Protecting yourself from phishing scams

Yasmine Arasteh October 10th 2024 - 4 minute read

Keeping you and your money safe is our top priority, and we have stringent safeguarding measures in place to help protect all our customers. But there are also steps you need to take to protect yourself from fraud.

To help you identify potential scams and stay safe, we’re publishing a series of articles on fraud protection. This article looks at phishing scams.

What are phishing scams?

Phishing scams are a type of cyber attack in which attackers use fraudulent communications, often disguised as trustworthy entities, to trick individuals into revealing personal data.

The goal of phishing is typically to steal sensitive information, gain unauthorised access to accounts, or carry out other malicious activities.

While phishing scammers can make contact via texts, phone calls and social media messages, research from Ofcom, the UK communications regulator, found that the majority of phishing attempts come via email, with up to one-quarter of UK adults receiving suspicious emails each day.

It’s important to be aware that as technology advances, phishing scams are becoming increasingly sophisticated. Scammers seek to take advantage of recipients emotional and physiological reactions, often instilling a sense of urgency or curiosity within communications, in order to prompt victims into taking specific actions that could compromise their security.

With both personal and professional life incorporating an ever-increasing online presence, it’s vital to optimise your security measures and know which red flags and common phishing tactics to look out for in order to avoid falling victim to such scams. 

An example of phishing fraud

Phishing scams can come in all shapes and sizes. The following details one common version of an email phishing scam.

Lucy received a spoofed email from the bankingonline@lloyds.com, saying that a request to change her password had been made via her Lloyds bank account online. The email read:

‘If you did not ask to reset your password, please click the link below to login and reset your password immediately to avoid any unauthorised activity on your account.’

Concerned that someone may have access to her account and personal details, Lucy felt a sense of urgency to change her password and secure her privacy settings. She clicked on the link, believing it to be a legitimate message from Lloyds customer support.

Lucy was then redirected to a webpage, with the domain name ‘banklloydsonline.com’, which has been engineered to look exactly like the banking organisation’s genuine website. The page requested both new and existing account passwords, which Lucy entered. The scammer, monitoring the page, obtained Lucy’s password and gained access to her bank account and other secured areas of the site.

Five tips on how to protect yourself from phishing scams 

1. Be sceptical of unsolicited messages

    Exercise caution when you receive an email or text message from an unknown or unexpected source. Emails in particular, are a popular method used by fraudsters to encourage individuals into compromising personal and sensitive information.

    If you receive an unexpected message, look out for signs of illegitimacy, such as spelling mistakes or grammatical errors.

    Be especially wary of messages that imply a strong sense of urgency or pressure. The suggestion that immediate action is required will often push victims to act before thinking. Genuine correspondence scarcely requires such urgency, so think twice before clicking on any suspicious links or attachments.

    2. Verify the sender’s contact details

    With any suspicious correspondence, such as an unexpected email asking for personal information, or stating that a change of password is required, make sure you check the sender’s contact details carefully.

    Phishers often use email addresses that resemble legitimate ones but may have subtle misspellings or variations. Be cautious if the email address doesn’t match the official domain of the organisation it claims to represent.

    3. Hover over links before clicking on them

    When you receive unexpected or suspicious links, hover your mouse over them to preview the actual destination URL.

    Avoid clicking on links in emails if the URL looks suspicious or doesn’t match the expected address of the legitimate organisation.

    4. Use two-factor authentication (2FA)

    Use two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a temporary code sent to your phone, in addition to your password.

    5. Verify requests for sensitive information

    Legitimate organisations typically do not request sensitive information, such as passwords or bank account details, via email. If in doubt, contact the organisation directly using official contact information provided on the official website, rather than any contact details provided via message, to verify the authenticity of the request.

    Additionally, it’s essential to stay informed about phishing tactics and regularly update your computer’s software, antivirus programs, and security settings. Phishing techniques can evolve, so staying vigilant and practicing good online hygiene is key to staying safe online and protecting your personal data and cybersecurity.

    If someone targets you 

    If you suspect you are being targeted or have fallen victim to a phishing scam, it’s crucial to take immediate action to mitigate potential damage and secure your accounts.

    If you have lost money to a scam, you should report it to Action Fraud immediately, by calling 0300 123 2040 or by using their online reporting tool, and you can report it to the FCA. 

    You should then contact your bank as soon as possible to let them know what has happened.

    There are various ways to report different types of scams you may have received. Using Ofcom’s scam reporting service, you can forward suspicious text messages and WhatsApp messages to the number 7726. You can also use 7726 to report strange calls, by texting the word ‘call’ followed by the dodgy number that has tried to contact you.

    Suspected scam emails can be sent to report@phishing.gov.uk, while suspicious websites should be reported to National Cyber Security Centre (NCSC).

    If you’ve been a victim, you can also get free specialist help from Victim Support. 

    More information on phishing scams

    Some of the organisations and websites we’ve listed above provide a treasure trove of information, guidance and resources.

    As well as checking the FCA’s Register and Warning List, you can also find other information for consumers and firms on the FCA website.  

    Action Fraud, the UK’s cybercrime reporting centre, also has plenty of useful resources – as does Victim Support. 

    Finally, we’re always more than happy to help our customers. If you’ve got any concerns or questions about the security of your Currencies Direct funds, or need guidance in relation to a transfer, please do get in touch

    You might also want to read our article on identity fraud, as the two types of scams share some similarities regarding the exploitation and theft of an individual’s personal data.

    Written by
    Yasmine Arasteh

    Select a topic: