Phishing

How do I report phishing and spam texts?

Forward any spam texts to 7726 – our free spam text reporting service. Alternatively, if you're using an Android device, you can also tap the Report Spam button in the messaging app. This button will be displayed if the message is from someone who isn't in your Contacts, or if it looks suspicious to Google. 

There are further details below as to how to spot phishing scams, report them and protect yourself.

What is phishing? 

Phishing is a technique used by criminals to try and steal information about a person’s identity. This can be done by email, text or even over the phone. 

  • Usually, a phishing scam takes the form of a text or an email that looks like it’s from a real organisation – HMRC or your bank for example

  • They create a sense of urgency to give the impression you need to act immediately – because you’ve won a prize, or there’s something wrong with your bank account for example

  • Emails often include logos and fonts that look exactly like the organisations they claim to be from

  • There’s normally a link that leads to a fake website if it’s clicked, or a phone number that connects directly with the fraudster if dialled. If you click or call, you’ll be asked for personal information like usernames, passwords, PINs and bank details 

  • Another email tactic used is asking you to open an attachment containing a virus or malware

Important: Always take a moment to review emails and texts, and don’t be pushed into an immediate action – like clicking or sharing information. If in doubt, never click links or open attachments. Unknowingly sharing personal information with fraudsters can result in identity theft and money being stolen from your bank accounts.

If you’re not sure a web link you’ve been sent is genuine, it’s safer to use a trusted search engine – like Google – to access the organisations website directly.

  • You can hover over any in-email link to see the web address it leads to. However, fraudsters may set up an addresses for their fake websites that look very similar to a genuine web addresses – for example, www.vodaphone.io instead of www.vodafone.co.uk

  • Fake websites can be hard to spot as fraudsters may copy content from a real website they’re impersonating

  • If you’re not sure a web link you’ve been sent is genuine, it’s safer to use a trusted search engine – like Google – to access the organisations website directly

  • If you see ‘https’ before the web address in your browser or a padlock symbol next to the address bar, this means the website is secure – you can always click the padlock symbol to check the website is what it’s claiming to be

Phishing texts will usually ask you to do something – like click a link or call a number. They may be sent from a UK mobile number that you don’t recognise, and will almost always try to create a sense of urgency – telling you’ve won a prize for example.

How to: Report scam text messages to us

How to keep yourself protected:

  • Check the sender info, as well as the numbers or links in the message. Do these details match the details the organisation normally uses when they contact you?

  • If in doubt, use a trusted search engine – like Google – to find contact details for the organisation to contact with them directly 

  • Don’t call phone numbers you don’t trust – the number may be very expensive to call, or the call could be answered by a convincing fraudster 

  • Equally, don’t click links you don’t trust – it could infect your device with a virus, or direct you to a convincing fake website

Important: If you get a text message claiming to be from Vodafone that you aren’t sure about, get in touch with us to check it out

Phishing isn’t always easy to identify. Look out for things like: 

  • Grammatical errors and spelling mistakes in texts and emails

  • An impersonal greeting – for example, ‘Dear Sir/Madam’. If you’re registered with Vodafone, we’ll contact you using the name you’ve provided us

  • Overly long web addresses full of special characters or letters substituted for numbers

  • Pressuring language urging you to act or respond quickly – they might claim your account ‘will be suspended’ if you don’t

  • Unexpected emails or texts – try to think if there’s a good reason for this organisation to be contacting you

  • Website popups – in the same way as emails, a popup may try to entice you and create a sense of urgency to act in order to collect your personal information. If you ever see a popup claiming to be Vodafone that you think is a scam, report it to phishing@vodafone.co.uk – include the date and time of the popup, the website it appeared on and, if possible, your public IP address

Don’t reply to the email or text. 

Don’t click on any links you don’t trust. 

Don’t give away any of your personal information. 

What if it’s too late?

If you think you may accidentally have shared your details with a scammer, then take immediate action to protect your bank accounts, mobile phone account and any other accounts the scammer might be able to access. 

If you shared security details relating to your Vodafone account, contact our fraud team immediately to make us aware and update your details

If you receive a suspicious email that claims to be from Vodafone, forward it to phishing@vodafone.co.uk – we’ll investigate and try to find out where it came from.

Anti-phishing software is usually included in most anti-malware packages – make sure this is kept up-to-date so you stay protected.

There are lots of antivirus apps. Make sure to get yours from a legitimate app store, like The App Store (Apple) or Google Play App Store.

Important: This type of software can’t always provide 100% protection, so always be on the lookout for scams.