The most common phishing email scams and how to spot them
Phishing email scams have existed for as long as the internet has been around, but they have become significantly more sophisticated in recent years.
These fraudulent emails are designed to steal money by tricking the recipient into handing over personal information, or by instructing them to download malicious software.
Most of us have received or will get phishing emails - here are some tips on how to spot them, and what to do next.
Big companies that you already trust
A lot of phishing emails initially appear to come from well established and instantly recognisable online businesses with a large user base.
Cybercriminals target many people with fraudulent messages, so they choose big companies in the hope that the majority of recipients will have an existing relationship with the brand and would expect to receive emails from them.
Scammers even send fraudulent emails pretending to be HMRC (Photo: Shutterstock)
The organisations scammers impersonate also tend to be online retailers or paid services, giving them a reason to ask for your bank details in an email.
Common phishing scams
Common phishing email scams include (but are not limited to) the likes of Amazon, Apple, PayPal and streaming platform Netflix.
However, it is not just messages from online businesses you should be wary of - scammers have also imitated banks and governmental departments like Natwest or HMRC.
What to look out for
Phishing emails commonly focus on either money or account details.
For example, a common scam used by cybercriminals impersonating Netflix or Apple asks users to update the payment details on their profile or risk their account being suspended.
Fraudulent emails claiming to be from HMRC might inform you of a tax rebate or penalty - something which the real HMRC state they would never contact a user about via email or text message.
A good rule of thumb is to never click links or input your personal details (particularly debit or credit card information) when prompted to do so by an email, even if you think you know who the sender is.
If in doubt, contact the business cited as the sender through official channels (phone, email or social media) and ask them to confirm that the message is legitimate before you do anything else.
The telltale signs of a scammer
The easiest way to spot a phishing message is to pay attention to the email address of the sender.
Often the addresses used to send scam emails look extremely unofficial, containing many numbers or a jumble of letters.
Make sure to never open or download attachments sent with suspicious emails (Photo: Shutterstock)
Legitimate correspondence from established companies like Amazon or PayPal will generally be sent from a simple address that uses the website's domain - e.g. amazon.co.uk or paypal.com.
Other big giveaways include poorly worded or amateur-sounding text in the body of the email and either a lack of official logos, or logos that don't look quite right.
How to deal with a phishing email
If you think you have received a phishing email, you should report it to the business being misrepresented.
Most large companies have a dedicated phishing email address set up, to which you can forward any suspicious messages you receive.
Simply find the right address (a quick Google search should help you), forward the email, including any attachments, and then delete the original message from your own inbox.
Above all, do not click any links or download any attachments included in the phishing email, and do not input any of your personal information if asked.
What to do if you get scammed
For anyone who thinks they may have already been scammed as a result of a phishing email, you should contact your bank straight away.
You can also phone Action Fraud (the UK's national reporting centre for fraud and internet crime) on 0300 123 2040, or submit an enquiry on their website.