What's phishing and how do you prevent it?

Phishing is an attempt to obtain sensitive information for criminal and fraudulent purposes. You should avoid opening any suspected phishing attempts and never click on any links.

Phishing scams usually use emails, texts or other messages made to look like they've come from a trusted company, like your bank.

Typically, they’ll ask you to click a link and enter personal information, such as your banking details, or click an attachment that installs malicious software (known as malware) on your device.

It is one of the most common types of scams. It’s thought 30% of all phishing messages get opened by targeted users¹.

How to spot phishing attacks

Phishing is getting more sophisticated and difficult to spot, but there are a few ways to recognise possible phishing emails. Just ask yourself:

  • Who sent it? Phishing emails tend to have suspicious email addresses, these are often different from the name of the sender. You can find out the real address by hovering your mouse over the sender’s name.
  • Did you ask for this email? If you’ve been sent an email for a service you didn’t sign up for, it’s likelyto be a phishing scam.
  • Are there unusual attachments? If there are documents attached, tread carefully. It could be an attempt to trick you into downloading malware. Generally, documents will only be attached by official organisations if you requested to be sent something.
  • Are you being asked for personal details and security information? Organisations will ask you for personal details, but usually only if you've contacted them first and they’ll never ask for your full password or pin in an email or text.
  • Is it using urgent and threatening language? Phishing emails often want you to panic so you’ll hand over your details and click links without waiting to think.
  • Does it look like other communications you’ve received? Phishing emails are getting more sophisticated so this isn’t always a rule, but often they’ll look different to official emails.

An example of a phishing email

Diagram of a phising email Diagram of a phising email
  1. Phishing emails will often use urgency or threatening language to get your attention
  2. They will usually have an official looking name, but if you check the sender it's likely you'll find the address is unusual
  3. It’s common to attach documents with official sounding titles – never open or download these
  4. Phishing emails often won’t address you by name
  5. Phishers don’t always ask for your details directly. Sometimes they’ll build sophisticated fake sites or hack your computer after you click on a link.
  6. A time incentive might be added to urge you to click the link, along with a possible threat.
  7. Sometimes images are used, but these might be old logos and look unprofessional. Note the general design of the email - if it doesn’t look like other official communications you’ve received recently, it maybe a phishing email.

Phishing scams do and do nots

Even the most wary of us can fall victim to a phishing scam, but there are ways you can protect yourself and others.

Do not:
  • Respond to a suspected phishing email or SMS. The more contact you have with a possible criminal or hacker the more you put yourself at risk.
  • Click links or download any attachments. These could contain viruses or malware that can hack your computer.
  • Disclose your full password or security details to anyone who cold contacts you. Genuine financial organisations only ask for part of a password, and should only ask security questions when contacted by you.
  • Enter your PIN number online unless you’re very sure of the website. A good rule is to check the URL has https:// rather than http:// which means it should be secure (though this is not a guarantee).
Do:
  • Delete the email or message immediately.It’s helpful to flag it as ‘spam’ or ‘junk’ as this can help email providers improve their security and spam filters.
  • Keep your security software regularly updated. This can often warn you of suspicious emails and messages and tackle malware before it takes hold.
  • Contact the relevant organisation. For example. your bank, credit card provider or mobile phone network, to report the incident.
How do I know if I’ve been a phishing victim?
  • Check your bank account and credit card statements regularly. See if there are any transactions that you don’t recognise.
  • Check your credit file frequently. Look for any financial accounts you don’t recognise or any unusual credit rejections.
What should I do if I’ve been a victim of phishing or other online scams?
  • End all communication with the scammer immediately
  • Contact your bank to report the issue
  • Contact Action Fraud on 0300 123 2040 or online
  • Contact Citizens Advice on 03454 040506
  • Register with CIFAS if you are concerned your identity details have been stolen

We do not condone the sending of unsolicited commercial emails or text messages without the recipient's consent. If you get any emails from a third party claiming to be sent on our behalf, these are likely to be a phishing scam.

We will always refer to you by your name and never ask you for personal details in an unsolicited email, like your full account password.

If you receive a suspected phishing email from someone pretending to be Experian, please report the message at https://www.actionfraud.police.uk/report_phishing.

Or you can also report incidents to the Information Commissioner’s Office or by calling 0303 123 1113.

¹ http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/