Want to protect your identity?

See if your passwords have been leaked on the dark web by activating ClearScore Protect for free now.

See your stolen passwords

How to spot phishing email and phone scams

We've teamed up with fraud expert Tim Mitchell from Get Safe Online to help you stay one step ahead of the fraudsters and spot even the most cunning of scams

25 March 2020Tim Mitchell 5 min read
MacBook menu with red icon showing 3 unread emails
Image by Webaroo on Unsplash

Want to protect your identity?

See if your passwords have been leaked on the dark web by activating ClearScore Protect for free now.

See your stolen passwords

It’s a common scenario: you open up your emails and there in your inbox is an email congratulating you on your million pound win. All you have to do is click the link to share all your account details and pay £100 to cover the transfer fee. It can be pretty easy to scoff at examples like this. After all you’d never fall for it, right?

But losing money to a scam is much easier than you’d think. In recent research by Get Safe Online, 80% of respondents to a survey said they could confidently identify a scam email or phone call. However, in a separate test of over 63,000 people, only 9% who completed the quiz scored full marks. It's pretty eye-watering stat, and just goes to show how anyone can become a victim, however smart or savvy.

To help stop it happening to you, we’ve teamed up with Get Safe Online's fraud expert Tim Mitchell. With his help you'll be able to identify even the most cunning of online scams to keep your money and your identity safe online.

The biggest issue at the moment is definitely people falling victim to what we call ‘social engineering’ fraud. This simply means manipulating or tricking someone into performing certain actions, such as divulging personal or financial information. A con, in other words.

Unfortunately, financial fraud has always been a massive issue. But as we live more of our lives online, more people are becoming vulnerable to this type of fraud, and more people are losing money to it. But social engineering is an easy one to avoid, if you know the warning signs.

At Get Safe Online we've seen how social engineering scams come in all shapes and sizes ranging from the ridiculous to the nearly impossible to identify. And unfortunately people are falling for these every day. Here are the mains ones you need to be aware of:

Email scams

Scams are very common via email, so make sure you pay attention to what lands in your inbox. Fraudsters often pretend to be someone official such as a bank, online retailer, or a government agency. They’ll then ask you to share confidential private information such as your banking details or login details to your accounts. Some fraudulent emails contain an attachment which, if clicked, can lead to a virus or even spyware being downloaded on to your computer or mobile.

Social media scams

We’ve seen a big rise in people losing money through social media, and I reckon we’ll see this one grow over the next few years. You may have seen Facebook posts promising a free £50 supermarket voucher in return for clicking on a link. Just consider why a supermarket would give money away like this before you click.

Phone call scams

It's certainly not all online, in fact some of the most convincing scams come via a phone call. Typically, you’ll get a call from someone claiming to be from your bank, telling you that your account has been ‘hacked’ or taken over by an unauthorised user, and that the bank needs your OK to move your balance into a new account. In reality a bank would never ask for your details over the phone.

Another kind of phone call scam is the computer support scam. I was working at an online safety event recently, and a man told me that his computer had been locked by ransomware, asking me how this might have happened. He swore that, knowing the dangers, he hadn’t clicked on any links or attachments. It was only after probing, that he told me he’d had a call from ‘Microsoft’ a couple of weeks earlier, and the nice operative on the other end had fixed his problem. What had in fact happened, is that the caller was a scammer, who had infected his computer with the malware. Not only that, but he’d been charged as well!

Is the email threatening you to take action right now?

Typically, emails claiming to be from your bank, the DVLA or the police will tell you that there’s a problem that will result in your money or identity being put at risk, and will urge you to click through to a website to take action. This will normally involve supplying your confidential login details. Any email that asks you to take action immediately is likely to be suspect. It’s designed to make you flustered in the hope you’ll make a mistake.

Have you been promised a reward, a competition win or a tax refund?

Any email or call claiming to be giving you money should be considered with a watchful eye. Especially if they are demanding your details in order to claim it. Reveal your logins, and a fraudster has free rein to get into your bank account (and maybe other accounts if you use the same details).

Could the email have been sent to anyone?

Generic greetings like 'Dear Sir or Madam' or 'Dear valued customer' are an easy sign that this email has probably been fired off to as many email addresses as possible, rather than an email from a real person or company.

It can sometimes be tricky to identify a dodgy link. The key is to check that the domain name matches the legitimate one (which you can find through a quick google search).

Here’s an example. Let’s say you’ve got an email asking you to follow a link to reactivate your account with PayPal. How can you tell if these links are the real deal or a fake?

The trick here is to look for the first forward slash (/) after the http:// and then go back to the next two dots. What's in between those is the true domain name and tells you what site you'll be accessing if you click. You can see that actually none of these have a domain name of paypal.com or paypal.co.uk. The first may have PayPal in it, but it’s really taking you to a site ‘paypal-reactivate.com’, the second to ‘reactivate-account.com’ and the third is directing you to the even dodgier sounding ‘11982pypl.com’.

If you’re not sure about a link, type it into your browser before clicking on it so that you can see the full address.

A fake email is one of the hardest things to spot as fraudsters can get pretty cunning. Let’s try out another example. Which of these do you think could be a scam account?

  • paypal@accounts. com
  • customerservcie@santender. com

Actually, both of these addresses are probably fake. With the first one the domain name is ‘accounts.com’ so this could literally be from anyone. Always check that the correct company name comes after the @ as that will confirm who it's really coming from. The second one is easy to miss, but the giveaway here is that there are a few spelling mistakes, particularly in the name of the bank. This is another clear sign of a scam.

With scams on the rise, it's important to remain vigilant but not paranoid. To help you keep your data safe, we've launched ClearScore Protect: free dark web monitoring for all ClearScore users.

Next step: Try ClearScore Protect for free today.

Every three months, we’ll scan the dark web for your passwords to see if they have been stolen. And if we find anything, we’ll let you know, so you can change your password and protect yourself. Find out more about ClearScore Protect.


Tim Mitchell Image

Written by Tim Mitchell

Content Director at Get Safe Online

Tim works for Get Safe Online, one of the leading organisations helping people to protect themselves and their money online. He produces all their helpful content across their website. He’s always writing, researching and talking to other experts to make sure they’re always providing the best help for everyone.