Stay safe from phishing scam emails

Phishing is a method that fraudsters use to obtain personal information from you, such as usernames, passwords or bank details. They then use these for illegal purposes, for example to steal money from your account or even to clone your identity.

Typically, phishing is done by sending an email that looks like it’s from a legitimate source in order to convince you to hand over personal information. To improve your online security and avoid falling foul of phishing scam emails, we’ve put together some information on how to recognise them and what action you can take. 

How to report a phishing scam

If you have been a victim of fraud or a phishing scam email then report it.

Five things to look out for


Check the subject line

If the subject line seems unusual, requests information, offers a reward or threatens consequences, this is probably an attempted phishing scam email or spam. Ignore it unless you’re certain you know who it’s from.


Make sure the sender is trustworthy

Be suspicious of emails from unknown senders, and remember they could pose as someone from a trusted company to make it more likely that you’ll respond to their request.

Financial or government organisations don’t send unsolicited emails that request the users to open a link or attachment, or provide information. Emails like these are probably phishing attempts.


Check the greeting 

Generic greetings are a strong indication of phishing attempts. However, be aware that specific greetings don’t mean the email is safe. Attackers can find out your name or other personal information in order to create a more convincing lure, known as spear phishing.


Examine the body copy of the message

If there’s a sense of urgency in the email which requires you to ‘act now’, it’s likely to be a phishing email. If the text is badly written or has spelling mistakes, this could also be a sign. Remember – EDF Energy will never ask you to disclose your password and you should never provide personal information if requested. It could be an energy bill scam.


Don't open attachments until you know it's genuine

Be wary of instructions to open an attachment or link within the email. Only open these if you’re sure the sender and email are genuine. It’s always best to type the URL directly into the address bar. 

Top tips to stay safe

  1. Check the sender email address
  2. Never give out personal information
  3. Report the phishing scam email to the organisation it's supposedly from
  4. Don’t open attachments or click on any links from unknown sources

For more information about online security, visit Get Safe Online or contact Citizens Advice