What is phishing?
Phishing is when criminals try to convince you to click on links within a scam email or text message, or to give sensitive information away (such as bank details). Once clicked, you may be sent to a unsafe website which could download viruses onto your computer, or steal your passwords.
Given the current coronavirus (COVID-19) situation, cyber criminals are sending emails that claim to have a 'cure' for the virus, offer a financial reward, or encourage you to donate. Like many phishing scams, these emails are preying on real-world concerns to try and trick you into clicking.
These scam messages (or 'phishes') can be very hard to spot, and are designed to get you to react without thinking.
Tips for spotting telltale signs of phishing
Spotting a phishing email is becoming increasingly difficult, and many scams will even trick computer experts. However, there are some common signs to look out for:
- Authority - Is the sender claiming to be from an official organisation/person (like your bank, doctor, a solicitor, government department)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency - Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
- Emotion - Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity - Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current events - Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
Your bank (or any other official source) should never ask you to supply personal information from an email. If you have any doubts about a message, call them directly. Don't use the numbers/emails in the email, but visit the official website instead.
What to do if you've already clicked
If you've already clicked a link (or entered your details into a website) don't panic - there's lots you can do to limit any harm. Here are the following steps:
- If you're using a work laptop or phone, contact your IT department and let them know.
- If you’ve been tricked into providing your banking details, contact your bank and let them know immediately.
- If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to our guidance on recovering a hacked account.
- Open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds.
- If you've provided your password, change the passwords on all your accounts that use the same one.
- If you've lost money, tell your bank and report it as a crime to Action Fraud, the UK's reporting centre for cyber crime. By doing this, you'll be helping the NCSC to reduce criminal activity, and in the process prevent others becoming victims of cyber crime.
Make yourself a harder target
Criminals use publicly available information about you to make their phishing messages more convincing. This is often gleaned from your website and social media accounts (information known as a 'digital footprint'). You can make yourself less likely to receive phishing emails by doing the following:
- For your social media applications and other online accounts, review your privacy settings.
- Think about what you post (and who can see it).
- Be aware of what your friends, family and colleagues say about you online, as this can also reveal information that can be used to target you.
- If you do spot a suspicious email, flag it as Spam/Junk in your email inbox. Tell your email provider you've identified it as potentially unsafe.
Advice taken from: https://www.ncsc.gov.uk/guidance/suspicious-email-actions
Fraud self-assessment quiz: How vulnerable are you?
Barclaycard has created an interactive tool that helps you assess how personally vulnerable you are and recommends solutions to particular weaknesses. It assesses you in three different categories: Digital security, Personal Data and Scam Aware. Assess yourself today and see how good or bad your overall security precautions are and what you can do to improve them:
https://www.barclaycard.co.uk/personal/fraud-fighter
Latest news and resources related to COVID-19 Scams
If you wish to make yourself aware of the most current and dangerous scams please go to www.actionfraud.police.uk/covid19. The site lists the most recent cybercrimes that are circulating and provides specific advice on how to avoid and deal with them as well as contact information for reporting crimes. Add as a bookmark to your browser and check regularly.
Spotted a suspicious email?
If you have received an email which you’re not quite sure about, you can now forward it to the Suspicious Email Reporting Service (SERS) here on the NCSC website.
The message might be from a company you don’t normally receive communications from, or someone you do not know. You may just have a hunch. If you are suspicious, you should report it. By doing so you'll be helping us to protect many more people from being affected.