Phishing is a cyber-attack where criminals impersonate trusted sources, like banks or HMRC, to steal your personal or financial information or infect your device with malware. Spam refers to unwanted SMS or junk emails often sent with malicious intent. Both phishing and spam can occur through text, email, or phone calls.
Remember, iD Mobile will never send an SMS with a short URL or ask you to make a payment through a link. We always provide secure payment options through the iD Mobile app or My Account online, where you can check for any outstanding payments.
Why Does Phishing Exist?
Phishing exists because it’s an easy and effective way for cybercriminals to steal valuable information and money. It requires minimal technical skill and can target thousands of people simultaneously by creating messages that appear legitimate and play on fear and urgency. The low cost and high reward make it an attractive method for scammers.
Who Do Attackers Pretend to Be?
Attackers often use the identity of a person or company you trust, such as a bank, a music streaming service, or even your boss. Their goal is to craft messages that seem so legitimate that you follow their instructions without questioning it. For example, you might receive an email from ‘Netflix’ claiming a payment issue and asking you to update your details. These messages can look convincing with official logos and professional language.
How to Spot Phishing Calls, Texts, and Emails.
- Unexpected Contact.
Be cautious of unexpected calls or texts, especially if they ask for personal information or urge you to act quickly.
- Sense of Urgency.
Phishing attempts often create a sense of panic, prompting you to act swiftly.
- Requests for Personal Information.
Legitimate companies will not ask for sensitive details like passwords over the phone or text.
- Generic Greetings.
Messages that use generic greetings like ‘Dear Customer’ instead of your name can be a red flag.
- Unusual Instructions.
Avoid following messages that ask you to do something unusual, such as installing software or visiting unfamiliar websites.
- Check the Number.
If the call or text comes from an unrecognised number, be cautious. Scammers can spoof numbers to look authentic.
- Spelling and Grammar Errors.
Phishing texts or emails often contain spelling mistakes or grammatical errors.
How to Spot Phishing Websites.
- Check the URL.
Verify the URL of any link you receive. Look for spelling mistakes and ensure the URL includes “https://” to indicate a secure connection.
- Search the URL.
Use a trusted search engine to access the website directly if you’re unsure about a link.
- Non-Secure Sites.
Look for a padlock icon next to the URL. Click on it to check the site’s security certificates and settings.
- Spelling and Grammar Errors.
Watch for spelling, grammar, and design errors on the site, which can indicate a phishing attempt.
How to Reduce Phishing Attempts.
- Use Email Filters.
Ensure your email spam filter is activated and regularly updated.
- Educate Yourself.
Stay informed about the latest phishing tactics to help recognise and avoid scams.
- Enable Two-Factor Authentication.
This adds an extra layer of security by requiring a second piece of information, like a code sent to your phone.
- Keep Software Updated.
Regularly update your computer and phone software to protect against security vulnerabilities.
- Be Skeptical.
Always question the legitimacy of strange messages, even if they appear to be from someone you trust. Verify their details before taking any action.
What You Should Do If You Spot a Phishing Scam.
- Do Not Engage.
Do not reply to the message, call the number, download content, or click on links.
- Report Suspicious Messages.
- Forward phishing emails to the National Cyber Security Centre (NCSC) at report@phishing.gov.uk.
- Forward phishing texts to 7726 (SPAM). Your mobile carrier will investigate.
- Contact the organisation that appears to be impersonated, if applicable, and report the phishing attempt.
- Report phishing to Action Fraud, the UK’s national reporting center for fraud and cybercrime, via their website or by calling 0300 123 2040.
- If you have shared financial information, contact your bank immediately to secure your account and monitor for suspicious activity.
Contact Us About Spam or Phishing.
If you have experienced a phishing attack or have concerns, you can forward suspicious messages to 7726 or let us know by posting on the iD Community page. We are here to help keep you safe online.