How to spot the signs of phishing phone scams

Firstly, what is phishing? Phishing is a form of cyber crime where cyber criminals attempt to extract sensitive information through email messages, website or phone calls appear to be real. Some may think this only happens to individuals on personal telephones, but it can happen to businesses too.

If you are using a business mobile phone and receive a scam phone call but don’t recognise the signs, you could expose your business to a cyber attack.

Scammers will often try and fool the victim into believing that the message or call is from a trusted source, sometimes even pretending to be someone you know. The aim of this is to typically get you to share your passwords or other personal data, or to trick you into downloading computer viruses.

Imagine this... One woman had a mobile call telling her that there was an ongoing court case against her over an unpaid tax bill. The judge and jury were on the line, the scammer told her, but if she immediately transferred payment of £999, the case would go better for her. She panicked and paid but was told it was not enough. So she went to the bank, with the scammer still on the line, and sent another £4,000.

Spotting the signs of a genuine and scam phone call can be tricky, here are some key things to be aware of:

  • No-one should be asking for your password A reputable company will never ask for your password or bank PIN, either over the phone or by email. If they need you to reset your password, they’ll send you a link to a secure page on their official site, which will allow you to do it safely. You also shouldn’t have to give any individual person your password or PIN number.

  • Using threats to frighten you In order to try to spur the victim into action, scammers may include threats in their calls. For example, they could say that your bank account will be permanently deleted if you don’t reset your password through a link that they’ve provided.

  • They are evasive if you have questions If you ask to speak to a supervisor or ask for proof of where that the caller is calling from, they’ll either change the subject or make you feel at fault for asking for more information.

  • You can’t call the company back on their official number Call phishing has become increasingly sophisticated. Nowadays, scammers can either hide their caller IDs, or they can mimic phone numbers, so it looks like you’re being called by a genuine company, such as a bank or utility company.


The East Midlands Cyber Resilience Centre is non-for-profit and is Policing-led. We provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top university cyber talent. Our services help SMEs and therefore supply chain prepare and improve cyber resilience.

Sign up for FREE membership here.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.