Phishing Scams – Don’t Get Caught Out

Oh no – what have you forgotten to collect, respond to or pay? There’s an email in your inbox urging you to sort it right now. But stop, and check – it could well be a phishing scam.

James Walker from Rightly and Louise Baxter from the National Trading Standards Scams Team explain how to take control, know how to spot a scam and what to do about it.

A phish is not a new variety of vegan protein that you may have missed, but a form of scam. The focus is on sending as many messages out as possible with the logic that enough people will click on the communication and scammers can make a profit.

How does it work?

Phishing is a low-cost operation that simply needs people to be convinced to click on the links and follow the instructions.

More than 11 million phishing scams are reported every year in the UK to the National Cyber Security Centre (NCSC). This is a government organisation focused on preventing scams and removing scam sites.

Phishing is a scam attempt that uses either email, phone calls or texts that convinces a consumer to follow the instructions.

A classic example is the mail scam. This is where you receive an email or text message related to unpaid postal charges.

In order to receive a package, there is a weblink in the email/text.

If you click on the link you’re directed to a website that looks authentic and asked to enter your details. This can either be a way of harvesting your information or even worse, you add in card details and money is taken from your account.

Sneakily personalised… via social media

Woman typing social media post Pic: Istockphoto

Pic: iStockphoto

Phishing has become more and more sophisticated, with scammers often using information from social media platforms to personalise the message, the need for urgency and the messaging.

It’s important that you check your social media accounts to understand what information you have shared and what are the sharing settings.

We would strongly recommend keeping your profile private and only sharing information with friends, and not sharing sensitive personal data about yourself at all.

Businesses held to ransom

Phishing attacks are not just something that affects consumers, but businesses as well.

Often businesses will receive messages requiring members of staff to click on links. Doing so can install ransomware onto private networks. This means that an organisation is locked out of their computer networks unless they pay a hefty fee to regain access.

Worried Businessman Looking At Computer With Ransomware Word On The Screen At The Workplace

Pic: Shutterstock

If you receive an unexpected email or text demanding action…

  • Take 5 seconds to think before you take any action.
  • Rather than click on a link, search in Google for the website if you recognise it. Visit the website directly.
  • If you do not know or recognise the website, we would recommend not visiting it.
  • If you accidentally click the link, close it immediately and to be safe, re-start the browser.
  • If you receive the message by email, mark it as spam. If received by text or WhatsApp, again mark as unwanted/spam so that you never see another message from the firm.
  • Also if the email has a “stop marketing” link or instruction to reply “Stop” to stop receiving messages, never click on this.

Scambusters Mailbag

I hear of so many cowboy firms. How do I find a trusted tradesman?

Scambusters say: “There are a number of schemes that help ensure you can find trusted traders. We would recommend either TrustMark or Which? Trusted Traders to ensure you have a firm that has been extensively vetted.”

Tradesperson in orange hard hat and hi-vis vest giving OK symbol with finger and thumb

Do some research and avoid the dodgy companies. Pic: Shutterstock

How do I know if a website is genuine?

Scambusters say: “Check to see if the website address is the same or very similar to the brand/organisation you are intending to visit. You can no longer trust a website with a padlock in the URL field to be genuine, as these can be bought by any website.

“Also check the terms and conditions to see where the company is based and whether it gives the registered address, contact phone number and email.

Tip: turn detective!

Woman peering through magnifying glass, looking suspicious

Pic: iStockphoto

Do you want to know if your data has been shared without your consent?

When you sign up to a new account, use a gmail email after your email name and (before the @ sign) add in +websitename (You put the website name into the email instead of websitename).

You will still receive all the emails, but if your data is ever shared you know where it came from because of the email address used.

3 ways you can take action…

Report: If you have received a text you think is a scam, then you can

  • forward to 7726
  • take a screenshot and send it to

Go Incognito: If you are receiving lots of unwanted phone calls or text messages, you can also consider removing your details from data brokers, ensuring that you use the right to object to processing of your data. You can learn more about this on Rightly and find out how to stop the sharing of your data exposing you to scams.

Get Clued Up: Take a free training course on how to fight against scams on

Lesley Joseph on coverFind savvy money advice in My Weekly every week, plus lots more friendly advice and uplifting content. It’s your feelgood read.

£1.75 from newsagents and supermarkets (£2.45 for a bumper issue). Or save loads on the shop price – take out a subscription or digital subscription!