What Is Phishing (And How to Spot It)

You get a text from your bank saying there’s a problem with your account. There’s a link to click. You’re busy. You click it.

That’s exactly what the criminals are hoping you’ll do.

What Actually Is Phishing?

Phishing is when a criminal sends you a fake message — email, text, WhatsApp, even a phone call — pretending to be someone they’re not. Their goal is to get you to either:

1. Click a link that steals your login details
2. Download something that infects your phone or computer
3. Transfer money to an account they control

The word comes from “fishing” — they cast a hook (the message) and wait for someone to bite.

Why It’s Getting Worse

In 2025, phishing attacks in the UK went up by 140%. The reason? Artificial intelligence.

Criminals now use AI to:

• Write perfect English without spelling mistakes (the old giveaways are gone)
• Copy a company’s tone and style exactly
• Generate fake but realistic voice recordings (voice cloning)
• Create fake websites that look identical to real ones

The 3-Second Test

Before clicking anything, ask yourself:

1. Was I expecting this? If not, stop.
2. Is it creating urgency? “Act now!” “Your account will be closed!” — that’s a trick.
3. Does it ask for personal info? Your bank already knows your details. They don’t need you to confirm them.

If the answer to any of these is yes: don’t click. Delete it.

What to Do If You’ve Already Clicked

Don’t panic. Do these immediately:

1. Change your password for that account
2. Turn on two-step verification (2FA) if it’s not already on
3. Call your bank using the number on your card (not the one in the message)
4. Report it to Action Fraud: 0300 123 2040