How to Spot a Phishing Scam: Warning Signs Every Internet User Should Know

What Is Phishing?

Phishing is a type of online scam where criminals impersonate a trusted organisation — like your bank, Royal Mail, Amazon, or even HMRC — to trick you into giving away personal information such as passwords, bank details, or credit card numbers. The name comes from "fishing" — the scammer casts a lure and waits for someone to bite.

Phishing can arrive via email, text message (sometimes called "smishing"), phone call ("vishing"), or even fake websites. It's one of the most common forms of cybercrime, and it targets people of all ages and backgrounds.

Classic Warning Signs of a Phishing Message

Learning to spot the red flags is your best defence. Here's what to look for:

1. A Sense of Urgency

Scam messages almost always try to panic you. Phrases like "Your account will be suspended in 24 hours", "Immediate action required", or "You have an unpaid fine" are designed to stop you thinking clearly and make you click without questioning.

2. Suspicious Email Addresses or Links

Always check the sender's actual email address — not just the display name. A scammer might show the name "Amazon" but the email comes from something like amazon-support@randomdomain.xyz. Hover over any links (without clicking) to see where they actually lead. If the address looks odd or doesn't match the company's real website, don't click.

3. Generic Greetings

Legitimate companies you have an account with usually address you by name. If a message says "Dear Customer", "Dear User", or "Dear Sir/Madam", treat it with suspicion.

4. Spelling and Grammar Errors

Many phishing messages contain obvious spelling mistakes, awkward phrasing, or poor grammar. Professional companies proofread their communications. A message riddled with errors is a warning sign.

5. Requests for Personal or Financial Information

No legitimate bank, government agency, or reputable company will ever ask for your full password, PIN, or banking details via email or text. If a message asks for this, it's a scam.

6. Unexpected Attachments

Be very cautious about opening attachments in unsolicited emails — even if they appear to be invoices, delivery notifications, or documents. Malicious files can install harmful software on your device.

Real-World Phishing Examples

• A text claiming your parcel couldn't be delivered and asking you to pay a small fee via a link.
• An email saying your Netflix payment failed, with a link to "update your billing details."
• A message claiming you owe a tax refund and need to "verify your identity" with your bank details.
• A fake Apple or Microsoft alert saying your account has been compromised and you must log in immediately.

What to Do If You Receive a Suspicious Message

1. Don't click any links or download attachments.
2. Don't reply to the message.
3. If you're unsure, go directly to the company's official website by typing the address yourself, or call them using a number from their official site.
4. Report phishing emails to your email provider (most have a "Report Spam" or "Report Phishing" button).
5. In the UK, you can forward suspicious texts to 7726 and emails to report@phishing.gov.uk.

If You've Already Clicked — Act Fast

If you think you've fallen for a phishing scam, don't panic — but act quickly. Change your passwords immediately, contact your bank if any financial information was shared, and run a security scan on your device. Reporting it to Action Fraud (UK) or the FTC (US) also helps protect others.

Stay Sceptical, Stay Safe

The best defence against phishing is a healthy dose of scepticism. If something feels urgent, unexpected, or too good to be true — pause before you act. Taking 30 seconds to question a message can save you a great deal of trouble.