Guidance on phishing emails and scams
We've recently seen a number of examples of malicious activity that are trying to get you to share bank account details, computer passwords or get you to connect with high cost phone line. These include:
- advance fee fraud (where someone asks for payment in advance for goods and services)
- phishing emails (where an email includes a link to a malicious website)
- emails containing attachments containing malware
- Unsolicited phone calls containing warning about financial transactions or services being cut off
There are examples of various campaigns which seek to replicate, or pretend that they are from, organisations such as:
- World Health Organisation (WHO)
- UK Government (GOV.UK),
- Banks and other financial institutions
- Amazon or BT
There are also examples of fake websites which impersonate NHS organisations, which contain malicious software.
What you need to do
It's essential that you remain vigilant, particularly during the current period of uncertainty and anxiety around coronavirus, and take the necessary precautions to protect yourself and your data. We would advise:
- Ask yourself, do I have accounts with these businesses? If you don’t, ignore the message it is likely to be malicious.
- If you do, have an account with them and you remain unsure. Contact them by in a way that you trust, e.g. by using a number on a statement, bill or contract.
- Banks or will never ask for passwords. When you call them, you will need to go through a security process that you will be aware of. Typically, they will ask for two characters from your password, but never the whole password.
- Be suspicious of emails that ask you to check, renew or share your logins or passwords. If they do ask for this information, delete the email.
- Don’t open attachments or click on links in emails without first establishing they are legitimate, e.g. were you expecting to receive the email? If not, delete the email
- Hover over links (without clicking) to see if the link looks legitimate – in many basic phishing attempts, the actual link differs from the one you see in the email. If you are uncomfortable with this, don’t do it and delete the email
- Check the source of the email, do you know the sender? If you don’t, delete it.
- If the content of the email tries to persuade you to do something that seems too good to be true, it probably is. Just delete it.
- Most phishing emails contain spelling mistakes, poor grammar and low quality images. Read it carefully and look for these errors. If you are still in doubt, delete it.
- If you receive an unsolicited phone call and you are uncomfortable, hang up and call them from a number you trust. Don’t use any numbers they have just given you.
- In a call, never, “press one” when asked, it will take you to a high cost phone line. If in doubt, hang up.
We have advised you to delete emails or hang up on call if you are not comfortable; this is fine. Legitimate businesses will accept this and be happy for you to call them back by trusted means.
If you receive a communication from us and have any doubts about its authenticity, please telephone us on 01603 421421