Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Scammers use a range of methods to target individuals, whilst scams range in sophistication there can be a number of tell-tale signs the communication(s) isn't legitimate.

Scam messages or calls

Key to a successful scam is trust: cyber criminals will look to try and quickly gain your trust through a number of ways. In building a level of trust they can pressure you to act as you usually wouldn't or without thinking.

If a message or call makes you suspicious, stop, don’t reply, and consider the language it uses. Scams often feature one or more of these tell-tale signs:

Authority

Is the message claiming to be from someone official, for example, your bank, doctor, or a government department? Criminals will often pretend to be figures of authority that you may deal with on an occasional basis. Ask yourself, why are they contacting me? Are they contacting me in the way that I would usually expect?

Urgency

Are you told that you have a limited time by which to respond, such as 'within 24 hours' or 'immediately'? Criminals often threaten you with fines or other negative consequences, making you rush into decisions and act more impulsively.

Emotion

Criminals exploit our emotions and use them against us, this could be through using language that makes us feel hopeful, fearful or panicked. Often criminals will impersonate a loved one, and manipulate already-established emotions to build trust quickly.

However, sometimes scammers often use threatening language, they may make false claims of support, or tease you into wanting to find out more.

Current events

The time of year or world events can be a good way to grab your attention and add a layer of authenticity to a message. For example, at Christmas you'd expect to receive offers and adverts from multiple sources; this is where criminals can insert their malicious message and make you act against your own best interest. 

Scarcity

Is the message offering something that is in short supply like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or an opportunity can make you respond impulsively’

Other markers of a scam

Scams have got more sophisticated just as people have become more digitally-savvy. However, there are still a number of markers we see at OCSIA that can easily give a scam away.

Language and Grammar

Scammers are often based in other countries where they can remain undetected and hide from law enforcement. But this also means that English is not a first language, and communications from offshore scammers can often contain basic grammar or spelling errors. Ask yourself would PayPal send you an email with three spelling mistakes?

Location Specificity 

Part of scammers being based offshore means some scams will be targeted globally and fail to factor in country specific information. For example, a suspicious email we often see at OCSIA involves GeekSquad, a North American based tech support business. The email will often display a product subscription that a victim may not be expecting and instructions on how to cancel (that will eventually involve sensitive information being given by the victim). Would a company operating only within North America really have any business with you? 

Expected Messages

Ordered a parcel and received a text asking for payment from a courier? The reality is there are over 14 million parcels delivered in the UK daily. At some point a smishing/phishing scam is likely to target you at a time when you would expect to see a similar message. It's therefore important to question the messages that you receive from a source you've had no prior experience in engaging with. 

How to check if a message is genuine

If you have any doubts about a message, contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website.

Remember, your bank (or any other official organisation) will never ask you to supply personal information by email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.