Phishing can take many forms including text messages, social media, phone calls, but is mainly used to describe an attack that arrives by email. These emails can also contain viruses that are activated when you open the genuine looking attachment. 

Unfortunately, criminals have become very sophisticated in their attacks and emails are looking increasingly genuine. Common phishing emails include Amazon, HMRC, NCP Parking and PayPal.

Things to look out for when considering if an email is ‘phishing’

• Is the email addressed to you or ‘friend’, ‘colleague’, ‘customer’? This can mean that the sender doesn’t actually know you
• Is your name spelt correctly?
• Does the sender's email look genuine? Again is it spelt correctly? If it appears to come from the business global address list, does the address actually exist? For example have you received an email from helpdesk@company.com but your company actually uses servicedesk@company.com 
• Thinking about your accounts, is the email address you received your Amazon (or other company) email actually the email address associated with the account? Another thought is that you are unlikely to have used your business email address to register with HMRC.
• Does the quality of the email as you would expect from the company?
• Are there any spelling or grammar mistakes in the email? Be weary of words such as ‘click here immediately’, ‘you have been a victim of a crime’, ‘send these details within 24 hours’
• Are you being asked to supply bank details? Note that your bank or any other official source would never ask you for any personal information over email. If in any doubt call them to check directly. 
• If you hover over the link, does it look like it is going to take you to the place you expect?
• Lastly, remember if it sounds too good to be true, it probably is. 

What to do if you have already clicked

If you have clicked on a suspicious link or opened a suspect attachment: 

• Delete the email
• Run a full antivirus scan on your computer and check any other instructions given from it.
• It is strongly advised that you change your email password and any other important passwords to ensure your personal information is protected.

If you have received an email that looks suspicious from someone you know:

• Delete the email
• Advise the sender that their account may have been compromised

Always sync a backup of your important data on a personal cloud storage service like OneDrive, iCloud or Google Drive.

If you have lost any money, you need to report it as a crime to Action Fraud, this can be done by going to the Action Fraud website www.actionfraud.police.uk

For further information you can visit the National Cyber Security Centre, www.ncsc.gov.uk