Defend against phishing - think twice before clicking!

Phishing is a type of cyberattack where someone attempts to deceive an individual into revealing personal information, such as passwords, log in credentials or bank card information. This is typically done via emails, text messages or phone calls which can appear convincing but are actually malicious.

Criminals often use popular and well publicised events such as movies, concerts and sporting events to trick users into clicking links.

How to spot a phishing email

Here are some of the things you can check when trying to determine whether or not an email you have received is a phishing attempt:

  • Address of sender – hover over the email address to check if the sender’s email address looks legitimate. Is everything in it spelled correctly, or is there something suspicious about it?
  • Urgency – phishing emails can use tight deadlines to try to create a sense of urgency and pressure you into taking immediate action.
  • Greetings – be cautious if the email has a generic greeting such as ‘Dear valued customer’ or ‘Dear colleague’, as this could indicate the sender does not know who you are.
  • Spelling and grammar – poor grammar, spelling mistakes or unusual sentence structures can be a sign of a phishing attempt.
  • Unfamiliar links and URLs – hover over links to see if the URL matches the official website’s URL – if it doesn’t, don’t click it.
  • Requests for sensitive information – they are trying to trick you to get your details.

Your bank or any other legitimate source should never ask you to supply personal information, such as passwords and bank card information, in an email.

If you encounter any of these signs, it's best to be cautious and verify the legitimacy of the sender before taking any action.

What if you’ve already clicked?

If you've clicked on a phishing link, it’s important not to panic, but to act quickly to minimise potential damage.

  1. Change your account passwords to long, strong, unique passwords
  2. Run a full antivirus scan on your device to detect and remove any potential malware
  3. Keep an eye on your accounts for any unauthorised activity – if you notice anything suspicious, report it straight away
  4. If you have provided financial information, contact your bank to secure your account – if you have lost money, report this to Action Fraud

Phishing attacks – dealing with suspicious emails

Sextortion phishing scams – how to protect yourself

More information for individuals can be found on the National Cyber Security Centre. Useful articles include: Advice on how to stay secure online and Cyber Action Plan.