Cyber security

What is phishing?

Phishing is a form of social engineering where the primary aim of the attacker is to trick someone into disclosing information or installing malware or viruses on their device. There are many different types of phishing, but usually the main way these attacks are carried out is via email.

How to spot a phishing email 📧

1. Were you expecting the email? Criminals often exploit current news stories, big events, or specific times of year to make their scam seem more relevant to you.
2. Check that the sender’s name and email address look right. For example, government addresses end with .gov.uk.
3. Hover your mouse over any links to check the address is valid and as expected. You can also search (for example, via Google) the sender’s name and/or company to further check the legitimacy of the email and sender.
4. Look for poor spelling or grammar.
5. Is the email urgent? Cyber criminals often try to create a sense of urgency, threaten you with time limits, fines, or other negative consequences.
6. Is the message offering something in short supply? Some criminals rely on FOMO, the fear of missing out on a good deal or opportunity, which can make you respond quickly.

What to do if you receive one

• If the email looks as though it has come from a GCC email address, like our recent cyber incident, please report via our security and data protection breach webpage.
• If the email looks like it is from elsewhere, report it by forwarding it to report@phishing.gov.uk and the National Cyber Security Centre (NCSC) will investigate it.

Remember:

• Do not click on any links in the email and never disclose personal details such as your username and password.
• Once reported, delete the phishing email from your inbox and deleted items folder.