How to spot and report fake emails and phishing scams

From being scammed by a fake website, to getting a phone call from someone pretending to be your bank – they are on the rise.

Here's how to spot and report fake websites and pharming scams, and how to protect yourself should they happen again.

Phishing scams take the form of a what looks like a legitimate email from a brand or company that you recognise. Cybercriminals use the names of larger companies as they prey on the idea that recipients trust this brand and would expect to receive emails from them.

Common phishing emails might be from HMRC, your bank, Apple and Amazon who claim that you need to click a link to update your account, or a refund has been awarded and therefore they need your account details. These are more than likely fake emails.

Even if you think you know the sender they might not be who they say they are. A rule of thumb is to never click on something you are unsure of, as by clicking on that link you’re going to be taken to a fake website which collects your information.

There are a number of ways to determine whether an email is genuine:

• Email address – if you expand the pane at the top of your email then you’ll be able to see exactly who it is from. A fake email address will normally contain random numbers, a mix of lower and uppercase letters or misspelled words.
• Updating user account – If you’re receiving an email saying you need to update your user account then firstly ask yourself if you have an account with that brand. Secondly is this the email you have set up for that account, or do you use another email address?
• Click to enter bank details – No legitimate company would email you asking for personal information, whether that’s passwords, pin codes or bank account info.
• You’re a winner – did you even the competition that you’re a supposed winner of? If you are unsure about any email then it is always best to contact that company direct and ask if it’s genuine.

1. If you’ve been the victim of scam and have sent money then straight away call your bank and get the payments stopped.
2. Report the scam to Action Fraud on 0300 123 2040 or use their online reporting toolOpens in a new window
3. Most email providers have a report function where you can mark the email as junk then once in your junk folders you can mark it as a phishing scam, which will then report the sender.

If you think you’ve been targeted by a scam, you should report it so it can be investigated. You can do this through the Financial Conduct Authority website using their reporting form

It’s hard to tell the difference between a genuine site and the fake site that you’ve been taken to, especially if it’s from a company you recognise. However, think before you click.

• If you receive an email saying there is a problem with your online account then go to that website directly and log in to check.
• If the email is creating urgency by saying if you don’t update your password now, then your account will close, then again go to that website directly or call their customer services to check.
• Don’t click on any attachments from any unknown sources or reply to the email.
• Make sure you have any spam filters turned on through your email provider, most will automatically put emails from unknown sources into junk/spam folders.
• Add the email addresses of any suspicious emails to your block sender lists, you won’t then get an email from that address again.
• Make sure you also have virus protection software up-to-date and create strong passwords that are different from each other for various sites; also update regularly.

If you’re unsure about a financial services company, check the FCA register of regulated companies. If they’re not on it, don’t have anything to do with them.

If you’re unsure about any other kind of company, you can look them up on Companies House to find out their background, or search for reviews online.