Keeping you and your money safe is our top priority, and we have stringent safeguarding measures in place to help protect all our customers. But there are also steps you need to take to protect yourself from fraud.
To help you identify potential scams and stay safe, we’re publishing a series of articles on fraud protection. This article looks at spear-phishing scams.
What is a task scam?
Spear-phishing scams are a targeted form of phishing, where scammers send personalised messages designed to trick a specific individual into sharing sensitive information or making a payment. Unlike generic phishing emails sent to thousands of people, spear-phishing attacks are carefully tailored using personal details to appear genuine and trustworthy.
The scammer may pose as someone you recognise, such as a colleague, family member, professional adviser or trusted organisation and will often reference real information, such as your name, job role, recent activity or relationships. This personalisation makes spear-phishing particularly convincing and more difficult to spot.
These scams are commonly delivered via email, text message or messaging apps and may ask you to click a link, download an attachment, confirm account details or urgently transfer money. Once the victim responds or follows the instructions, scammers can gain access to personal data, accounts or funds.
An example of a spear-phishing scam
David was in the process of buying a holiday home overseas and had been exchanging emails with several professionals, including estate agents and solicitors. Around the same time, he had recently shared a post on social media celebrating his birthday, which included details about the move and messages from friends wishing him luck with the purchase.
A few days later, David received an email that appeared to come from his solicitor. The email address looked correct, the tone matched previous correspondence, and the message opened by wishing him a belated happy birthday — something his real solicitor would plausibly have known. The email referenced the overseas property purchase and explained that there had been a last-minute change to the payment arrangements.
The message stressed urgency, stating that funds needed to be transferred that day to avoid delaying completion. It included new bank details and asked David not to discuss the change with anyone else, as it was ‘still being finalised’.
Because the email felt personal, timely and familiar, David followed the instructions and made the transfer. He even replied briefly to thank the solicitor for the birthday message.
Later that day, when David contacted his solicitor to confirm the next steps, he discovered the truth. His solicitor had not sent the email, there had been no change to the payment details, and the birthday reference had been lifted from social media. A scammer had built a convincing persona using publicly shared information to impersonate someone David trusted. By the time the fraud was uncovered, the money had already been sent to a fraudulent account.
Five tips on how to protect yourself from spear-phishing scams
1. Double-check unexpected requests
If you receive an unexpected request for information, payments or urgent action - even if it appears to come from someone you know – take the time to verify it. Spear-phishing scammers rely on a sense of familiarity to bypass your natural suspicion.
2. Don’t be rushed into things
Spear-phishing messages often create a sense of urgency, encouraging you to act quickly without thinking. Requests that stress confidentiality, deadlines or consequences should always be treated with caution.
3. Verify through a separate channel
If a message asks you to make a payment or share sensitive information, confirm the request using a different method. For example, call the person directly using a known phone number, rather than replying to the message itself.
4. Watch for subtle inconsistencies
Even highly targeted scams may contain small clues, such as slightly altered email addresses, unusual wording or unexpected attachments. These details can indicate that the message is not genuine.
5. Limit the information you share publicly
Scammers often build spear-phishing attacks using information found on social media or public websites. Reviewing privacy settings and limiting publicly available personal details can reduce your risk of being targeted.
If someone targets you
If you suspect you are being targeted or have fallen victim to a spear-phishing scam, it’s important to act quickly. Stop responding to the message, avoid clicking on any further links and do not share additional information.
If you have lost money to a scam, you should report it to Action Fraud immediately, by calling 0300 123 2040 or by using their online reporting tool, and you can report it to the FCA.
There are various ways to report different types of scams you may have received. Using Ofcom’s scam reporting service, you can forward suspicious text messages and WhatsApp messages to the number 7726. You can also use 7726 to report strange calls by texting the word ‘call’ followed by the dodgy number that has tried to contact you.
Suspected scam emails can be sent to [email protected], while suspicious websites should be reported to the National Cyber Security Centre (NCSC).
If you’ve been a victim, you can also get free specialist help from Victim Support.
More information on recovery scams
Several organisations provide guidance and resources to help you recognise and report phishing and spear-phishing scams.
As well as checking the FCA’s Register and Warning List, you can also find other information for consumers and firms on the FCA website.
Finally, we’re always more than happy to help our customers. If you’ve got any concerns or questions about the security of your Currencies Direct funds, or need guidance in relation to a transfer, please do get in touch.
You might also want to read our article on identity fraud, as spear-phishing scams share some similarities regarding the exploitation and theft of an individual’s personal data.
