Cifas Homepage
NewsroomCareersContact Us


7 June 2019

Don't take the bait

Has Microsoft ever called? Nigerian Prince ever emailed? Those are just a couple of popular phishing attacks that are still being used amongst fraudsters world wide.  Being aware of what a phishing scam looks like has become more important than ever. Don't take the bait! 

With National Fish and Chip Day on 7th June 2019,  police forces across the UK, Government departments and industry partners are all working together to deliver a national campaign on how people can protect themselves from fraudulent phishing attempts. Cifas is proud to be a participating partner of the campaign, continuing to spread awareness of the dangers of phishing.

What is phishing and how does it work?

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way - people open the doors to their personal data, giving up login details, passwords or even payment details to malicious e-mails, links or websites designed to look like they’re authentic. That information can then be used to commit fraud and cybercrime.

Holy Mackerel - Phishing is a huge problem.

Phishing attacks are a common security challenge that both individuals and companies across the UK face on a regular basis. Verizon’s 2018 ‘Data Breach Investigations Report’ showed that more than 90% of all malware is still delivered to victims via email. Between April 2018 and March 2019, social media and email account compromises were the most reported form of cybercrime to Action Fraud with victims losing a combined total of £19m – City of London Police analysis shows that phishing emails were a common enabler for these compromises.

Cifas released a full report in 2018, Wolves of the Internet: Where do fraudsters hunt for data online? The report highlighted phishing as a common tactic used by fraudsters, and may account for 35% of victims of impersonation who have not been compromised through social media or data breaches. As well as ‘kits’ that are sold on the dark web which replicate well known banking and government brands, phishing also occurs on social media in the form of encouraging individuals to ‘share’ a phishing scam post in the hope of winning a prize. This tactic is supported by recent research that shows that scams offering a ‘reward’ to an individual, such as a prize or refund, rather than threatening them with restriction of access to a service, have a greater chance of success. This is because threatening scams are more likely to trigger a defensive response from the victim and be rejected.

Anyone can take the bait…

Our friends over at Get Safe Online recently ran a campaign to prove that anyone can get phished, not just the 55+ demographic. Their campaign trained a group of five nanas, dubbed the ‘Scammer Nanas’, to ‘phish’ their grandchildren. Without exception, the nanas expressed surprise when they were shown how easy it is to perpetrate a phishing attack, and their grandchildren were equally taken aback when they realised that their trusted and beloved nanas were behind it.

Evidence from the report revealed just 40% of under 25s say they ‘carefully read and re-read all emails’, in contrast with two thirds (69%) of 55+ year olds who scrupulously check all online communication.

Interestingly enough, their report also showed that three times as many 18-24 year-olds than over 55s have stopped using social media or emails as a result of phishing.

Always Take Five and #mulletover Your money depends on it.

Some of the most reported scams to Action Fraud start with an unsolicited text, email or call. From emails and text messages asking you to “verify” account details to cold callers claiming to be from your bank, the goal of a phishing attack is usually the same, to trick you into revealing personal and financial information.

Criminals are constantly evolving the tactics they use to carry out these phishing attacks, which is why it’s sometimes difficult for people to know what to look out for.  We’ve got some simple advice that can help you protect yourself from most phishing attacks:

  • Don’t click on the links or attachments in suspicious emails.
  • Never respond to unsolicited messages and calls that ask for your personal or financial details.
  • If you think the communication might be genuine, then contact the company directly using contact details you know to be correct, such as the phone number on official correspondence, and not the contact information provided in the message.

For more simple tips on how to protect yourself online, visit If you have been a victim of fraud or cybercrime, report it to Action Fraud at

Posted by: Hayley Shelton

Hayley is a Cyber Protect Officer with City of London Police, NFIB Cyber PROTECT.


What Glastonbury, the Chelsea Flower Show and the Rugby World Cup have in common

13 June 2019

Step one, find a cheap, last minute ticket deal. Step two, make sure it's legit! Get Safe Online is offering advice on how you can buy tickets without getting caught out by fraudsters.


What financial services providers should watch for in the era of open banking

28 May 2019

Fraud prevention is evolving in response to open banking, how security measures are adapted will be crucial to gaining consumer trust in the new era.

Back to blog home >
Posted by: Hayley Shelton

Hayley is a Cyber Protect Officer with City of London Police, NFIB Cyber PROTECT.