Phishing is where a fraudster poses as a legitimate bank or institution in order to obtain personal and sensitive data, such as card numbers, passwords or security answers.
Our Risk and Analytics Manager, James Crawshaw shares some advice on how to avoid Phishing Scams:
Fake contact details
If an email comes from your bank, but the email address has many numbers or ends in a different domain, it is likely a phishing scam. The same goes for if you receive a text message from an institution – these are usually short codes (5 or 6 digit numbers), so be wary if the text comes from a long phone number.
- Example A: Email from HSBC, but the email address is HSBC123@email.com
- Example B: SMS from HSBC but the phone number is +44 7777 123456
Personal details in a message
The majority of banks and organisations won’t include any personal details, particularly payee names. If you do receive these, it is best to separately go on to the company’s website and find a legitimate phone number to call and make sure. Many banks also have their standard SMS templates on the website, so you can check there too if you are unsure.
Links in messages
Do not click on any links in emails or SMS messages, even if you trust the source. Always go into your browser and go to the company’s main page and from there navigate to where you need to go. These links can contain malware that can be used to steal personal or sensitive data from your phone, tablet or computer. Similarly, do not call any numbers provided in the message, as they can sometimes redirect you to the fraudsters own phone – make sure to take the time to go online and find the legitimate contact details.
If you suspect a scam or have fallen victim to one, inform the legitimate company and Action Fraud – they can take preventative action and further measures to ensure more people are aware and don’t fall victim!