SCAM MESSAGE “PHISHING” GUIDANCE
This page provides some simple guidance as to how to protect yourself from online scammers.
What is phishing?
‘Phishing’ is when criminals use scam emails, text messages or phone calls to trick their victims. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details, get you to transfer money/vouchers or other personal information.
Recognising online scams
Cyber criminals may contact you via email, text, phone call or via social media. They will often pretend to be someone (or an organisation) you trust. It used to be easier to spot scams. They might contain bad spelling or grammar, come from an unusual email address, or feature imagery or design that feels ‘off’. But scams are getting smarter and some even fool the experts.
How to spot scam messages or calls
Scammers try to quickly gain your trust or aim to pressure you into acting without thinking using common psychological strategies that can work on anyone not expecting them. If a message or call makes you suspicious, stop, break the contact, and consider the language it uses. Scams often feature one or more of these tell-tale signs.
Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences. We are unlikely to ask anything of you urgently, so check with us separately and directly if you think the message is a scam.
Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more. We will never use such language.
Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
5. Current events
Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
How to check if a message is genuine
If you have any doubts about a message, contact the person/organisation directly. Do not use the numbers or address in the message – use the details from their official website/your existing contact book. Also, please do not be embarrassed contacting the individual/organisation – it is better for everyone to check first. Even if the message turns out to be genuine we will appreciate you being conscientious of scams.
Remember, your bank (or any other official source) will never ask you to supply personal information via email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.
Check the actual sender address, not the ‘spoofed’ address. A ‘spoofed’ address is one where the display name might make it appear like the email address you are expecting but hovering the mouse over the address to see the tool-tip pop-up or copy/pasting the address into a text editor can reveal the actual (and often clearly not valid) address it has been sent from. If in doubt, contact the individual directly to check and do not reply to the original message.