What is phishing?
Phishing fraud is a criminal activity where fraudsters attempt to obtain personal information including account details. Once fraudsters have these details they will typically go on to commit identity theft or bank fraud.
The attack usually begins with an email pretending to be from someone you know. For example, your bank or an online store asking you to “verify” or “update” your details, or “reactivate” an account.
Examples of phishing
- An email will ask you to click on a link which will take you to a fake site that looks exactly like the legitimate one. You will then be asked to login to your account or enter personal information.
- The email will not contain a link but will instead ask you to fill in a form attached to the email and send it back to the fraudster.
- You’ll be asked to click on a link which will then infect your computer with a virus.
- You’ll be asked to download an attachment which then infects your computer with a virus.
- A Facebook feed asks you if you have ever had an account with a certain organisation. If you have, it invites you to click on a link to discover if you are eligible.
How to spot a phishing email
Scammers often copy genuine emails so they might look legitimate at first glance. Look out for:
- Emails asking for your personal details such as usernames, passwords or bank details.
- Poor use of language e.g. spelling, grammar and punctuation.
- A sense of urgency. Fraudsters will try to push people into acting before thinking carefully.
- Emails where the sender doesn’t know your name. For example, it may be addressed ‘dear valued customer’.
- Links that don’t go where they say they’re going. If you hover over the link the URL should then appear on the screen, so you can see it and check. Don’t click on it.
- Anything that looks suspicious or too good to be true.
Sainsbury’s Bank will never contact you and ask for security or account details via email. So if you see this, you’ll know it’s not from us.
Avoid phishing scams
If you’re not sure whether an email is fraudulent or not you can take some precautions.
- Don't click on any links you're not sure about and then enter personal details. Instead, type the url or copy and paste it into your browser. Alternatively go to the company’s homepage and navigate from there e.g. to customer login.
- Make sure your spam filter is switched on.
- Have up-to-date anti-virus software on your computer. More on anti-virus software.
- When you do enter your personal details online check to make sure the website is secure. Look to see that the URL begins with “https” and the closed padlock icon is displayed. This tells you that any information being sent is encrypted. If anyone were to intercept the information, they wouldn’t be able to read it without the encryption code.
- For a fee, you may also want to sign up to a credit reference service where you can view your credit report online. This will help you spot any suspicious transactions. More on credit references.
You can forward any suspicious emails that look to be from Sainsbury’s Bank to email@example.com and we’ll look into it for you.
If you’re concerned you may have given fraudsters access to your account details contact your account provider immediately.
By being aware of the various types of frauds you’ll be better able to keep your account details safe. See our guide to credit card fraud for an overview.More guides