There is increasing evidence of criminals exploiting the coronavirus for their own gain. Techniques being used include sending bogus emails with links claiming to have important updates and, in some cases, fake tax refunds.
These ‘phishing’ attempts can lead to loss of money and personal data. Though its sometimes difficult to tell, until you’re certain that the sender is genuine, you should not follow any links, open attachments or reply to emails you aren’t expecting. If you have suspicions something isn’t right simply delete the email.
Here are some tips on spotting phishing emails:
- Many phishing emails have poor grammar, punctuation and spelling
- The design and overall quality may not be what would you’d expect from the organisation the email is supposed to come from
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender doesn’t actually know you, and that it’s a phishing scam
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’
- Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
- If you select the senders email, or hover over it with your cursor, does the email address look as though it comes from a legitimate company?
- If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the internet
- Your bank, HMRC or any other official source, should never ask you to supply any personal information via email
- Your bank, HMRC or any other official source, should never supply links for you to click on. Instead they will ask you to log into your account separately.
- If in doubt always log into your account separately, using your normal log in route. You can then check if the information is real
What to do and how to report a scam
You can report phishing emails to Action Fraud, who’ll then pass your concerns to the National Fraud Intelligence Bureau (NFIB) to investigate. The NFIB are a sub-division of the police and specialise in tackling fraud in the UK.
You should only use this tool to report phishing campaigns if you haven’t exposed your personal details or had any money taken out of your bank account or fraudulent transactions on a credit card.
If money has been taken from your account or there are fraudulent transactions on a credit or debit card, get in touch with your bank or credit card provider to let the fraud team know as soon as possible.