As part of Cyber Security Awareness Month, we wanted to emphasise the importance of being able to identify potential online scams and fraud. Over the next few weeks, we will be highlighting the ways you can protect yourself from different scams online.

Nearly 43 million UK adult users have encountered suspected online scams, with Ofcom reporting that 25% have lost money as a result. Online scams are impacting people’s lives in devastating ways, compromising people’s personal information and financial security.

Spotting the Red Flags

Government statistics revealed that phishing scams were the most common threat to cyber security in 2022, targeting both personal and work emails, phone calls, and text messages.

Usually, phishing attempts will rely on several methods to convince you they are from real organisations and people you trust, with the intent to pressure you to provide sensitive, personal information or click on links. Some of the signs you can look out for include:

• The email address and phone number. Many scam emails and texts will attempt to recreate a company's email domain or name, however, they will often have tiny differences such as numbers or alternative letters added to the email.
• Spelling and grammar mistakes. It’s common to find grammatical errors and spelling mistakes in phishing attacks, make sure to read the email carefully and look for inconsistencies.
• The email's purpose. Official organisations should not request sensitive information to be shared by email, and should never ask for bank details.
• Using pressure and time sensitivity. Urgency is often used by scammers to put you under pressure. Look out for ‘Do this now or you'll not be able to…’ messaging.
• Links and Attachments. Suspicious links will not match the usual organisations URL and may include deceptive spelling errors or replacement letters. Phishing links and attachments will often request that you share personal information.

How to Deal with a Phishing Scam

With phishing scams occurring so frequently, knowing what to do when you encounter one is essential. In general, there are a few key steps you can take to make sure you protect yourself online.

• Do not give out private information.
• Do not download or click on any links.
• Do not respond to any messages.

If you’re unsure about whether you have received a phishing attempt, you should always contact the organisation through the details on their official website and avoid clicking any links or engaging with it until you are sure. You can also forward anything you believe is a phishing attempt to be investigated via:

• The National Cyber Security Centre can investigate any suspicious emails that are forwarded to report@phishing.gov.uk
• Your mobile phone provider can receive a report of any phishing attempts by forwarding texts to 7726 for free.

Find out more about reporting phishing attempts on the gov.uk website.

If you do believe you’ve fallen victim to a phishing attempt, there are several steps you can take to report and limit the situation:

• Contact your bank. It’s important to contact the bank as soon as possible if your bank details have been taken.
• Change passwords and log-ins. You should change all your account passwords, even if you think they may not have been affected.
• Document what has happened. Write down everything that’s happened or use screenshots to capture message exchanges and websites.
• Contact the police or Action Fraud. Find out how to contact Action Fraud here.
• Contact the organisation. Report the incident or any scam account to the organisation or social media platform.
• Get Support. Talk to others, whether it be a friend, family, or emotional support services. You can find a list of support services from Report Harmful Content’s website here.

To find out more about phishing attempts, you can visit our knowledge base on Phishing, which gives all the guidance you need on what to look out for and how to prevent a phishing attempt.

Visit our Phishing Knowledge Base