Phishing is an email scam where fraudsters pretend to be a genuine organisation and try to steal your information or install malware on your device.
How it happens
Phishing is when a fraudster sends you an email encouraging you to share personal or business details or asking you to click on fake links. Often, these emails appear to be from trusted organisations such as your bank, HMRC, a courier, or a utility provider. The email may state that you’re owed money, there may be a threat to close your account if you don’t respond or a delivery is scheduled for you. In a phishing email, the fraudster will ask you to act or provide information, such as:
- Open a website link.
- Ask you to give confidential or security information, such as your bank account details, passwords, account numbers or PINs.
- Include instructions to reply or verify your account, for example, by completing a form attached to the email.
Clicking on a link may direct you to a fake website, designed to trick you into entering your personal and banking details. This is likely to result in you being a target for future scams, like receiving a phone call from your bank’s ‘fraud department’ or being contacted about ‘special offers’. Clicking links or opening attachments could also lead to your device being infected with malware or ransomware, which could lead to business disruption and could be costly to remedy.
How to protect yourself
Follow the advice below to help protect yourself and your business from Phishing:
- Check the email address for any subtle irregularities, such as similar letter combinations: J@rnbusiness.com instead of J@mbusiness.com. “(use of ‘r n’ without spaces instead of ‘m’)”
- Click the sender’s name, as this often reveals the sender’s true email address.
- Check the content of the email – look out for spelling or grammatical errors within the email.
- Contact the organisation using a phone number you know is genuine or visit their official website to verify the email.
- Never log-in to accounts using a link contained within an email you’ve received. Instead, directly visit the official website of the company to log-on.
- Forward suspicious emails to report@phishing.gov.uk.
- If you suspect you’ve received a HSBC scam email, please forward it to us at phishing@hsbc.com.
- Don’t rush and make an urgent payment or give away payment details.
- Don’t click on any links immediately, they may be malicious – hover your cursor over the link to reveal its true destination.
- Never open any unexpected and unverified attachments.
- Don’t give out any personal or business information.
How to report it
If you believe you have been a victim of this scam, please report it to us or your bank.
You should also report it to Action Fraud on 0300 123 2040 or via the Action Fraud website. If you are in Scotland, please report to Police Scotland directly by calling 101.