Scams and Phishing
Phishing, Scams & Fake emails
For something to be considered an offence under the Fraud Act, the perpetrator must intend to steal from their victim or have intent to commit a fraud. For example, if you pay for a service that doesn't exist because the provider is running a fake company, this is a scam and is definitely considered to be fraudulent activity.
What to look for and how to identify a scam or phishing email
Phishing is a play on the word “fishing”. It is when a cyber-criminal contacts you out of the blue and convinces you to hand over your personal information or money or gets you to download a virus that infects your computer. Phishing usually happens over email, but can also happen through text, instant messaging, social media or phone calls.
It is becoming increasingly common as fraudsters come up with new tricks to try and steal your personal information and bank details. In some cases, the emails have malicious software attached which can infect your computer, tablet or mobile with a virus. Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomware threatens to take action on your computer, such as deleting files, unless you pay a ransom. If you suspect an email might be from a scammer do not click on any links or download any attachments featured in the scam email, as these may download a computer virus onto your computer. Make sure you stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection if you have unknowingly downloaded an attachment.
Scammers will often pretend to be from legitimate and trustworthy companies offering great deals and enticing you to click on the deal.
Online learning link: Quiz Activity from Card.
Check the 'from' address to see where it is sent from
To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.
Is the greeting impersonal?
Scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do. Sometimes scam emails will just say “Hi” and not include your name, other times your email address will be used after “Hi”. This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.
Check contact information
To see where a web link goes to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.
**Please note that if you are checking a link on a phone or tablet this will be different. On some phones and tablets, you can check by a long press on the link which will bring up a box asking whether you want to open the link.**
Checking branding and keeping an eye on the quality of branded logos, etc., in the email can strongly indicate if the email is a scam. Is the branding on the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.
Asking for personal or bank details?
If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely to be a scam. Personal information includes things like your National Insurance number, your credit card number, PIN number, or credit card security code, your mother's maiden name or any other security answers you may have entered. Most companies will never ask for personal information to be supplied via email.
Poor spelling, grammar and presentation?
Watch out for these tell-tale signs: poor spelling and grammar, lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.
Trying hard to be 'official'?
Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.
Trying to rush you?
Time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.
If the message is alerting you to look at something linked to an account you have with the company, organisation or retailer, you should log in separately to your account in a new tab or window. It’s better to miss out on a genuine deal than risk compromising your personal details or money.
Check with real company, brand or department
If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their 'contact us' page.
Do not contact them on any email address, website, or phone number they have provided.
Look for a padlock
Most browsers show a green padlock next to the website's URL - this is a handy way to see if a website is trusted.
But this step should only be used in tandem with other checks, just in case.
As a trusted source in the communities you work in, learners, young people or members of community groups may seek your advice on what steps to take or for support on how to report scams. Working out a plan to be more cyber secure and add to an individual learning plan together could be a good way to skill up people on what to do when they have been a victim of a scam. Below is a range tips, sources and other agencies that provide additional support in dealing with cybercrime.
Advice and support on dealing with a cyber security issues.
If you’ve spotted a scam email or phishing email, the first step will be to report it to the internet service provider (ISP) that was used to send you the email.
If the scam email came from a Yahoo! account, send it to firstname.lastname@example.org. Gmail has a 'Report spam' button and Hotmail has a 'Report phishing' button.
Once you report the scam email, the ISP can then close the account that sent the email.
Report it to the company
If you're the victim of a mimicking scam online, where fraudsters pretend to be from a genuine company, it’s also worth contacting the company that has been mimicked.
Whether it’s a bank, government department or other company cited in the email, if you notify the company they can take steps to warn other people about the scam.
Often companies will warn their customers of mimicking scams by putting notices on their websites, explaining the steps people can take to prevent others falling victim to the same scam.
If you’ve been the victim of a phishing email scam and had money taken from your account, you may also want to report it to the bank.
Report internet fraud to Police Action Fraud
All reports of fraud and any other financial crime should be reported to Police Scotland via 101 without delay.
“Reporting incidents assists Police Scotland in tackling fraud and enables them to identify areas of concern and patterns of behaviour. The information you provide is valuable and could lead to the prosecution of offenders and to ensuring the safety of the public. They will record all information you provide and appropriate action will be taken.”
Find out more on the Police Scotland website.
Take Five is a national campaign led by UK Finance which offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud.
Stop scam mail
The Mailing Preference Service (MPS) allows you to have your name and address removed from mailing lists.
To register for the free service, call 0845 703 4599 or visit the website.
Speak to Citizens Advice
If you report a scam to your local Citizens Advice Bureau, they may be able to offer you advice.
You may also be giving them vital information which they can pass on to Trading Standards to help stop other people from becoming victims of the same scam.
Scams are criminal offences under the Fraud Act. This means that trading standards officers can take criminal action against the scammers.
Find out more on the Citizens Advice website.
Emotional support after a scam
Being scammed can take a huge toll on your emotional wellbeing and mental health. It's often helpful to speak to someone about what you're going through. This can be anything from a one-off scam to something which entangles you for months, every scam has an impact on your life no matter its size.
As practitioners, we can give a lot of support, but learners and community members may also want to contact other sources of help:
Victim Support Scotland has a free helpline where you can speak to someone confidentially. This can be a one-off call or they can refer you to local services for on-going support.
This service is free and run by Victim Support Scotland which is an independent charity.
- Calling them for free on 0800 160 1985
- Requesting online support
- Contacting your local Victim Support team
Online information resources
- Phishing Quiz - can you spot when you're being phished?
- Cyber Resilience Advice and Support from the Scottish Government
- Cyber Resilience blog from National Cyber Security Centre: Nothing to sneeze at
- National Cyber Security Centre's Top Tips for Staying Secure Online
- Take 5: Stop Fraud campaign
- Which?'s guide on How to spot a scam