Phishing is a scam that uses email to try and trick you into giving out confidential information. They will often use familiar logos and look like they've come from a genuine company or person, but are actually sent by criminals who want to access your online accounts and details.
Some of the common giveaways that you’re dealing with a scammer...
- Authority: Is the message claiming to be from someone official?
- Urgency: Are you being told you only have a limited time to respond?
- Emotion: Are you expecting to receive a message like this and does it make you feel panicked, curious or hopeful?
Scammers are constantly changing their approach, finding new ways to trick you. Check out the recent examples of phishing emails we've stopped so you can see exactly what they look like. We've added an email authentication system called DMARC to TalkTalk webmail. This confirms if emails are genuine and have been verified as they come with a gold padlock, look out for the gold padlock icon. If you've received a phishing email claiming to be from TalkTalk, Report it to us straight away.
Recent Phishing emails
don't be tempted
to reply
It's easy to be drawn into these.
Don't reply
reporting
We take your security very seriously, so if you've received an email pretending to be from TalkTalk, please let us know. Our security team will look into this, block and help prevent customers from falling foul to criminals.
If you spot a phishing email claiming to be from us, report it to us and our security team will then check through these and block them on our network where appropriate.
How to
report Spam
If you're using our TalkTalk mail, then it's really easy
How to report phishing email
It's really easy to let us know about Phishing emails
Report phishing
Other things to look out for
- Mismatched URLs - The email may contain a link to a website that looks genuine but isn't. You can usually tell if the link is going to direct you to a trustworthy website by hovering your mouse over the link. If the linked website address is different from the text displayed in the email, it is probably fraudulent and could link to a fake website.
- Unbelievable offers - "Congratulations! You've won!" Emails containing exclusive offers that are too good to be true are usually scams. An email congratulating you on a prize draw or competition you've won but never entered usually contain links to "claim your prize". These links will direct you to a fake website where you could be asked to give confidential information.
- Sender's email address - It's worth checking that the sender's email address matches who they say they are.
- Confidential questions - You should be wary of any email that asks you to give out personal or confidential information no matter how realistic it looks. A legitimate email shouldn't ask you for security details like pin numbers, passwords or account details.
- Dear Customer - Any email that doesn't use your name and addresses you as 'customer' is a warning sign for a phishing scam. Scammers usually send thousands of phishing emails at a time so keep an eye out for generic greetings.
Don't be tempted to reply
- Requests to send money - As a general rule, any email with requests to send money should be considered a scam. Scammers might ask you for money to cover expenses or fees in return for a service.
- URGENT! IMPORTANT! - You could receive an email to say 'your account will be closed' and scammers will try and make you panic and react quickly to send confidential information. These emails are usually made to look like they've been sent from your bank.
- The message appears to be from a government agency - These phishing emails claim to be from government departments such as HMRC or law enforcement agencies and are created to scare and pressure you into giving out confidential information.
Examples of Phishing emails
example-of-phishing-email-with-(Last-Attempt)-From-TalTalkTeam-in-subjectexample-of-phishing-email-with-New-message-in-subjectexample-of-phishing-email-with-TalkTalk-Notice-in-subjectexample-of-phishing-email-with-Reminder-Mailbox-Update-Requiredin-subjectexample-of-phishing-email-with-New-message-from-Talk-Talk-in-subjectexample-of-phishing-email-with-Email-Notification-in-subjectexample-of-phishing-email-with-Finial-Reminder-in-subjectexample-of-phishing-email-with-MAILBOX-CHECK-in-subject
example-of-phishing-email-with-NEW---FINAL-REMINDER(PLEASE-READ)-in-subjectexample-of-phishing-email-with-TalkTalk-Account-Update-in-subject
How to report spam?
If you're using our TalkTalk mail, then it's really easy: you can either select multiple emails from the inbox, or from inside the email you can select the Mark as Spam button at the top. This will be investigated and if seen as spam then it will be blocked.
Auto Deletion of Trash: Any messages that are in the Spam and Trash folders will be automatically deleted after 30 days.
How to report spam?
If you're using our TalkTalk mail, then it's really easy: you can either select multiple emails from the inbox, or from inside the email you can select the Mark as Spam button at the top. This will be investigated and if seen as spam then it will be blocked.
Auto Deletion of Trash: Any messages that are in the Spam and Trash folders will be automatically deleted after 30 days.
How to report a phishing email?
It's really easy to let us know about Phishing emails following these steps.
Using Webmail
- Open the email that you want to report for phishing
- Select the more actions menu (the 3 dots top right of the email ) and select Save as file from the drop down menu. This will download the email as a file to your downloads folder.
- Then compose a new email add phishing@talktalk.co.uk to the To Field
- Add phishing email example in Subject
- Then select attach (Paper clip at bottom) select the downloaded file
- Send email
Using Mail client
- In most cases you can drag the email to your desktop
- Then compose a new email, add phishing@talktalk.co.uk to the To Field
- Add phishing email example in Subject
- Then attach downloaded file
- Send email
Our security team will then check through these and block them on our network where appropriate.