Five ways to avoid being a victim of 'phishing'

Man-on-laptop-960As part of Get Safe Online week 2017, Police Scotland is here to provide some quick tips on how to avoid being a victim to an online phishing scam.

Kicking off on Monday 23rd October, Police Scotland is supporting this year’s Get Safe Online week focusing on the unwanted issue of ‘phishing’.

‘Phishing’ scams have resulted in many a poor victim over the years, but Police Scotland is here to help ensure you don’t fall victim!


In this article:

1. Do not click on links in emails from unknown sources

2. Do not click on attachments in emails from unknown sources

3. Any requests for personal information should be treated with caution

4. Be suspicious of any email that doesn’t use your proper name

5. An urgent request for action might not be genuine


Before we start, what is ‘phishing’?

That’s a good question, we’ll save you a Google search…

Phishing is when criminals use fake e-mails, or web links, to acquire sensitive personal information, such as passwords, usernames, or bank account details.

This is used to commit fraudulent or even criminal acts in your name.

Such emails and linked websites often appear as genuine but are designed to trick people into entering personal details to access your identity, steal from your bank account or infect your computer with a virus which can allow them to control your system.

Five simple tips ensure you don’t become another victim

1. Do not click on links in emails from unknown sources

This first point is possibly the most important one and the one we need to spell out the most!

If there’s a link in an email from an untrustworthy source you should check the real destination of the link.

You can do this by by hovering your mouse over the link (without clicking). The true destination of the link will be displayed on the bottom left of the screen in grey.

Get Safe Online graphic Ensure the web address shown on the bottom left matches what appears on the bottom bar when you hover over the link - if it doesn’t you could be taken to a phishing site.

Be aware that the safest websites to visit are those with a padlock sign on destination website address followed by a https://.

2. Do not click on attachments in emails from unknown sources

Similar to above, it’s simply not worth the risk! The attachments could be viruses or worse.


Find Out More


If you weren’t expecting an email from an organisation, always question their motives for getting in touch.

There’s a good chance it might not be genuine.

3. Any requests for personal information should be treated with caution

Be careful with what information you do give out online. If you receive an email asking for usernames, passwords or bank details then tread with caution.

Watch the above video to see how 'Scammer Nanas' phished their own grandchildren.

In 2016, many people were hoaxed through an iTunes phishing scam. 

An email was sent through from a fake Apple email address featuring a fake invoice for purchased music or an app. They would then be asked to click on a ‘Refund’ button to get this money back and then duped into providing card details on a separate website.

Scared that someone had gone shopping with their credit/debit card, thousands were conned into providing personal information. This was done in the hope they’d receive a refund, but ended in money being emptied from their bank account.

Apple has information on their own website about identifying legitimate emails from iTunes and what you should do if you are targeted.

4. Be suspicious of any email that doesn’t use your proper name

This can be one of the biggest giveaways of a scam. For example, the email starts ‘Dear Customer’, ‘Dear account holder’, or ‘Dear (your email address)'.

Pexels laptop image Any reputable company getting in touch with you will use your proper name.

5. An urgent request for action might not be genuine

A common ‘phishing’ scam is to issue a threat or put the fear into that person that if they don’t click on a link or provide certain details within a short space of time then they’ll lose money or face some other consequences.

This has people panicking and results in them falling into the trap.

If you suspect a scam, get in touch with the organisation in question and speak to their customer service (without clicking on any links in said email of course!).

If you’re concerned something is a scam, copy the text of the email and paste it into Google. There you can see if other people have had similar emails, and often the real company (which the email falsely claims to be from) will have advice on their own pages about what to do in the event of receiving this information.

If you suspect you have been the victim of online crime call Police Scotland on 101 for further advice regarding online safety and how to protect yourself visit the Keep Safe page of our website or www.getsafeonline.org/GSOWeek.

Think about the link before you click!