Phishing emails are one of the easiest forms of cyber attacks for criminals to carry out and unfortunately easy for us to fall victim to.

The term ‘phishing’ is often used when talking about emails, but these can also take the form of a text message or social media post that look like the real thing but are malicious. The criminal will try to convince you to click on links within their message that could lead to a virus being downloaded on to your computer or persuade you to reveal personal, sensitive or financial information.

Criminals are opportunistic and will look to exploit real-world concerns and trick you into interacting. Whether that is convincing you to apply for a tax rebate or offer you a ‘prize’ for completing a survey.

These can be difficult to spot and are designed to get you to interact with the message without thinking.

What should I look out for?

Top tips for spotting tell-tale signs of a phishing attack (fake emails)

  • Authority – Is the sender claiming to be from someone official (like your bank, doctor, a solicitor, government department, or high-ranking person in your organisation)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
  • Urgency – Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
  • Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
  • Scarcity – Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
  • Current events – Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

Be wary of any texts or emails you receive, even if it appears to come from an organisation you know and trust. Your bank (or any other official source) should never ask you to supply personal information from an email.

Don’t follow links in text messages or phone any numbers provided within the message. If you have any doubts, call them directly or visit the official website instead by typing their genuine web address into your browser.

Report suspicious messages

You can help protect others by reporting suspicious emails and text messages by forwarding these on to the NCSC’s takedown service.

Forward emails to the Suspicious Email Reporting Service (SERS) at [email protected]

Text messages can be sent to 7726. This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

If you have fallen victim to a phishing attack, you can report this to Police Scotland on 101.

Read our blog on Dealing with targeted phishing emails. Unlike standard phishing emails that are sent out indiscriminately to millions of people, these types of attacks are crafted to appeal to specific individuals, and can be even harder to detect.

Related content

NCSC Release Ransomware Guidance for Board Members

Ransomware remains one of the most prevalent cyber threats to the UK. The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such […]

Scottish #ScamWatch Week 2021

#ScamWatch Week 2021 – 30th August – 5th September With information being more readily available online, and methods of contact being more accessible, scammers are in a better position than ever to engage with us. The more vulnerable members of […]

UK Government launch the UK National Cyber Strategy

The UK Government has published its new National Cyber Strategy. This strategy sets out the government’s approach to protecting and promoting the UK’s interests in cyberspace. Their plan is to ensure that the UK continues to be a leading responsible […]

Developing An Incident Response Plan

Developing an incident response plan is a critical step towards preparing a robust and effective incident management and technical response capability. Good incident management will help reduce the financial and operational impact on your business.

Back to top of the page