How to Protect Yourself Against Phishing and Scams

Scams have been around for a long time, and each year the people behind them find new ways to target people they think might be susceptible to their efforts. Protecting yourself against phishing and scams might sound difficult, but there are ways to make it easier.

There are a lot of different scams out there, and you’d be forgiven for not knowing what’s legitimate and what’s not – that’s why these people keep doing it, after all, as they find some success with it.

While it’s confusing, there are signs you can look for to help you spot scams and phishing attempts, and you should report anything you find suspicious to the relevant agencies dealing with these crimes.

We also have some tips on things you can do to protect yourself against phishing and scams.

Protecting yourself from scams and phishing

It’s important to know what a scam is, and what you should do about it when you find one. This will help protect you from scams and phishing attempts in the future.

Spotting a scam

Once a scam becomes well-known enough, it fades and a new one takes its place. Scams can fall into two main categories:

• Convince you to make an action you wouldn’t normally take
• Offering you something that is too good to be true for a small fee or personal information.

While there are others, these are two of the most common. You’ll see them on social media pages, on emails and websites. Any website that does not have a privacy policy stating what information they collect will be used for is not only breaching the law, but most likely not legitimate.

Always take the time to think things through before making a decision. You’ll save yourself a lot of hassle later on if it turns out to be a scam.

How does phishing work?

Phishing is a very specific kind of scam that involves getting personal information from you to aid in identity theft, or to convince you to transfer money thinking it’s for a legitimate cause or two a reputable organisation. This is rarely the case.

This is commonly done through cold calling, text messaging and emails, but sometimes in person, too.

• For phone calls, they will tell you they are from an organisation you trust and that you must provide sensitive information or make a payment to resolve an issue. However, you have no way of verifying the identity of the caller and the language and tone they use will try to make you act quickly and without thinking.

• With text and email messages, they will try and replicate the look and tone of a message the individual or organisation would actually send. This includes logos, images, formatting and even similar email addresses. They will try to gain your trust by association, despite assurances from the real organisation that they will never ask for such information.

• People do, on rare occasions, turn up at your door. They will try and gain entrance through rush tactics, trying to get you to let them in with urgent words and actions. This is becoming less and less common with digital technology becoming more prominent.

The big thing to remember is to take a breath and think things through. If you can’t be 100% sure of the person contacting you, don’t engage. You can always check with the organisation that supposedly sent them through official channels you know of and can research yourself. This protects you from phishing and scam attempts by giving you confidence in who you’re communicating with and how you’re doing so.

• Reporting suspicious activity or log-in attempts on your account
• Claim there’s a problem with a recent payment or payment information
• Include a fake invoice for a service or product you don’t recognise
• Say you’re eligible for a refund or payment
• Offer coupons for free products
• Ask you to confirm or change personal information.

If any of these topics come up, it’s important not to respond to the message itself but get in touch with the organisation separately to confirm if it’s true or not.

Some of the tricks and tactics used in these scams can include:

Where can you report phishing scams?

If you have any doubts over a message, you can report it a number of ways through the National Cyber Security Agency website:

• You can forward suspicious emails to report@phishing.gov.uk
• You can report websites through this form
• Unusual text messages can be forwarded to 7726 for free.

Spotting and reporting these scams will help protect others in the future. If you feel comfortable reporting, please do! You can always ask a family member or a trusted person to do this for you.

Tips to protect yourself from scams and phishing

We’ve put together some tips that will help you avoid having your information stolen by phishing scams. Some might surprise you, but these are real methods used by scammers.

1) Don’t click on email links asking for you to make a payment

Emails that ask you to make a payment by clicking a button or link can be suspicious. Unless you are 100% sure it’s legitimate, don’t follow the link. You can contact the service or seller, check your account and pay through an official channel rather than through an email.

Don’t click on email links asking to change personal information

2) Don’t respond to emails asking to confirm personal information

Emails asking you to provide or confirm personal information are not to be trusted. If a bank or online shop asks you to click on a link to update details, ignore it. You can get in touch with the organisation first to check if the request is real, and change those details through the official website to be safe.

3) Only respond to password reset emails you request

A common tactic to access accounts is through a password reset. The website you’re taken to looks like the real thing but your password won’t be changed. Instead, the scammers will learn your password and gain access to your account. If you receive a password reset email and you didn’t ask for one, do not click any links. To be even safer, you can go to the website and request a new password reset for yourself.

4) Don’t purchase through unsecured websites

Security certificates are proof a website is safe to use and make purchases from. If a website doesn’t have a security certificate, your data may be at risk. To check for this, look at the web address or URL and a padlock symbol. Clicking this will tell you if a website is secure or not.

5) Don’t provide personal or payment information when you have been called

As you can’t check a caller’s ID to make sure they are who they say they are, don’t provide any personal information or payment details to anyone calling for them. If this is a payment you need to make over the phone, make sure you have made the call to a recognised number for the company or individual.

6) Don’t sign up to services without reading privacy policies

No one likes privacy policies. They’re long and contain a lot of information that might not apply to you – however there’s a reason they’re important. They tell you exactly what a company can and will do with your information. If something happens that isn’t listed in this policy, it could be scammers trying to get your data.

If you’re concerned about scams and phishing

With scams and phishing attempts on the rise, it pays to be careful. If you want more advice on how to protect yourself against phishing and scams, speak to our team and we’ll do what we can to help. You can also check the National Cyber Security Centre for more information and resources.