Home Fraud prevention – protecting yourself from phishing scams

Fraud prevention – protecting yourself from phishing scams

Posted by on January 23rd, 2025.

Your safety and the security of your money is our highest priority, and we implement stringent safeguarding measures to protect all our customers. However, it’s also important for you to take steps to shield yourself from fraud.

To assist you in identifying potential scams and staying secure, we are publishing a series of articles focused on fraud protection. This article specifically addresses phishing scams.

What are phishing scams?

Phishing scams are a form of cyberattack where fraudsters pose as trustworthy entities to deceive individuals into sharing personal information.

The primary aim of phishing is to steal sensitive data, gain unauthorised access to accounts, or conduct other malicious activities.

While phishing attempts can occur via texts, phone calls, and social media messages, research from Ofcom, the UK’s communications regulator, reveals that most phishing attempts are carried out through email. In fact, up to 25% of UK adults receive suspicious emails on a daily basis.

As technology advances, phishing scams are becoming increasingly sophisticated. Scammers often exploit emotional triggers, such as urgency or curiosity, to manipulate victims into taking actions that compromise their security.

With more of our personal and professional lives moving online, it’s important to strengthen your security measures and recognise the red flags and common tactics used in phishing scams to avoid falling victim.

An example of phishing fraud

Phishing scams can take many forms. Below is an example of a common email phishing scam.

Sarah received an email from [email protected], claiming that a password reset request had been made for her Lloyds bank account. The email stated:

‘If you did not request a password reset, please click the link below to log in and secure your account immediately to prevent unauthorised access.’

Concerned that her account might be compromised, Sarah felt pressured to act quickly. She clicked the link, believing it was a legitimate message from Lloyds customer support.

She was redirected to a website that looked exactly like Lloyds Bank’s official site. However, the domain name, ‘banklloydsonline.com,’ was slightly different.

The page asked for her current and new passwords, which Sarah entered. Unbeknownst to her, the scammer captured her credentials and gained access to her bank account and other secured areas.

Five tips on how to protect yourself

  1. Be wary of unsolicited messages

Approach unexpected emails or texts with scepticism, especially if they request sensitive information. Fraudsters often use email to trick people into revealing personal details.

Look for signs of illegitimacy, such as spelling errors or poor grammar. Be especially wary of messages that create a sense of urgency, as these are designed to pressure you into acting without thinking. Genuine communications rarely require such immediate action.

  • Verify the sender’s contact details

Always check the sender’s contact details carefully, especially if the message requests personal information or a password change.

Phishers often use email addresses that closely resemble legitimate ones but with subtle differences, such as misspellings or slight variations. If the sender’s address doesn’t match the official domain of the organisation, proceed with caution.

  • Hover over links before clicking

When you encounter links in suspicious emails, hover your mouse over them to preview the actual destination URL.

Avoid clicking on links in emails if the URL looks suspicious or doesn’t match the official address of the organisation.

  • Use Two-Factor Authentication (2FA)

Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second verification step, such as a one-time code sent to your phone, in addition to your password.

  • Verify requests for sensitive information

Legitimate organisations rarely ask you to provide sensitive information, such as passwords or bank details, via email. If you’re unsure, contact the organisation directly using official contact information from their website, rather than the details provided in the message.

Additionally, stay informed about evolving phishing tactics and keep your computer’s software, antivirus programs, and security settings up to date. Practising good online hygiene and staying vigilant are key to protecting your personal data and cybersecurity.

If someone targets you

If you suspect that you’ve been targeted or have fallen victim to a phishing scam, it’s crucial to act immediately.

If money has been lost, report the incident to Action Fraud by calling 0300 123 2040 or using their online reporting tool. You can also report the fraud to the Financial Conduct Authority (FCA).

Next, contact your bank immediately to alert them to what has happened.

You can report suspicious text messages and WhatsApp messages to Ofcom’s scam reporting service by forwarding them to 7726. For suspicious calls, text the word ‘call’ followed by the suspicious number to 7726.

Suspected scam emails can be forwarded to [email protected], while suspicious websites should be reported to the National Cyber Security Centre (NCSC).

If you’ve been a victim of phishing, organisations like Victim Support offer free specialist help and resources.

More information on phishing scams

For more information on how to detect and protect yourself from phishing fscams, visit the CIFAS and Action Fraud websites, which both offer plenty of useful resources and guidance.

If you’ve been a victim of phishing, organisations like Victim Support offer free specialist help and resources.

Finally, if you’re worried that your TorFX account may be at risk, contact us as soon as possible and we’ll be happy to help. You can also download our app, or use our online platform, to keep an eye on your transfers.

© TorFX. Unauthorised copying or re-wording of this blog content is prohibited. The copyright of this content is owned by Tor Currency Exchange Ltd. Any unauthorised copying or re-wording will constitute an infringement of copyright.