Tech Tips: The Top 10 Most Common Phishing Message Scams

Whether it’s a convincing email claiming to be from a reputable bank or a text message offering a too-good-to-be-true deal, the consequences of falling victim to phishing can be dire. These cunning schemes, often disguised as legitimate communication from trusted institutions, aim to deceive individuals into revealing sensitive personal information or falling prey to financial scams. Phishing message scams are often written in an urgent, concerning manner to encourage users to try and click quickly on whatever fake link is attached, often leading to near-identical login pages for major companies designed to steal user data.

Most threats to small to medium businesses result from untrained or unfamiliar employees, so we’ve compiled a handy sheet of some of the easiest-to-spot and most common phishing scams that often make it through spam filters or directly to employees via text. These phishing messages come in various forms, each designed to exploit the unsuspecting recipient’s trust, so always be wary of what number or email address they may be coming from–especially if the actual address or number is unfamiliar.

Most Common Phishing Message Scams:

1. HM Revenue & Customs (HMRC) Tax Refund Scams:
   Example: “URGENT: Your recent tax refund from HMRC is pending! Click here to claim now and provide your bank details.”
2. NatWest, Lloyds, or Barclays Account Verification Emails:
   Example: “Your NatWest account has been compromised! Please verify your identity by clicking on the link and entering your account details.”
3. Royal Mail Parcel Delivery Scams:
   Example: “We couldn’t deliver your parcel! Click here to reschedule delivery and provide your personal details for verification.”
4. Netflix or Amazon Prime Subscription Renewal Notices:
   Example: “Your Netflix subscription is about to expire! Click here to renew your membership and update your payment information.”
5. Tesco or Sainsbury’s Gift Card Giveaway Scams:
   Example: “Congratulations! You’ve won a £100 Tesco gift card! Just fill out this survey and provide your contact details to claim your prize.”
6. Fake Job Offers from UK Companies:
   Example: “Immediate hiring: Work-from-home opportunity with a reputable UK company! Click here to apply and provide your CV and personal information.”
7. PayPal Account Limitation Notices:
   Example: “Your PayPal account has been limited due to suspicious activity! Please log in to verify your identity and restore full access.”
8. Phishing Emails Posing as UK Government Agencies:
   Example: “Important message from the UK Home Office: Your immigration status is at risk! Click here to provide additional information and avoid deportation.”
9. DVLA Vehicle Tax Refund Scam:
   Example: “You are eligible for a vehicle tax refund from DVLA! Provide your vehicle registration number and bank details to claim.”
10. EE or Vodafone Account Update Request:
    Example: “Update your EE account information to avoid service interruption! Click here to confirm your details.”

While these are some of the most popular examples of phishing scams used primarily on individuals, a compromised individual user can also affect whatever company they’re working for should their devices be compromised, or worse, if they re-use passwords across several accounts. More common scams targeting businesses usually see important figures in the company impersonated, or common companies in charge of creating software for business use like Microsoft impersonated.

If you’re ever uncertain of whether a message is legitimate or not, please contact your IT specialist. If your IT specialist isn’t fully prepared to vet your users for phishing expertise and experience, then give our sales team a call; we offer everything from simulated phishing attacks to full user training so they’ll be aware of what to keep an eye out for!