UK scam guide
How to spot a phishing email
Phishing emails are designed to look like the real thing. Once you know what to check, most of them give themselves away in seconds.
Check the sender, not the display name
The "from" name in your inbox is just a label. Anyone can set it to "HMRC" or "Royal Mail". The address itself is harder to fake. Tap or hover on the sender to see the real email.
Real organisations email from their own domain. HMRC uses an address ending in @hmrc.gov.uk. Royal Mail uses @royalmail.com. If a "Royal Mail" email comes from noreply@parcel-update.top or support@royalmail.fix-account.co, it is not from Royal Mail.
Watch for urgency and threats
Phishing relies on panic. The classic phrases:
- "Your account will be suspended in 24 hours"
- "Final notice"
- "Action required immediately"
- "Your parcel will be returned"
- "Unusual activity detected"
A real bank, courier or government department will not threaten you with same-day consequences over email. If your gut says "this is making me nervous", that is exactly the reaction the scammer paid for.
Check the link before you click
On a desktop, hover over the link without clicking. The real address shows up in the bottom-left of your browser. On a phone, press and hold the link to preview it.
The trick scammers use most is making the visible text look right while the underlying address is wrong. www.royalmail.com as link text could point anywhere.
Lookalike domains are common. Watch for extra words, hyphens or unusual endings:
- royalmail-redelivery.top instead of royalmail.com
- hmrc-tax-portal.live instead of gov.uk
- natwest-secure-login.click instead of natwest.com
Generic greetings and small mistakes
Real businesses know your name. "Dear Customer", "Dear Sir or Madam" or just "Hi" at the start of a supposedly personal message is a small but telling sign.
Spelling and grammar mistakes used to be the giveaway. With AI-written scams that signal is weaker, but odd phrasing, missing articles ("Please update bank account") and inconsistent fonts in the same email still show up.
Unexpected attachments are dangerous
Treat any unexpected attachment as a threat. Especially:
- Invoices you were not expecting
- Word documents asking you to enable macros
- PDFs with download buttons inside
- Zip files claiming to contain photos or shipping documents
If you need to verify an invoice, log into the supplier's account directly. Never open the attachment first.
It asks for card details or codes
Real banks, real couriers and real government departments never ask you to enter your full card details, password or one-time code through an email link. If a message asks for any of those, stop and verify by going to the official website yourself, typed by hand.
What to do when you spot one
- Don't click any links or open attachments.
- Forward the email to report@phishing.gov.uk (the National Cyber Security Centre).
- Mark it as phishing in your email app, then delete it.
- If the email pretends to be from a specific brand, forward it to their abuse address too. HMRC: phishing@hmrc.gov.uk. Royal Mail: reportascam@royalmail.com.
If you already clicked, see our guide on what to do if you clicked a scam link.
Common questions
- Are phishing emails illegal in the UK?
- Yes. Phishing is fraud under the Fraud Act 2006 and is investigated by Action Fraud. Reporting them helps takedowns happen faster.
- What does "phishing" actually mean?
- Phishing is when a scammer pretends to be a trusted organisation in an email or message to trick you into giving them money, login details or personal information.
- I clicked a link in a phishing email. What now?
- Don't panic. If you didn't enter any details, you're probably fine. Run a virus scan to be safe. If you entered a password, change it immediately on every site that uses it. If you entered card or banking details, call your bank straight away.
- How do I report a phishing email in the UK?
- Forward it to report@phishing.gov.uk. That goes to the National Cyber Security Centre, which gets the page taken down. For HMRC scams use phishing@hmrc.gov.uk. For Royal Mail use reportascam@royalmail.com.