Phishing is a play on the word “fishing”. It is when a cyber-criminal contacts you out of the blue and convinces you to hand over your personal information or money or gets you to download a virus that infects your computer. Phishing usually happens over email, but can also happen through text, instant messaging, social media or phone calls.

It is becoming increasingly common as fraudsters come up with new tricks to try and steal your personal information and bank details. In some cases, the emails have malicious software attached which can infect your computer, tablet or mobile with a virus. Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomware threatens to take action on your computer, such as deleting files, unless you pay a ransom. If you suspect an email might be from a scammer do not click on any links or download any attachments featured in the scam email, as these may download a computer virus onto your computer. Make sure you stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection if you have unknowingly downloaded an attachment.

Scammers will often pretend to be from legitimate and trustworthy companies offering great deals and enticing you to click on the deal.

Online learning link: Quiz Activity from Card.

Checklist

Check the ‘from’ address to see where it is sent from
To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.

Is the greeting impersonal?

Scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do. Sometimes scam emails will just say “Hi” and not include your name, other times your email address will be used after “Hi”. This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.

Check contact information

To see where a web link goes to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.

**Please note that if you are checking a link on a phone or tablet this will be different. On some phones and tablets, you can check by a long press on the link which will bring up a box asking whether you want to open the link.**

Check branding

Checking branding and keeping an eye on the quality of branded logos, etc., in the email can strongly indicate if the email is a scam. Is the branding on the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.

Asking for personal or bank details?

If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely to be a scam. Personal information includes things like your National Insurance number, your credit card number, PIN number, or credit card security code, your mother’s maiden name or any other security answers you may have entered. Most companies will never ask for personal information to be supplied via email.

Poor spelling, grammar and presentation?

Watch out for these tell-tale signs: poor spelling and grammar, lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.
Trying hard to be ‘official’?

Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.

Trying to rush you?

Time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.

If the message is alerting you to look at something linked to an account you have with the company, organisation or retailer, you should log in separately to your account in a new tab or window. It’s better to miss out on a genuine deal than risk compromising your personal details or money.

Check with real company, brand or department

If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their ‘contact us’ page.

Do not contact them on any email address, website, or phone number they have provided.

Look for a padlock

Most browsers show a green padlock next to the website’s URL – this is a handy way to see if a website is trusted.

But this step should only be used in tandem with other checks, just in case.

Reporting Scams

As a trusted source in the communities you work in, learners, young people or members of community groups may seek your advice on what steps to take or for support on how to report scams. Working out a plan to be more cyber secure and add to an individual learning plan together could be a good way to skill up people on what to do when they have been a victim of a scam. Below is a range tips, sources and other agencies that provide additional support in dealing with cybercrime.

Advice and support on dealing with a cyber security issues.

If you’ve spotted a scam email or phishing email, the first step will be to report it to the internet service provider (ISP) that was used to send you the email.

If the scam email came from a Yahoo! account, send it to abuse@yahoo.com. Gmail has a ‘Report spam’ button and Hotmail has a ‘Report phishing’ button.

Once you report the scam email, the ISP can then close the account that sent the email.

Report it to the company

If you’re the victim of a mimicking scam online, where fraudsters pretend to be from a genuine company, it’s also worth contacting the company that has been mimicked.

Whether it’s a bank, government department or other company cited in the email, if you notify the company they can take steps to warn other people about the scam.

Often companies will warn their customers of mimicking scams by putting notices on their websites, explaining the steps people can take to prevent others falling victim to the same scam.

If you’ve been the victim of a phishing email scam and had money taken from your account, you may also want to report it to the bank.

Report internet fraud to Police Action Fraud

All reports of fraud and any other financial crime should be reported to Police Scotland via 101 without delay.

“Reporting incidents assists Police Scotland in tackling fraud and enables them to identify areas of concern and patterns of behaviour. The information you provide is valuable and could lead to the prosecution of offenders and to ensuring the safety of the public. They will record all information you provide and appropriate action will be taken.”

Find out more on the Police Scotland website.

Take Five is a national campaign led by UK Finance which offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud.

Stop scam mail

The Mailing Preference Service (MPS) allows you to have your name and address removed from mailing lists.
To register for the free service, call 0845 703 4599 or visit the website.

Speak to Citizens Advice

If you report a scam to your local Citizens Advice Bureau, they may be able to offer you advice.

You may also be giving them vital information which they can pass on to Trading Standards to help stop other people from becoming victims of the same scam.

Scams are criminal offences under the Fraud Act. This means that trading standards officers can take criminal action against the scammers.

Find out more on the Citizens Advice website.

Emotional support after a scam

Being scammed can take a huge toll on your emotional wellbeing and mental health. It’s often helpful to speak to someone about what you’re going through. This can be anything from a one-off scam to something which entangles you for months, every scam has an impact on your life no matter its size.

As practitioners, we can give a lot of support, but learners and community members may also want to contact other sources of help:
Victim Support Scotland has a free helpline where you can speak to someone confidentially. This can be a one-off call or they can refer you to local services for on-going support.

This service is free and run by Victim Support Scotland which is an independent charity.

Calling them for free on 0800 160 1985

Requesting online support

Contacting your local Victim Support team

Online information resources

Phishing Quiz – can you spot when you’re being phished?

Cyber Resilience Advice and Support from the Scottish Government

Cyber Resilience blog from National Cyber Security Centre: Nothing to sneeze at

National Cyber Security Centre’s Top Tips for Staying Secure Online

Take 5: Stop Fraud campaign

Which?’s guide on How to spot a scam

Find resources that you can use in your youth work. Key digital youth work resources explore how to use passwords, avoiding phishing and scams, and developing good practices around social media.

The resources were developed by YouthLink Scotland in partnership with: Midlothian Council, Police Scotland, The Prince’s Trust Scotland, Learning Link Scotland, Young Scot, Carnegie UK Trust, North Ayrshire Council, Lead Scotland, Scottish Community Development Centre. CLD Standards Council.

In October 2021, YouthLink Scotland became members of the CyberScotland Partnership, alongside existing members including Scottish Government and Police Scotland. The Cyber Scotland website is full of useful information about how to improve your organisations’ Cyber security.Find out more about the CyberScotland Partnership.

Note: In longer-form content with a navigation bar on the left-hand side, when creating a custom listing (see below) you’ll need to use the ‘Vertical’ layout, as the ‘Horizontal’ one will become squished.

Vitae nunc sed velit dignissim sodales ut eu sem integer. Sed vulputate mi sit amet mauris commodo quis. Diam maecenas sed enim ut sem viverra aliquet. Platea dictumst quisque sagittis purus sit amet. Etiam tempor orci eu lobortis elementum nibh tellus molestie nunc. Nulla facilisi nullam vehicula ipsum a. Sit amet purus gravida quis blandit turpis cursus in.

In hac habitasse platea dictumst vestibulum rhoncus est pellentesque. Scelerisque eu ultrices vitae auctor eu augue ut lectus arcu. Lobortis elementum nibh tellus molestie nunc. Id interdum velit laoreet id donec ultrices tincidunt arcu non.

Eget gravida cum sociis natoque penatibus et magnis dis. Imperdiet sed euismod nisi porta lorem. Quis blandit turpis cursus in hac habitasse platea dictumst quisque. Vitae nunc sed velit dignissim sodales ut eu sem integer. Sed vulputate mi sit amet mauris commodo quis. Diam maecenas sed enim ut sem viverra aliquet