Scams and Phishing

Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. Phishing is the fraudulent practice of sending emails or other messages pretending to be from reputable companies to trick you into revealing personal information, such as passwords and credit card numbers. This can occur by email, text or phone call. Scammers will try to create a false scenario that tricks you into taking rushed and urgent action. They will aim to put you under pressure to act quickly: hoping you will make a mistake because of the urgency of the situation they are creating. For example, they might claim to be your bank and insist that you need to share your card details in relation to a suspicious payment. They might pretend to be HMRC and that you need to claim a tax rebate quickly before it expires. They might pretend to be Royal Mail and ask you to click on a link to pay for shipping of an item that you weren’t expecting.

For all forms of scam, if you are not sure: Stop, Think, Tell. This simple advice is the slogan of Derbyshire Police’s Sock it to the scammers campaign. If at all in doubt, stop the call, delete the email or text, end the communication. Buy yourself some thinking time and speak to a partner, family member or friend before taking action.

How to spot a phishing scam

Cyber criminals may contact you via email, text, phone call or via social media. They will often pretend to be a person or an organisation you trust.

Some scams are easily identified because of their poor or unprofessional design. They might contain bad spelling or grammar: remember that a trustworthy organisation would use formal, corporate language and would spell-check their communications. Some scams come from an unusual email address, despite the name of the sender appearing to be legitimate. This can often be checked by clicking on the name of the sender, which may reveal a completely different email address. Some email scams feature imagery or design that feels ‘off’. Perhaps the company logo has been resized, or the entire email is sent as a picture. This unprofessional design should be a red flag. But scams are getting smarter and some even fool the experts.

Social engineering tactics used by scammers

Scammers try to quickly gain your trust. They aim to pressure you into acting without thinking.

If a message or call makes you suspicious, stop, break the contact, and consider the language it uses. Scams often feature one or more of these tell-tale signs.

Authority

Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.

Urgency

Are you told you have a limited time to respond, such as 'within 24 hours' or 'immediately'? Criminals often threaten you with fines or other negative consequences.

Emotion

Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.

Scarcity

Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.

Current events

Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

How to check if a message is genuine

If you have any doubts about a message, contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website.

Remember, your bank (or any other official source) will never ask you to supply personal information via email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.