What is phishing?
Phishing is a widespread scam method where criminals call or message you pretending to be from a company you trust.
They do this to make you download a virus onto your computer, or access your personal information - such as login details, banking or financial details -and other personal data.
How would criminals contact me for phishing scams?
Scammers can simply look over your shoulder while you’re on a phone or computer in public to steal your PIN or password (this is called ‘shoulder surfing’). But the most common ways they’ll contact you are:
- SMS/text message
- Phone calls or voicemails
- Instant or direct messaging - via WhatsApp or social media
How could a phishing scam affect me?
Phishing and other online scams can mean:
- Criminals take control of your bank account
- Your money is stolen
- People impersonate you
- You lose your data
- Your computer is infected with a virus
How can I spot a phishing scam?
Phishing scams evolve all the time, making them hard to spot. But there are some tricks to look out for.
Scammers try to quickly gain your trust and push you into taking action without thinking. They do this with urgently phrased messages containing enticing offers, scaremongering, or intimidation.
Bogus messages may ask you to:
- Click on a link to claim an offer
- Make a payment urgently
- Download a file
- Enter your login details
They can even threaten you with consequences - even blackmail - if you don’t respond.
Not all phishing messages will be easy to spot, but red flags to look out for include:
- Spelling or grammatical errors
- Designs, logos and images that look squished or pixelated
- Email addresses that don’t match the sender’s display name
- Links to websites that are different to the real company address.
For example, a scam email pretending to be from Shell Energy might ask you to visit www.shellenergycustomers.com or www.customeraccounts.com/shell-energy when our real address is www.shellenergy.co.uk.