Skip navigation

How to spot and report a phishing scam

Written by: Mettle editorial
4 min read

Fraudsters are finding new and creative ways to get at your hard-earned money. Being vigilant online – whether that’s on social media, using applications on your computer or mobile, or on email and text – is increasingly important.


Last year, 82% of UK micro and small businesses reported phishing attempts. This shows that fraudsters are always thinking up new ways to get your personal information or logins in order to steal your data, identity or money.

And there are a number of different ways they do this. Either pretending to be your bank, or a family member, or even pretending to protect you from the very fraudulent activity they are perpetuating. This is why phishing falls under the umbrella of social engineering – the term used for a broad range of malicious activities accomplished through human interactions. 

Here are some tips on how to recognise and try and protect yourself from phishing scams.

How to recognise a phishing scam 

Phishing scams normally trick you by playing on your emotions or creating a story to get you to click on a link or share your information. They do this by pretending to be your bank, doctor, the government or anyone with authority to create urgency and legitimacy with their claims. The fraudsters could:

  • Say they’ve noticed some suspicious activity or log-in attempts 

  • Claim there’s a problem with your account or your payment information 

  • Say you need to confirm some personal or financial information 

  • Ask for your security information, like recovery codes or pin numbers

  • Want you to click on a link to make a payment 

How fraudsters try and trick you

The National Cyber Security Centre (NCSC) says that fraudsters are trying to gain your trust quickly and achieve this in five different ways: 

  • Using authority – They could pretend to be someone official, like from your bank, your doctor, or even the government. Scammers often pretend to be important people to use that authority to trick you into doing what they want. 

  • Creating a sense of urgency – Fraudsters will often tell you you have a limited time to respond to something or make a decision. If you feel pressured at all, you can end the interaction and contact the organisation on their official channels. 

  • Playing on your emotions – Fraudsters will use strong feelings to get a reaction out of you. For example, they could use threatening language and make false claims to make you feel fearful and panicked. Or they could make you feel hopeful you've won something.  

  • Fear of missing out – Fraudsters can play on something being in short supply, like concert tickets, money or winning something to get you to respond quickly. 

  • Using current events – Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

Take Five to Stop Fraud campaign 

Fraudsters are good at putting you under pressure so that you don’t have time to think. To help you in situations like this, UK Finance has its ‘Take Five to Stop Fraud’ campaign to help you spot scams and keep yourself and your hard-earned money safe. 

They advise: 

  • Stop – Take a moment to stop and think before giving out your personal information or payment details

  • Challenge – Could it be fake? It’s okay to reject, refuse or ignore any requests you think seem suspicious 

  • Protect – If you believe scammers have targeted you, report it to Action Fraud on 0300 123 2040 or at If you’re in Scotland, please report it to Police Scotland directly by calling 101.

How to report a phishing scam

If you think you’ve come across a fraudulent email scam, you can report it to the NCSC by forwarding it to NCSC recommends you forward on as many scam emails as you come across. Since January 2023, they have removed 209k scam URLs.

If you’ve received a suspicious text message, you can forward it to 7726. Your provider will then be able to investigate the text message. 

If you’ve been hacked or lost money because of a phishing scam, you need to report it to Action Fraud. In England, Wales and Northern Ireland you can report this via the Action Fraud website or by calling 0300 123 2040. If you’re in Scotland, you need to report it to Police Scotland by calling 101. 

If Mettle ever needs to contact you

Here at Mettle, we want to ensure that all of our customers know what we’ll do if we ever need to contact you. And most importantly, the information we’ll never ask you to provide. 

We’ve outlined the different ways we’ll contact you and the information we ask for in this article. If you get contacted in a different way or asked to provide any additional or different information, then it’s most probably a scam.

If this happens, or if you’re unsure it’s really us contacting you, you should hang up and call us back using the number on the back of your Mettle card.

linkedIn logo

At Mettle, our aim is to give everyone the financial confidence to work for themselves, and that’s no different with our content. We want to give small business owners, freelancers and sole traders the tips, tricks and industry updates they need to run their businesses.