Don’t get ‘caught’ out

What is phishing?

Phishing is the fraudulent use of emails to manipulate targets into revealing passwords and sensitive information or transferring money into other accounts. Phishing messages often contain links to fake websites that request password and account information or install viruses in your devices.

Business email compromise (BEC) is a more sophisticated type of phishing where criminals gain access to an individual’s email account and use their emails to pose as a trusted individual to try and trick you into sending money or divulging confidential information.

How to prevent phishing

  • Stay vigilant: Be alert to the style, tone and grammar of emails you receive, especially if they don’t use your name, even if they follow an existing email chain
  • Personal information: Never enter any personal or security information in a site accessed through an unverified email link
  • Unverified senders: Never click on links or open attachments in emails from unverified senders 
  • Double check: Do not assume a sender is genuine because they know information about you or your company, the email address looks familiar, or even appears to be genuine. Fraudsters are skilled at collecting information and can create fake email addresses, that may appear to be from your own organisation
  • Account compromise: phishing and malware can be used to gain access to a genuine email account, allowing fraudsters to send emails from it. For this reason it’s important that you carry out due diligence before you act in relation to any requests received, Even when the instruction comes from a recognised email address.
  • Remember: We will never contact you and ask for your PIN, complete passwords, or full account details. Nor will we ask you to make a payment or request access to your systems or PC
  • Employee training: Make all staff aware of the risks of phishing emails, especially payment scams, and inform them of how to respond if they are targeted
  • Wider implications: it’s important to remember that phishing emails can lead to further problems, including data breaches or malware.

What to do if you're a victim

  • Contact your bank: If you have been targeted, contact your bank immediately. They will try to recover the money from the fraudster’s account. The quicker you act the greater the chance of fund recovery  
  • Inform others: If your company has been impersonated, warn clients and suppliers and encourage them to verify any correspondence using the number they have on file 
  • Companies House: Check Companies House to see if there has been any unusual activity, or companies registered using your company name or director/s’ details1
  • Online support: Consider registering for Protected Online Filing (PROOF)2  and sign up to the CIFAS Protective Registration3 service to help protect your personal ID
  • Action Fraud: Report phishing emails to Action Fraud4. You can report incidents via www.actionfraud.police.uk or by calling 0300 123 2040
  • Contact us: If you fall victim on your Barclays payment channels, call the Fraud Helpdesk immediately on 0330 156 0155. If you receive a suspicious email, forward it as an attachment to internetsecurity@barclays.co.uk,, then delete it immediately.

Wake up to the reality of phishing

83% of UK businesses that suffered a cyber-attack in 2022 reported the attack type as phishing. Ref: 5
31% of businesses estimated they were attacked once a week in 2022. Ref: 6
3.4 billion spam emails are sent every day; in 2022 48% of all emails were spam. Ref: 7

Phishing scams: know the score

Derek has become an office legend simply by spotting scams and, in turn, saving his company big money. Watch the video to see him thwart an attempt at invoice fraud.

Commentator 1:

You can see Derek’s training regime is paying off, can’t you Vicky? He’s played a great defence so far, even better than Colin in accounts.

Commentator 2:

John, I couldn’t agree more. You’d have to say…Oh my days! He’s already making a break for it!

Commentator 1:

You’re right! We’re only in the 2nd minute. He’s going for it. Can he get there…AND HE SCORES! WHAT A BEAUTY!

Commentator 2:

HE’S DONE IT! I think that’s worth a replay! So, this is the moment he receives the email. It’s an invoice from a supplier, but they’re requesting a change to their bank account details. Here we go, watch his eyes. Derek’s taking a closer look.

Commentator 1:

He’s doing it. He’s picking up the phone. He’s calling the supplier using the number he’s got on file. He’s verifying the change in account details…THERE IT IS VICKY! That’s the moment! He’s foiled the invoice fraud!

Commentator 2:

Well, that was pure gold. Nicely done, Derek.

Your next steps

Report fraud

To report any fraudulent activity, or attempts, contact Barclays Corporate fraud on 0330 156 0155* or if calling from overseas dial +441606566208.

If you receive a suspicious email, send it as an attachment to  internetsecurity@barclays.co.uk and delete the email immediately.

Are you protected?

To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.

Fraud and Scam Toolkit