Skip to content
Back to Security Center

Recognising Phishing Emails and Messages

What Is Phishing?

Phishing is a type of social engineering attack where criminals send fraudulent messages designed to trick you into revealing sensitive information. These messages typically impersonate trusted organisations, such as your bank, a delivery company, a government agency, or a platform like KF.Social. The goal is to make you click a malicious link, download an infected attachment, or enter your login credentials on a fake website.

Phishing is not limited to email. Attackers also use text messages (known as smishing), phone calls (vishing), and social media direct messages to reach their targets.

Red Flags: How to Spot a Phishing Message

While phishing messages are becoming increasingly sophisticated, most share common characteristics that you can learn to recognise:

  • Urgency and pressure: Messages that demand immediate action, such as "Your account will be closed in 24 hours" or "Unusual login detected, verify now", are designed to make you act before you think.
  • Suspicious sender address: Always check the full sender email address, not just the display name. A message claiming to be from KF.Social but sent from "support@kf-social-verify.com" is fraudulent. Legitimate emails from KF.Social come from our official domain only.
  • Generic greetings: Phishing messages often use "Dear Customer" or "Dear User" instead of your actual name.
  • Spelling and grammar errors: Many phishing emails contain awkward phrasing, misspellings, or grammatical mistakes that a legitimate organisation would not make.
  • Suspicious links: Hover over any link before clicking it. If the URL does not match the organisation's official website, do not click it. Look for subtle misspellings like "kf-socail.com" instead of "kf.social".
  • Unexpected attachments: Be extremely cautious with attachments you were not expecting, especially ZIP files, executables, or documents prompting you to enable macros.
  • Requests for sensitive information: Legitimate organisations will never ask you to send your password, PIN, or full bank details via email or message.

Examples of Common Phishing Tactics

Understanding real-world examples makes it easier to spot phishing in practice:

  • The fake invoice: An email claiming you owe money for a purchase you never made, with an attachment labelled "invoice" that contains malware.
  • The account verification scam: A message stating your account needs to be verified urgently, linking to a replica login page that captures your credentials.
  • The delivery notification: A text message claiming a parcel could not be delivered, asking you to click a link and pay a small fee to rearrange delivery.
  • The prize or refund: A message telling you that you have won a prize or are owed a tax refund, requesting your bank details to process the payment.

What to Do If You Receive a Suspicious Message

  1. Do not click any links or download any attachments.
  2. Do not reply to the message or provide any personal information.
  3. Verify independently: If the message claims to be from a specific organisation, contact them directly using the official contact details on their website, not the contact information in the suspicious message.
  4. Report it: Forward suspicious emails to report@phishing.gov.uk, the NCSC's suspicious email reporting service. You can also report phishing to Action Fraud.
  5. Delete the message after reporting it.

What to Do If You Already Clicked

If you have already clicked a phishing link or entered your details on a suspicious website, act quickly:

  1. Change the password for the affected account immediately.
  2. Enable two-factor authentication if you have not already done so.
  3. Check your account for any unauthorised changes, messages, or transactions.
  4. Run a full antivirus scan on your device.
  5. Monitor your financial accounts for unusual activity.
  6. Report the incident to Action Fraud and notify the platform involved.

Staying Protected

The most effective defence against phishing is awareness. Take a moment to scrutinise any message that asks you to take urgent action or provide sensitive information. The NCSC's phishing guidance offers further practical advice on identifying and reporting phishing attempts. Remember: if something feels wrong, trust your instincts and verify before you act.

Common Online Scams and How to Spot Them

Online scams are constantly evolving, but the tactics behind them follow recognisable patterns. Understanding these patterns is your best defence.

Read article

Safe Browsing Habits for Social and Marketplace Users

Safe browsing habits protect your personal data and financial information when using social platforms and online marketplaces.

Read article

What to Do If Your Account Is Compromised

If you suspect your account has been compromised, acting quickly is critical. Follow these steps to regain control and protect your data.

Read article
Back to Security Center