Posted on 28 April 2020
The National Cyber Security Centre (NCSC) have launched the new Suspicious Email Reporting Service (SERS). If you receive an email that you think is suspicious, you can forward it to the NCSC at email@example.com and their automated programme will immediately test the validity of the site. Any sites found to be phishing scams will be removed immediately.
Over 5,000 suspicious emails were reported in the first 24 hours, resulting in more than 80 malicious web campaigns being removed by the NCSC.
What is phishing?
Phishing is a scam where criminals send messages to thousands of people. These emails pretend to come from organisations that you trust, such as banks, credit card companies, online shops and auction sites. They try to convince you to click on attachments or links within the email, or text message. The link goes to a website that looks exactly like the real thing, but is actually a clever fake, designed to trick you into entering personal information, such as your bank details or your password. The attachment or link could also download malware onto your computer.
Remember - never to give your personal or financial details to anyone, unless you know and trust them.
How to spot a phishing email
Phishing emails are increasing difficult to spot, but often:
- the message claims to be from someone official, such as a bank or government department
- the message claims to be from a company you don't use or someone you don't know
- the sender's email address doesn't match the organisation's real website address
- the email uses a general greeting like 'dear customer' instead of your actual name
- there's a sense of urgency, for example threatening to close your account if you don't act immediately, or you can claim a reward or refund
- you're asked for personal information, such as your bank details, username or password
- there's a link that may look similar to the proper address, but is in fact slightly different, and will take you to a fake website
Remember - your bank (or any other official source) will never ask you to supply personal information from an email.
What to do if you spot a phishing email
If you spot a phishing email:
- don't use any of the telephone numbers, email addresses, web links or attachments in the email
- visit the official website and only use contact details you have independently checked
- if you have lost money, tell your bank and report it, as a crime, to Action Fraud
- if you think the email is suspicious, forward it to the Suspicious Email Reporting Service (SERS) firstname.lastname@example.org - your report of a phishing email will help protect many more vulnerable people from being affected
What happens next?
The NCSC will analyse the suspect email and any websites it links to. They'll use any additional information, you've provided, to look for, and monitor, suspicious activity.
If NCSC discover activity that they believe is malicious, they may:
- try to block the address the email came from, so it can no longer send emails
- work with companies to remove links to malicious websites
- raise awareness of commonly reported, suspicious emails and scams
NCSC are not able to provide individual feedback but, be assured, they will act upon every message received. The NCSC website provides more information about the Suspicious Email Reporting Service (SERS) and how they handle the information you send to them.
How to protect yourself from phishing attacks and stay safe online
Our Digital MOT will help you review your online safety. By answering a few simple questions about your online habits, you can find out the most important steps you can take to protect your devices and avoid being a victim of cyber-scammers.
The National Cyber Security Centre's top cyber security tips are part of their Stay home. Stay connected. Stay Cyber Aware campaign.
Remember, if you are a victim of cybercrime or online fraud and scams, report it to Action Fraud tel: 0300 123 2040.