claim you must click, call or open an attachment immediately. On many occasions, they say you need to act now to claim a reward, avoid a penalty, or a membership from being cancelled.
- Infrequent or first-time senders – While it isn’t uncommon to receive an email from someone for the first time, this can be a sign of phishing. When you get an email from someone you don’t recognise, take a moment to examine it before continuing to open it.
- Generic greetings – An organisation or brand that interacts with you regularly should know simple personal information, such as your full name. If the emails start with a generic greeting, such as “dear sir or madam”, that’s usually a tell-tale sign that it’s not from your bank or favourite shopping site.
- Poor spelling and grammar – Legitimate companies and organisations typically have editorial staff to ensure customers receive high-quality content. If an email features obvious spelling or grammatical errors, it might be a scam.
- Unexpected attachments or suspicious links – If you receive an email or text message that features an unexpected attachment or link, don’t open it. If you’re on a laptop or computer, hover your mouse over the item, making sure not to click on it. This will allow you to check if the address matches the link that was typed in the message. Resting the mouse on the link will reveal the true web address.
- Mismatched email domains – if you receive an email that claims to be from a reputable company, but the emails are being sent from a different email domain, such as Gmail.com, it’s possibly a scam. Keep an eye out for slightly misspelt domains of legitimate companies, like micros0ft.com, these are common traits of a phishing email. Sometimes, you can check if the same on the email is the same as the email address by hovering over sender’s name in the ‘from’ section. If the names do not match up, there’s a possibility that the email is fraudulent.
What to do if you receive a phishing email?
Receiving a suspicious email can leave you feeling nervous, but there’s no need to be. If you suspect an email is malicious follow these simple steps:
- Do not click on any link in the email
- Do not open any attachments
- Do not reply to the email
- Report the email to your email provider or the government
How to report a phishing email
If you think you’ve received a phishing email, there are a few ways to report the incident.
Firstly, most major email domain providers have their own email addresses where you can forward suspicious mail. For example, if you own a Microsoft outlook account, you can select the suspicious message, choose “report message” from the ribbon, and select “phishing”. Alternatively, if you’re using outlook.com, you can tick the box next to the email, then select the arrow next to “junk”, followed by the “phishing” option.
- If you’re working with a Gmail account, you can report the harmful message by filling in the Gmail abuse form.
- If you wish to report the email directly to the government, you can forward the suspicious message to report@phishing.gov.uk.
- Find out more about phishing emails and how to report them on the NCSC (National Cyber Security Centre) website.
Text message scams
What are text message scams?
Text message scams tend to notify victims of a missed parcel delivery, where they need to pay a fee to receive their goods. However, this isn't the only trick scammers use.
Signs of text message scam
Scammers will try to quickly gain your trust through text messages and phone calls, pressuring you to act drastically without thinking. If a message or call makes you feel pressured, stop, break the contact and consider the language used. Although cons can vary, scams often do feature one or more of the following signs:
- Authority – Is the message claiming to be from someone official, like your bank, doctor, or government department? Criminals often use these trusted organisations or job roles to trick people into supplying personal information. If you’re not expecting contact from the source in question, or do not recognise the number, don’t engage in contact.
- Urgency – Is there a time limit element to the message (such as ‘within 24 hours’ or ‘immediately’)? Urgent wording is often used in scam messaging to increase the victim’s anxiety, forcing them to make rash decisions.
- Scarcity – Is the message offering something in short supply, such as concert tickets or a cure for a medical condition? Fear of missing out on a great deal or opportunity can cause us to respond with haste. Remember to ask yourself if the opportunity presented seems too good to be true. If so, it could be a scam.
- Current events – Scammers often exploit current events and specific times of the year to fake legitimacy and relevance. Keep your eye out for messages that pray on these elements, and if you’re in doubt, contact the organisation they claim to be directly.
How to check if a text message is genuine?
If you have any doubts about the legitimacy of a message, contact the organization directly. Don’t use the numbers, emails address or postal address mentioned in the suspicious message - as they’re likely to be held by the scammer. Instead, source the correct details from the company’s official website.
Remember, your bank or any other official source with never ask you to supply personal information via text, email, phone or letter. If you suspect some is not who they claim, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details can usually be found on them.
Phone call scams
What are phone call scams?
Much like text message scams, phone call phishing typically involves criminals posing as an official organisation or respected member of society, such as your bank or healthcare provider, in the hope of extracting personal information over the phone.
Signs of a phone call scam
Spotting a phishing phone call can sometimes be tricky, as it’s hard to confirm the identity of the person who contacted you. However, there are a few things you should look out for if you suspect something isn’t right:
- Asking for passwords – Whether it's over the phone, by letter or by email, a reputable company will never ask you for your password or bank PIN. If they need you to reset your password, they’ll send you a link to a secure page on their official website, which will allow you to do so safely. You should never give your password or PIN number to any individual person.
- Using threatening language – It's not uncommon for scammers to use threats within their calls to spur victims into action. Claiming your bank account will be permanently closed without action is a common example of this method, so be wary if you spot language that encourages you to take urgent action.
- Deflecting language – If you ask for proof of where they are calling from or ask to speak to a supervisor, they tend to change the subject or make you feel at fault for asking for more information.
If you suspect something isn’t right with the call you’ve received, simply hang up. If you’ve received a phone call from a legitimate source, they shouldn’t take issue if you hang up and call them back using their official contact number. If they provide you with a different number to call, check that it belongs to the trusted source before calling it.
Entering the number into a search engine (eg Google) should show you who owns the number. If it’s not the company’s number, call the brand on their official number to check when they last wanted to contact you by phone.
If you’re concerned, take the name of the person you’re speaking to, hang up and call the official company directly. If you can, call them from a different phone. If you’re unable to use another phone, ideally wait at least 10 minutes before making the call to the trusted organisation.
Please remember if you are in any doubt, you should consult a qualified expert for their help.