What is phishing?

Phishing scams are where fraudsters attempt to con you into handing over personal information by posing as legitimate companies.

Scammers will usually email you pretending to be your bank, your energy company, or someone similar, and ask you to login to your account via a link in the email.

However, click on the link and you'll be sent to a false website that looks convincingly like your real bank/energy company/insurer's site.

From there you'll be prompted to enter details like your account number, username and password, but by doing this you'll be playing into the scammer's hands because they'll record all of the information you enter and use it to hack your real accounts.

It's worth noting that while most phishing scams operate via email, it's possible you could be taken to a phishing website via dodgy on-site links so you need to be careful whatever you're doing online.

Always go direct

The easiest way to stay safe from phishing emails is to never click on or follow links you're sent by email - no matter how genuine the message appears to be.

While some legitimate companies may email you about your accounts there is no need to use the links included in your email.

You should be able to get all the information you need by entering the URL of their site into your browser manually.

Spotting phishing before you're hooked

Phishing scams have become more convincing and sophisticated since their inception in the mid-90s, however there are still some tell-tale signs that can give them away;

Check the email address

Phishing emails are often sent from email accounts that try to appear official but there are usually some tell-tale signs that should set alarm bells ringing.

Most will look similar to official email address; look out for extra letters, misspelt words, extra characters or adding words like services, team, online etc onto the address.

Top Tip: Free email accounts are never used by finance companies, so if you could register for an account with the same host you should immediately suspicious.

Check the subject line

The aim of phishing emails is to get you to share your details, so most emails will aim to entice you into action by creating a sense of urgency.

Phrases like: verify your details, account suspended, login here and update your security details are all common phishing terms to look out for.

Check the link address/website URL

The website URL or address can often reveal whether you're dealing with a legitimate message or something more underhand.

However, even here phishing scams try to hide by making it easy to think, at a glance, that their links are genuine - this is called typo-squatting or cybersquatting.

As an example, our web address www.money.co.uk might appear as:

  • www.monney.co.uk

  • www.mony.co.uk

  • www.verify-money.co.uk

Carefully check any link address or website URL before you click through, if you spot a spelling mistake or similar there's a pretty good chance it's a scam.

Top Tip: Scammers try to hide their dodgy sites by masking the website names, but if you hover over a link it will reveal the actual web address or URL you will be taken to when you click.

Try it here, one link is genuine the other will give you a nasty surprise!

Check the spelling & grammar

The vast majority of phishing scams originate overseas and are often written by fraudsters who don't have English as their native language.

This means that they often contain mistakes, or phrases that aren't commonly used in day to day English.

Is it personalised?

Most cybercriminals don't already know your personal details before they contact you, after all that's usually what they're after.

For this reason most phishing emails won't include any personal information, if the greeting begins Dear Customer, Dear Valued Customer or similar be immediately suspicious.

Some phishing emails try to get around this by including made up account numbers, credit card no.s and other fake information, so if you get an email containing details like this check they match your information carefully.

Key points to remember

  • No UK bank will ask you to reveal you debit or credit card PIN - EVER.

  • If in doubt - go direct by typing the website address in manually rather than following a link

  • Be over cautious, if you have any suspicions don't proceed

What can you do if you think you've been scammed?

If you suspect that you may have fallen for a phishing scam you'll need to take action now to protect your personal details and finances.

Read our guide: I Think I've Been Scammed, What Do I Do for more help.