Phishing is the fraudulent practice of sending messages that appear to be from a trusted source in order to influence people into giving up personal details and/or banking information, allowing a scammer to steal your identity or money. 

There are different types of phishing scams that include Vishing (Voice Phishing), Smishing (SMS Phishing), Catfishing and Social Media Phishing.

We have compiled information on the most popular kind of Phishing attacks. You may have already come across some of them.


What is Phishing

The fraudulent practice of sending messages that appear to be from a trusted source in order to influence people into giving up personal details and/or banking information, allowing a scammer to steal your identity or money.

There are different types of phishing scams that include Vishing and Smishing.

Phishing is mainly used to describe scam emails that include malicious links to try and steal personal information from individuals and/or companies.

How to recognize a Phishing Attack

• Check for typos, spelling mistakes and poor grammar. If something looks off report the email and delete it.

• Hover over links before clicking them to inspect the link address.

• Check for contact information in the footer of the email, if there is none the email is likely to be a scam.

What to do if you have received a Phishing Email

• Report the email to your IT team and delete the message, do not click on any links or respond.

• If you received a suspicious email from one of your colleagues, phone them directly to make sure they did actually send it to you – do not reply to the email or click on any links.


What is Vishing?

Vishing is a combination of ‘voice’ and ‘phishing’ and it is a phone scam designed to get you to share personal information.

During a Vishing phone call a scammer uses social engineering tactics to get you to share personal information and financial details such as account numbers and passwords.

This could be through telling you accounts will be closed due to unpaid bills, using fear to scare you into giving away details. Or the exact opposite, they could say you have won a competition you never remember entering and they need your bank details to give you your prize.

Vishing is just one form of Phishing, which is any type of message – such as an email, text, phone call or direct-chat message, that appears to be from a trusted source, but isn’t. The goal is to steal someone’s money or identity.

How to spot a Vishing scam

The caller may claim to represent your/a bank, HMRC or your phone company and will create a frantic sense of urgency, they will also ask for information which includes bank account details, national insurance number, name, D.O.B etc.

What to do if you think you are on the receiving end of a Vishing call.

If a number is calling you that you do not recognize, do not answer the phone.

If you do answer, do not press any buttons to respond to prompts.

Hang up as soon as something feels fishy and do your own investigation. For example, if your bank has called to tell you there is a problem with your account, hang up the phone and call your bank by yourself using the official number available on their website, the number may also be on your bank card.


What is Smishing?

Smishing is a combination of SMS and Phishing and describes a scam that takes place through text messages with the aim of getting you to click on links or share personal information.

Smishing happens across mobile text messaging platforms and can include non-SMS channels like WhatsApp.

Smishing can also lure people into sending scammers money.

A lot of Smishing includes scammers trying to get people to click on malicious links that if clicked on can install malware onto your phone that steals your personal data. It may also lead to a fake site that requests you to type in personal, sensitive information that scammers will use to commit crimes or steal money.

Like Phishing and Vishing, Smishing creates a sense of urgency with the individual being targeted either using fear or joy to get people to ‘not think’ before clicking on links.

What to do if you think you are on the receiving end of a Smishing attack.

• Do not respond.

• Take your time to read over messages and always remain skeptical and proceed carefully.

• If you have received a text from your bank, phone company or utility company, contact them directly instead of clicking any links or responding to the text. Make sure you use the official number found on their website or an official letter, instead of the one you received the text message from.

Social Media Phishing

What is Social Media Phishing?

Social Media Phishing is an attack that happens through platforms like Facebook, Twitter or Instagram with the purpose of stealing personal data/ information or to gain control of your social media accounts.

What does it look like?

Social Media Phishing can vary across platforms however it includes sharing malicious links across social media platforms and can also include scammers impersonating people or companies in order to message you and gain personal information that can be used against you.


A Phishing attack on Instagram can look like scammer impersonating people on your followers list or celebrities and asking you to send them money for example Insert Picture.

It can also look like companies or brands messaging you with offers to partner with them, these messages usually include links.

Any suspicious messages can be reported straight to Instagram and then you should delete them straight out of your inbox.


This can include people posing as celebrities or random accounts that send you Direct Messages with malicious links or ask you for bank details so they can send you money or ask you to send them money.

These can all be reported straight to Twitter and should then be blocked and deleted from your account.


This can include scammers impersonating friends or family members and sending you messages asking for personal details or money. It can also include people selling fake products over Facebook Marketplace and not fulfilling their part of the transaction.

All messages should be reported straight to Facebook and then blocked and deleted from your account.

Never accept friend requests from people you do not recognize, or if you get a friend request from someone you do recognize, text them privately to ask if they have created a new Facebook account.


What is Catfishing?

Catfishing is when someone sets up a fake online profile to trick people who are usually looking for love, this is usually to trick people into giving them money.

How to spot a Catfish

• If you search their name on the internet but they don’t seem to exist, or they do, but the photos don’t match the photos on their dating profile.

• They are asking for money very early into the relationship. They may be saying it is to come and visit you.

• They are telling you they love, but you have only been speaking for a few days.

• They are avoiding face to face contact or speaking to you, either rby meeting in person, audio calling or facetiming.

• Their stories sometimes conflict with each other or don’t quite add up.

• They seem just a little bit too perfect.

If you are speaking to someone online and look them up and find their social media profile you may find that the pictures don’t match. However, if they do there are a few things that will clue you in to whether they are a real person or not, this includes the number of photos and the quality of the photos.

It is normal for people to have more than one photo of themselves, and to have photos they have been tagged in. It is also not normal for people to have only professionally taken photographs. If you notice this person has very few photos that are of a very high quality and have very few friends, there is a high likelihood of them being a Catfish. Another clue may be if the profile was made very recently, usually you will find most people have had a Facebook, Instagram or Twitter profile for a few years at least.

What to do if you think you are being Catfished

If you think you are being Catfished report the Catfish to the site you are using, if they have asked for money, you can report them to the police.

Block their profile and cease all contact with them, you may also want to let other people know this person is a Catfish and stay weary of them.

You should report all types of scams to Action Fraud, the UK’s national reporting centre for fraud.