Phishing
If you’ve experienced phishing, read our advice and learn how to get support. You can also report it to us online, by phone, or in person
What phishing is
Phishing is a kind of scam where someone pretends to be a person or organisation you trust. They try to convince you to share your personal information with them. Then they use this information to commit fraud.
Types of phishing
Scammers may send phishing messages using:
- text or messaging apps
- QR codes
- social media
Email phishing
Lots of phishing attempts happen through email.
The sender will pretend to be a trusted organisation or person. They might try to make you send personal information or click on a link to a harmful website.
Text message phishing
Text message phishing is sometimes called SMS phishing or “smishing”. It’s when someone sends fake messages to your phone.
They might try to get you to:
- send money or vouchers
- give information
- visit a harmful website
A common example is the “Hi Mum” Whatsapp scam. This is where a scammer pretends to be your child, saying they’ve lost their phone and that they’re locked out of their bank account. They’ll usually say they need money to pay for rent, a new phone, or similar.
QR code phishing
QR code phishing is sometimes called "quishing". It’s a kind of QR code scam. This is when a scammer will send or share a QR code that links to a harmful website.
Sometimes a scammer will put a fake QR code on a real display or poster. For example, a fake QR code sticker leading to a fake payment website may be put on a real car parking poster, covering the real QR code.
These websites are often used to steal personal information, data, or money. They can have other threats such as spyware.
Social media phishing
Social media phishing is when a scammer sends a link in a social media post or message that leads to a harmful website.
These websites are often used to steal personal information, data, or money, but could have other threats such as spyware.
Read advice from Get Safe Online for more information on social media phishing and how to protect yourself.
How to report a phishing
If you want to tell us about a phishing, you can report it online, by phone, or in person.
Report it using our online form
Learn about other ways you can report a crime to us
As well as reporting to us, you can report phishing emails to the National Cyber Security Centre by forwarding them to report@phishing.gov.uk
What to do if phishing happens
If you suspect a phishing attempt, you should follow advice from the National Cyber Security Centre.
Get support from other organisations
You can get support from other organisations:
- Stop! Think Fraud is the UK government’s fraud advice service
- Take Five for tools and advice on how to avoid scams and fraud and what to do if it happens
- Cyber and Fraud Centre Scotland for advice and tools to protect yourself from fraud
- Cyber and Fraud Hub for advice, self-help tools like scam checkers, and a scam response hotline (phone: 0808 281 3580)
- National Cyber Security Centre (NCSC) has tools and advice to help you stay safe online
- Cyber Scotland to report cybercrime and get advice on how to protect yourself or an organisation from cybercrime
- Get Safe Online for advice on how to protect yourself online
Ways to prevent phishing
To help prevent phishing, you can:
- read advice on making strong passwords from the National Cyber Security Centre
- never reuse passwords for different accounts
- avoid opening suspicious emails or messages
- avoid clicking on unknown and untrusted links
- not respond to any suspicious emails or messages
- block the sender
If you see phishing when at work you can:
- tell your IT department
- report it to the National Cyber Security Centre