Actions to take if you have been the victim of a scam or shared personal information such as passwords or bank details.
Scammers might reach out to you through email, text, phone calls, or social media, often pretending to be a trusted individual or organisation.
If you have unknowingly shared personal information with a scammer, it's crucial to take quick steps to protect yourself.
| Situation | Action |
| You have provided your bank details | Contact your bank as soon as you can to let them know |
| You think your account has been hacked | You might have noticed strange activity from your accounts or have been locked out. Look at our guidance on recovering a hacked account. |
| You notice strange activity or received a message on your work device | Report this to your IT Team if you have one, if not report to a Senior Manager. |
| You clicked on a scam link and have accidentally downloaded a virus onto your device | If you have anti-virus software open it and run a full scan. Contact your IT Team if you have one, if not report to a Senior Manager. |
| You have accidentally shared your password with scammers | Change the password on any accounts that share the same password. Read our guidance on passwords. |
| You have lost money | Report this to your bank and Action Fraud. |
How to spot a phishing attempt and how to report it
How to identify and report a phishing attempt.
Spotting online scams
Scammers might reach out to you through email, text, phone calls, or social media, often pretending to be a trusted individual or organisation.
In the past, spotting a scam was easier. The scam message may have contained poor spelling or grammar, strange email addresses, or strange designs. However, Scammers are getting smarter and creating more sophisticated messages, some of which fool even the experts.
Scammers have now started to use QR codes to trick you into visiting a scam website. While QR codes are generally safe for use in places such as restaurants, it is crucial that you be cautious about scanning QR codes in emails.
How to spot a scam message or call
Scammers try to gain your trust. They try pressure you into acting without thinking.
If you think a message or call is suspicious, stop the contact. Scams often use the following signs;
- Authority: Does the message claim to be from an official source? E.g. your bank. It is common for scammers to pretend to be someone they are not to try and trick you into doing something they want such as give bank details or passwords.
- Urgency: Does the message tell you that you have a limited time to respond? Such as ‘immediately’ or ‘within 24 hours’? Scammers will often try to threaten you with consequences of not doing what the message asks. For example shutting down your account if you do not ‘update’ your password within a set time frame.
- Emotion: Do you feel panic, fear, hope, or curiosity when you receive a message? Scammers tend to use intimidating language, create false support claims, or entice you to seek further information through manipulation.
- Scarcity: Does the message offer something that is scare or hard to get a hold off (Such as concert tickets). The fear of missing out on an offer that seems to good to be true can make you respond quickly.
- Current Events: Are you expecting this message? Scammers often take advantage of current new stories, major events, or specific times of the year (such as tax reporting period) to make the scams more relevant.
How to check if the message you received is genuine
If you have any doubts about a message, reach out to the organisation directly. Avoid using the contact information provided in the message; instead, use the details on their official website.
Keep in mind that your bank (or any other official organisation) will never request personal information via email or phone to verify your bank account details. If you suspect someone may be impersonating an official, hang up the call and contact the organisation directly. Look for official contact information on paper statements or contact information from their official website.