Spotting fake emails and texts: could you be socially engineered?

What is social engineering?

Your personal and financial information is extremely valuable to criminals. Getting their hands on your name, address, telephone number, bank account details and card details allows them to steal your identity and your money.

Criminals use ‘social engineering’ techniques to gain your trust and deceive and manipulate you into giving them your confidential and personal information.

Why do criminals send fake messages?

A common social engineering tactic is to send fake emails (phishing) and text messages (smishing) that look very genuine. They may pose as genuine companies, such as your bank, a delivery company, a utilities company or a government agency.

Fake messages often include links and telephone numbers, designed to capture your information, either by getting you to enter it into a fake website or leading you to call the criminal directly. The information they get may be enough to steal your identity or your money, but all a criminal needs is your name and phone number, which makes it much easier to try an impersonation scam.

They may then pose as someone from an organisation, or as someone you know, over the phone or through more fake messages. They will sound more convincing as they already know something about you. They may try to pressure you into giving them more of your information or sending them money.

What do fake messages look like?

The messages are designed to trick you into doing something, such as clicking on links, opening attachments or responding with sensitive information, such as your bank account and card details.

You may have already seen fake messages as they’re sent to many people. For example, in the summer of 2021 alone, 45 million people in the UK received a fake message. They often urge you to do things such as:

• Complete this form
• Sign up
• Verify your security or login
• Call us
• Pay now
• Cancel your subscription.

Fake messages can be sophisticated and designed to look very similar to a genuine message from the company they’re impersonating. They often copy the language and format that the genuine company uses.

To help give you an idea of they look like, we’ve gathered some examples of fake messages.

How can I spot fake messages?

Remember to look out for these signs of a fake message:

• It doesn’t use your name – scammers often don’t know your full name to begin with, so they may address you as something generic such as ‘customer’, ‘sir’ or ‘madam’, or use the first part of your email address, or they may not include a greeting at all
• It contains spelling mistakes or lots of emojis or symbols – scammers sometimes use these to try to get past automatic scam message detection
• It includes a link to a website which doesn’t look right – search for the company online and check whether the link in the message matches the company’s web address.

And remember this important advice to protect yourself and keep your information safe:

• Be vigilant and suspicious of any unexpected contact
• If you’ve received a message claiming to be from a genuine company you know but you’re not sure if the message is genuine, call the company directly using a trusted number from their website
• Don’t automatically respond to messages or use the telephone numbers in messages, as this could lead you straight to a criminal
• Avoid clicking on links, especially if they’re leading you to sign in, pay something or complete forms
• Never share your personal and financial information through email, especially your bank account or security information
• Don’t panic or be pressured if you receive a threatening email – stop and think before reacting
• Use anti-virus software and update it when prompted – this will help protect you, especially if you do visit a fake website.

Where can I learn more about how to keep safe online?

If you’d like to learn more about how to protect yourself from cybercrime, we’ve put together some interactive activities to help you improve your cyber security awareness.

Take Five is a national campaign that offers straightforward and impartial advice to help everyone protect themselves from fraud. Visit: takefive-stopfraud.org.uk for more information.