How to Prevent Phishing

Phishing is a form of cyberattack where criminals attempt to trick people into revealing sensitive information (such as passwords, usernames or bank information). Often, this is carried out by impersonating a legitimate company or authoritative person. 

Phishing can be in the form of messages, emails, voicemails or any other form of communication – but mostly, phishing attacks are online. 

If you’ve been scammed online through a phishing attack and you’ve lost money as a result, you can seek legal help. 

Throughout this guide, we’ll cover red flag signs of phishing to be aware of, ways to keep yourself safe online, reporting phishing attacks and how to seek out legal support. 

What Are the Laws on Phishing in the UK?

Firstly, is phishing illegal, and what are the laws behind this?

In the UK, phishing is illegal and is taken very seriously under both criminal and fraud legislation. Most phishing scams fall under the Fraud Act 2006, which makes it an offence to commit fraud by false representation.

Depending on the circumstances, phishing can also involve offences under the Computer Misuse Act 1990, particularly where malicious software is used to harvest data, or under the Data Protection Act 2018 if personal information is unlawfully obtained.

Convictions for phishing attacks can carry severe penalties, including imprisonment. 

However, while the law provides strong rules against offenders, pursuing action and recovering losses can often be a complex process. That’s why many victims seek the guidance of solicitors who specialise in fraud and scam recovery, ensuring their rights are protected and they have the best chance of achieving justice. 

Tips to Prevent Phishing

So, what are the best ways to prevent phishing and keep yourself safe online?

Common Signs of Phishing Attacks

Firstly, knowing how to identify a phishing attack is crucial.

While phishing attacks can sometimes be really clever and hard to distinguish from legitimate companies, there are a few common warning signs you can watch out for: 

• Unexpected messages: Emails, texts or calls claiming to be from banks, government bodies or well-known companies may raise suspicion of phishing attempts.
• Urgency: Messages that create urgency, such as threats of account closure, are another key sign.
• “Too good to be true”: Offers that seem “too good to be true”, or discounts, sales or deals “you can’t miss out on”, can be a compelling way to trick someone into making a rash decision.
• Appearance: Poor spelling, grammar, or unusual formatting in the message is a big red flag – especially if they’re supposed to be from authoritative companies.
• Weird email addresses: Watch out for if sender email addresses or phone numbers don’t match the official organisation.
• Requesting personal details: Links or attachments that look suspicious, especially if you’re asked to “verify” personal or financial details, are common signs of phishing.
• Trust your instincts: Sometimes, you can just get a gut feeling that something doesn’t feel legitimate – so, backing away, reporting and deleting is always better to be safe than sorry.

Find more details in our dedicated guide on how to spot a phishing email.

Keeping Yourself Safe Against Phishing Attacks

So now you know the signs to identify phishing, how can you prevent it from happening in the first place? 

You can reduce your risk by adopting good online security habits:

• Changing passwords: Regularly change your passwords and avoid reusing them across different accounts.
• Limit the personal information you share online: Phishing scammers often piece together details from social media to craft more convincing attacks.
• 2FA: Use two-factor authentication to gain access to your accounts – preferably with an authentication app rather than SMS.
• Updates: Keep all your devices, apps and antivirus software up to date so it can protect you as best as possible. 
• Staying vigilant about clicking on links: Never click on any suspicious links or download attachments from unknown sources.
• Verifying requests: Always verify requests for sensitive information directly with the organisation through trusted contact details.
• Check website security: Be sure to only enter personal details on sites with “https://” and a padlock icon in the browser bar.
• Be cautious with public Wi-Fi: If possible, avoid logging into sensitive accounts on unsecured networks when connected to a public Wi-Fi, or use a VPN for added protection.
• Set up account alerts: Many banks and online services allow you to receive notifications of unusual activity.
• Educating yourself: Staying up-to-date on common scams (through forums or the news) can be a good way to stay ahead of the game. 

Reporting Phishing Scams

If you’ve received a suspected phishing message – for example, through your Microsoft email – you can report this directly to Microsoft, or to whichever platform you received the message. 

You can also report internet scams and suspected phishing attempts to the government. GOV.UK specifies how to forward suspicious emails, text messages and report scams or misleading adverts. 

By reporting phishing attempts, this can put the associated phone number or email address on the radar, meaning it can help keep others safe from phishing attacks, too. 

I’ve Been Successfully Phished & Lost Money – What Do I Do?

If you’ve inadvertently fallen victim to a phishing attack, you can seek legal support to help you retrieve your money. 

Before you make your claim, ensure you follow these steps:

1. Document the event

Keep a note of all details related to the phishing attack as soon as possible, while it’s all still fresh in your mind. 

Keep screenshots of any messages or emails, and also try to remember any details such as usernames, account numbers or passwords you may have shared. 

By noting down as many details as possible, you will help to progress your claim quickly and find a resolution to help get your money back. 

2. Report the scam

Before you proceed to legal action, make sure you have officially reported the phishing attack. 

Firstly, this should be reported to your bank or payment provider if the scam involved transactions or bank information. They can then stop any further transactions and, if needed, block your card.

Secondly, you should report the scam to the relevant authorities. 

In England and Wales, you should contact Action Fraud – this is the UK’s national reporting centre for cybercrime and fraud. Once you’ve reported the incident, they will provide you with a police crime reference number, which can then be used in any legal claims.

3. Secure your accounts

Keep your digital footprint as watertight as possible if you’ve been successfully phished. 

Depending on the information you have shared, this could include changing usernames and passwords for websites, contacting your bank to block your card and speaking with your phone provider to alert them to the attack.

Making a Claim Against a Phishing Attack

Once you’ve collated your documentation as evidence and made sure you are as safe as possible online, you are ready to seek legal support against a phishing attack.

Legal action for phishing can be either:

• Civil action: This refers to filing a claim against the scammer to recover any financial losses by presenting your case in a civil court. This could result in a financial settlement if the case is successful. 
• Criminal action: In some more extreme cases of reported phishing, the authorities may pursue criminal charges against the scammer. In this situation, you would not receive direct compensation, but it can prevent the scammer from targeting further victims. 

While it’s recommended to seek the compensation you deserve for a phishing attack, sometimes scammers can be sneaky and hide their identities pretty thoroughly, making them hard to track down. 

In these situations, this can complicate the legal process, so it’s worth keeping this in mind to manage your expectations.

Put Your Trust in a Legal Professional

Consulting a trusted, legal professional who specialises in fraud and scam recovery is essential, as they will be able to secure you the best possible compensation outcome through their vast experience in these types of situations. 

This is where CEL Solicitors steps in. 

We specialise in fraud and scam recovery, so if you have fallen victim to a phishing attack, we can help you secure the compensation you deserve. 

Throughout our claims process, we can help to retrieve your lost money from either an organisation that has failed to protect you or an individual who is responsible for the phishing attack. 

Plus, if you’ve already made a claim with another solicitor but there is still no progress, don’t worry – we can help here, too. We’ll pursue your claim and push for the action you deserve.

Choose CEL Solicitors for Phishing Legal Support

Losing money to fraud or phishing is distressing – both emotionally and financially – which is why we’re here to help. 

With a proven track record of recovering millions for fraud victims, our expertise ensures strong, results-driven advocacy.

If you’ve lost money to a scam, we can assist in reclaiming your funds with no upfront costs as part of our ‘No-Win, No-Fee’ promise – just essential support when you need it most.

If you’re unsure about the value of your claim, there’s no harm in speaking with us. We’ll listen, give you clear guidance, and help you understand your options.

Ready to pursue your claim against a phishing attack? Get in touch today for a free, no-obligation consultation. Call 0333 305 4982 for the support you deserve.