ICAEW.com works better with JavaScript enabled.

Protect yourself from phishing attacks

4 May 2020: The COVID-19 pandemic has unleashed a fresh wave of cyberattacks targeting remote workers and businesses. Read ICAEW’s tips to help protect yourself from phishing attacks.

There has been a dramatic rise in attacks on businesses using the current situation to take advantage of users.

Phishing is when criminals try to convince you to click on links within a scam email or text message, or to give sensitive information away (such as bank details). These attacks and scams use both fear and financial incentives to create a sense of urgency – tempting users to click unsafe links or open documents. Once clicked, you may be sent to a malicious website which could download viruses onto your computer or steal your passwords and other data. 

Recent examples include:

  • Impersonating authoritative organisations like HMRC and the World Health Organisation
  • Using government support programmes such as the Coronavirus Job Retention Scheme, business loan schemes and even free school meal vouchers to entice users to provide bank details
  • Phishing attempts against employees who are in work-from-home settings
  • Asking for donations for good causes
  • Targeting firms that are impacted by stay-at-home orders

Like many phishing scams, they prey on real-world concerns. The cyber threats that we are seeing are not new; rather these are existing malware and phishing campaigns that have been updated to exploit the increased interest in COVID-19. This means that the usual prevention measures still apply.

Tip for spotting signs of phishing

Spotting a phishing email has become increasingly difficult as cybercriminals become more sophisticated in their approach. However, there are some common signs to look out for:

The email is sent from an unusual address

Some email programs do not show the full email address by default. If you are not sure an email is genuine, look at the sender’s email address and not just the displayed name. 


Receiving an email from someone you do not know or an unexpected email with instructions to open attachments is a common scenario. These attachments can contain malware that can harm your computer and capture personal data. 

Personal information

Your bank (or any other official source) should never ask you to supply personal information from an email. If you have any doubts about a message, call them directly. Don't use the numbers/emails in the email but visit the official website instead.

A sense of urgency

Phishing emails often ask users to provide some sort of information. A sense of urgency is created by including warnings such as a report of unusual activity and ‘you must act now to prevent your account from being locked’, a looming deadline, or an email from the CEO asking you to make an urgent payment. 

If there is any doubt, double-check any claims made in the email. For example, contact your colleague or supplier to confirm if they have sent the email. 

Links to unusual websites

Clicking a link in an email is a common request. Hover your mouse over the link or address to see the linked site’s true address. Misspelt URLs or unfamiliar domain names can often highlight that an email is not genuine and could be used to steal personal data or login information.

Generic greetings

Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.

Poor spelling and grammar

Phishing emails can often be detected by the way they are written and are often characterised by spelling mistakes or poor grammar. The writing style may also be different to the usual way in which colleagues or managers communicate.

Emails or texts from HMRC

HMRC has published guidance on how to recognise genuine contact from them. If you think you have received an HMRC-related phishing or bogus email or text message, you can check it against examples published on the .gov.uk website. HMRC is asking people to forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.ukand text messages to 60599. Your accountant can also be a check to confirm if any refunds or penalties are due. 

What to do if you have acted on a phishing email 

If you have acted on a phishing email by opening a link, opening an attachment or entered details into a website there are steps you can take:

  • If you were using a work device, let your IT department know
  • Run a full scan of your device using reputable antivirus and anti-malware software
  • If you provided login details, contact your service provider (or bank if provided banking details) and let them know. 
  • If you reuse the same password elsewhere, change your password on all those accounts. Consider using a password manager to improve security.
  • If you have lost money, tell your bank and report it as a crime to Action Fraud, the UK’s reporting centre for cybercrime. 

Useful resources

There are always clues that can help you stay safe. Regular training and awareness programmes can help you build awareness of how cybercriminals work and what to look for.

  • The National Cyber Security Centre has a range of resources to help businesses of all sizes. This includes a short free eLearning programme ‘Stay safe Online: Top tips for staff’
  • If you have received an email which you are not sure about, you can forward it to the National Cyber Security Centre’s recently launched Suspicious Email reporting service at report@phishing.gov.uk.
  • Last year, Google designed a quiz to educate internet users on how to spot phishing emails to avoid becoming a victim of phishing. 
  • BBC cybersecurity reporter Joe Tidy has created a website cataloguing various COVID-19 phishing scams.

ICAEW is running a webinar on managing cyber risk during the COVID-19 crisis. For more details or to register for the event click here

For more on cybersecurity, the Cybersecurity hub provides a focal point for ICAEW members looking for support in managing cyber risks.