How to spot phishing phone scams
What is phishing?
Phishing is a type of fraud in which cyber criminals attempt to steal sensitive information through email messages, websites or phone calls which appear to be legitimate.
The victim is typically duped into believing that the message or call is from a trusted source; criminals may even be pretending to be someone you know. Their aim is typically to get you to share your passwords or other personal data, or to trick you into downloading computer viruses.
How to spot a phishing phone call
It can be tricky to spot a phishing phone call, as it’s difficult to confirm the identity of the person who contacted you. However, here are a few things to remember:
- No-one should be asking for your password
A reputable company will never ask for your password or bank PIN, either over the phone or by email. If they need you to reset your password, they’ll send you a link to a secure page on their official site, which will allow you to do it safely. You also shouldn’t have to give any individual person your password or PIN number.
- Using threats to frighten you
In order to try to spur the victim into action, scammers may include threats in their calls. For example, they could say that your bank account will be permanently deleted if you don’t reset your password through a link that they’ve provided.
- They are evasive if you have questions
If you ask to speak to a supervisor or ask for proof of where that the caller is calling from, they’ll either change the subject or make you feel at fault for asking for more information.
- You can’t call the company back on their official number
Call phishing has become increasingly sophisticated. Nowadays, scammers can either hide their caller IDs, or they can mimic phone numbers, so it looks like you’re being called by a genuine company, such as a bank or utility company.
If you’ve received a call from a genuine source, they shouldn’t mind if you hang up and call back using their official contact channels. If they provide you with a number to ring, you should verify that it belongs to a trusted source before calling it. Google the number and see what comes up; if it’s not the company’s number, call the company to check when they last wanted to contact you over the phone.
Beware of a caller who doesn’t want to end the call, or tries to put you off from calling back using the official number.
If you’re worried, get the name of the person you’re speaking to, hang up and call the organisation directly. If you can, call them from a different phone as scammers can keep the phone line open. This means they can stay on the line and still hear you, even if you’ve ‘hung up’ on them. If it’s not possible to use another phone then wait for at least 10 minutes before you make another call.
How to spot a phishing email
It’s also important to be on the lookout for any suspicious signs of phishing in your emails. Here are some phishing giveaways to look out for:
- The email’s sent from a strange-looking email address which doesn’t look genuine – look out for lots of letters and numbers
- It’s full of spelling and grammatical errors
- There are urgent calls to take action
- The company logo or any images don’t look hi-res, and look like they’ve been stretched or edited in some way
- The language and tone of the email doesn’t quite match up with who the company are (for example, a financial company would probably not start an email with ‘Hi, how are you doing?’)
- The offers within the email look too good to be true (for example, it might claim you’re owed a massive tax refund)
- The company ask you for money which you’ve already paid (for example, scammers might pretend to be the TV Licensing company and ask you for money, even though you know you’ve already paid in full for the year)
What to do if you’re a victim of phishing
If you’ve been the victim of a phishing attack, there are some steps that you can take. These include:
- Changing your passwords
You should change any passwords that may have been compromised as soon as possible. This could lessen the chances of the scammers being able to use them to log into your accounts.
- Contact your bank or credit card company
Contact your bank or credit card company using the number provided on the back of the card. Depending on the situation and their standard way of responding to phishing attacks, they may choose to freeze any cards at risk, or to cancel them and replace them with new ones. They’ll also be able to monitor your activity, in case the scammers use those at-risk cards.
- Contacting credit reference agencies
Contact your credit reference agency to notify them that your information may have been stolen. They can then take it into account if you need to dispute any credit activity that has taken place or will be caused by the fraudsters.
- Monitoring your bank accounts
You can also keep an eye on the activity in your bank accounts to confirm that you recognise all the withdrawals that are taking place. Any suspicious activity should be reported to your bank.
- Reporting the crime
You should report fraud and cybercrime to Action Fraud (the National Fraud & Cyber Crime Reporting Centre). If you are in immediate danger, dial 999 for emergency services instead.
It pays to be on the lookout for fraudulent activity when you’re contacted by any form of communication. No matter how careful you are, though, it’s possible that you’ll encounter cybercriminals that are able to steal your personal information.
Always ensure that you follow up and try to minimise the risks by reporting any incidents and securing your personal data.
- Infographic: What is a money mule?
- What is money laundering?
- What is a Ponzi scheme?
- How to report identity theft
- How to protect older people from being scammed
- Using contactless mobile payments and apps
- Safeguard your personal data when using smart home assistants
- Safeguarding your family’s personal data on smart toys
- How your identity could be stolen offline
- Protect against ID theft when making mobile payments
- Online Fraud Terminology
- What is anonymous browsing?
- Distributed Denial of Service explained
- How secure is your email?
- Identity theft and fraud explained
- Financial fraud explained
- Best practices for avoiding identity theft
- Stay safe online: Creating a secure password
- Scam avoidance: A few ways to help stay secure
- Are smart gadgets putting you at risk of identity theft?
- Helping your children stay safe online
- Should you share your location on social media?
- Safeguard your personal information on video game consoles
- Would you do internet banking on your smart TV?
- How fraudsters use Wi-Fi hotspots to steal data
- How to avoid email fraud
- Preventing your child’s identity from being stolen
- Keeping your personal information secure when moving home
- Protect yourself from becoming a victim of SMS phishing
- Protect against identity theft when sharing photos online
- Safeguard your identity on mobile apps
- Your social media profile and identity theft
- What is credit card fraud – can you prevent it from happening to you?
- How fraudsters can hijack your browser
- Safeguard your identity on Facebook and other social media sites
- Going on holiday - keeping your identity safe
- How to prevent smartphone identity theft
- Shopping online – staying safe against identity theft
- How to spot and avoid romance scams
- Facial recognition and identity risk
- How cyber attacks happen
- Safer Internet Day – protecting children online
- 7 Signs of Identity Theft
- How to avoid contactless card fraud
- What Are Data Breaches?
- How to Spot a Phishing Email
- ID Fraud Overview
- How Financial Crimes Are Hidden in The Dark Web
- How much do you know about the Dark Web?
- Are you losing your identity?