News

Phishing emails are one of the easiest forms of cyber attacks for criminals to carry out and unfortunately easy for us to fall victim to.

The term ‘phishing’ is often used when talking about emails, but these can also take the form of a text message or social media post that look like the real thing but are malicious. The criminal will try to convince you to click on links within their message that could lead to a virus being downloaded on to your computer or persuade you to reveal personal, sensitive or financial information.

Criminals are opportunistic and will look to exploit real-world concerns and trick you into interacting. Whether that is convincing you to apply for a tax rebate or offer you a ‘prize’ for completing a survey.

These can be difficult to spot and are designed to get you to interact with the message without thinking.

What should I look out for?

Top tips for spotting tell-tale signs of a phishing attack (fake emails)

  • Authority – Is the sender claiming to be from someone official (like your bank, doctor, a solicitor, government department, or high-ranking person in your organisation)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
  • Urgency – Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
  • Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
  • Scarcity – Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
  • Current events – Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

Be wary of any texts or emails you receive, even if it appears to come from an organisation you know and trust. Your bank (or any other official source) should never ask you to supply personal information from an email.

Don’t follow links in text messages or phone any numbers provided within the message. If you have any doubts, call them directly or visit the official website instead by typing their genuine web address into your browser.

Report suspicious messages

You can help protect others by reporting suspicious emails and text messages by forwarding these on to the NCSC’s takedown service.

Forward emails to the Suspicious Email Reporting Service (SERS) at [email protected]

Text messages can be sent to 7726. This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

If you have fallen victim to a phishing attack, you can report this to Police Scotland on 101.

Read our blog on Dealing with targeted phishing emails. Unlike standard phishing emails that are sent out indiscriminately to millions of people, these types of attacks are crafted to appeal to specific individuals, and can be even harder to detect.

Related content

Developing An Incident Response Plan

Developing an incident response plan is a critical step towards preparing a robust and effective incident management and technical response capability. Good incident management will help reduce the financial and operational impact on your business.

Take Five to Stop Fraud – The Art of Saying No

We are proud to be supporting the Take Five to Stop Fraud campaign this Take Five Week. Criminals are experts at impersonating people, organisations and the police so it can be difficult to spot scam texts, emails and phone calls. […]

Scottish #ScamWatch Week 2021

#ScamWatch Week 2021 – 30th August – 5th September With information being more readily available online, and methods of contact being more accessible, scammers are in a better position than ever to engage with us. The more vulnerable members of […]

Back to top of the page