Phishing

If you’re not sure a web link you’ve been sent is genuine, it’s safer to use a trusted search engine – like Google – to access the organisations website directly.

• You can hover over any in-email link to see the web address it leads to. However, fraudsters may set up an addresses for their fake websites that look very similar to a genuine web addresses – for example, www.vodaphone.io instead of www.vodafone.co.uk

• Fake websites can be hard to spot as fraudsters may copy content from a real website they’re impersonating.

• ‘https’ before the web address or a padlock symbol next to the address bar doesn’t always mean that the website is genuine. This just means the connection to the website is secure. You can always click the padlock symbol to check what the website is claiming to be.

Phishing texts will usually ask you to do something – like click a link or call a number. They may be sent from a UK mobile number that you don’t recognise, and will almost always try to create a sense of urgency – telling you’ve won a prize for example.

How to: Report scam text messages to us

How to keep yourself protected:

• Check the sender info, as well as the numbers or links in the message. Don’t click on the link. Do these details match the details the organisation normally uses when they contact you?

• If in doubt, use a trusted search engine – like Google – to find contact details for the organisation to contact with them directly 

• Don’t call phone numbers you don’t trust – the number may be very expensive to call, or the call could be answered by a convincing fraudster 

• Equally, don’t click links you don’t trust – it could infect your device with a virus, or direct you to a convincing fake website

Important: If you get a text message claiming to be from Vodafone that you aren’t sure about, get in touch with us to check it out

Phishing isn’t always easy to identify. Look out for things like: 

• Grammatical errors and spelling mistakes in texts and emails

• An impersonal greeting – for example, ‘Dear Sir/Madam’. If you’re registered with Vodafone, we’ll contact you using the name you’ve provided us

• Overly long web addresses full of special characters or letters substituted for numbers

• Pressuring language urging you to act or respond quickly – they might claim your account ‘will be suspended’ if you don’t

• Unexpected emails or texts – try to think if there’s a good reason for this organisation to be contacting you

• Website pop-ups – in the same way as emails, a pop-up may try to entice you and create a sense of urgency to act in order to collect your personal information. If you ever see a pop-up claiming to be Vodafone that you think is a scam, report it to phishing@vodafone.co.uk – include the date and time of the pop-up, the website it appeared on and, if possible, your public IP address

Don’t reply to the email or text. 

Don’t click on any links you don’t trust. 

Don’t give away any of your personal information. 

What if it’s too late?

If you think you may have accidentally shared your details with a scammer, then take immediate action to protect your bank accounts, mobile phone account and any other accounts the scammer might be able to access. 

If you shared security details relating to your Vodafone account, contact our fraud team immediately to make us aware and update your details.

If you receive a suspicious email that claims to be from Vodafone, forward it to phishing@vodafone.co.uk – we’ll investigate and try to find out where it came from.

Anti-phishing software is usually included in most anti-malware packages – make sure this is kept up-to-date so you stay protected.

There are lots of antivirus apps. Make sure to get yours from a legitimate app store, like The App Store (Apple) or Google Play App Store.

Important: This type of software can’t always provide 100% protection, so always be on the lookout for scams.