What is phishing and what can you do about it?


If you’ve ever received an email that you thought was legitimate but turned out to be a scam, then you’ve been a victim of phishing. Phishing is when fraudsters send an email that looks like it comes from a genuine organisation, such as your bank, that usually takes the form of an urgent request for your details.

Seemingly authentic and believable, many fall into the trap of providing their personal information, which scammers then use to steal money from their accounts. Recognising phishing emails and scams is an essential part of staying safe online, which we want to help you do.

How to spot a phishing email

It can often be hard to tell a phishing email from a legitimate message, but there are signs that can help you spot a phishing scam. Next time you receive an email that you’re unsure of, have a look at some of these clues before disclosing any information about yourself.

Examine the sender’s email address

A quick way to determine whether an email is legitimate or not is to look at the sender’s email address. Often, the address will contain an odd combination of words or numbers that make it look shifty. If in doubt, give the company a call to check whether the email is genuine.

It is not personal

Another big giveaway of a phishing email is its lack of personalisation. An authentic email from a real company would normally address its customers by name; scammers are unlikely to know your name, so they will start their email with a generic greeting, such as ‘Dear customer’.

Check the URL

Most phishing emails will want you to click on a link, where you can then enter your personal details. Immediately, this should ring an alarm bell as genuine brands will never ask you to supply information via an email link. If you’re still unsure whether to click the link or not, look at the URL itself – if the hyperlinked address is different from the address displayed in the email, it is probably malicious.

Spot the mistakes

Scammers aren’t interested in spelling or grammar, so they often make careless mistakes in their emails. Before an authentic company sends an email to its customers, it is usually rigorously reviewed, so mistakes are rare. If you spot more than one error, you should treat the email with caution.

The message is threatening

Phishing email scams tend to put pressure on you to act quickly, which authentic companies are unlikely to do in such an aggressive way. They may use intimidation to scare victims into disclosing their personal information or make unrealistic threats, for instance that they will close your bank account if you do not respond.

The offer is too good to be true

On the other hand, if the message contains bold claims that seem too good to be true, they probably are. It’s often wise to trust your instincts when it comes to emails that just don’t seem right. If a message looks suspicious, it usually is.

What to do if you receive a phishing email

If you receive a phishing email, the best thing you can do is mark it as spam and delete it immediately – you may not even have to open the message to know it is fraudulent. Never respond to a spam email, as this will confirm to the fraudsters that your email address is active and may facilitate more malicious messages.

If you have your suspicions that the email is fake, then don’t click on any hyperlinks either – even an unsubscribe option could be harmful, so don’t take the risk.

How to report a phishing email

You can go a step further and report nuisance phishing emails to a variety of organisations, such as Action Fraud or HMRC. You can find full details on how to avoid and report internet scams and phishing on the Government’s website.

If you have received a phishing email claiming to be from Tesco Mobile, we encourage you to forward it immediately to phishing@uk.tesco.com. We are committed to keeping our customers safe and will endeavour to investigate any fraudulent case we receive. You can also visit the Tesco Privacy Centre for more information on how to protect yourself from email scams.