Skip to Content

Phishing

What is phishing and how to avoid it

Phishing scams use deceptive emails, texts or calls/voicemails ("vishing") to trick you into sharing sensitive details. Watch for urgent requests, suspicious links or attachments, unusual greetings, poor grammar and email domains that don’t match the real organisation. Never click on links or call numbers from unexpected messages – always verify with the organisation directly using a trusted contact.

Scammers pretend to be from trustworthy companies or organisations. Your personal details can be used to steal money from your bank account, spend money using your debit or credit card, get loans by faking your identity or open fraudulent accounts.

If you’ve responded to a scam, contact your bank immediately to ask about chargeback and report the incident to the Gardaí. For more on scam texts and calls, go to ComReg scam calls and texts

Phishing emails

Scammers imitate companies like banks, credit card companies, online retailers, delivery companies, utilities and government bodies. They use similar logos and email addresses to appear genuine.

Example

You get an email that looks like it’s from your bank asking you to verify a transaction that you don’t recognise. The email contains a link which takes you to a website which looks like your bank’s website and asks you to ‘verify’ your account information. 

The email prompts you to take urgent action, warning that your account may be blocked or card cancelled if you don’t. Always contact your bank yourself independently to check everything is okay if you get an email like this. You should use the number on the back of your bank card so that you know it’s genuine.

How to spot a phishing email

Urgent call to action

Scam emails often claim something is wrong and urge you to act immediately, such as updating your account or claiming a prize to avoid a penalty.

Suspicious links or attachments

Be wary of emails asking you to click a link or open an attachment, especially if they create a sense of urgency. Links may lead to fake websites and attachments can infect your device with malware.

Unusual email greeting

If an email starts with a generic greeting like ‘Dear Sir or Madam’, be cautious. Most businesses use your name. Also, check if the sender’s address matches the organisation’s official email.

Poor grammar and spelling

Badly worded emails with spelling mistakes are a red flag. Most reputable organisations use professional communications, though AI is making scam emails harder to spot.

Check the email domain

Look closely at the part after the @ symbol. Scammers often use free webmail addresses or subtle misspellings. Cross-check the sender’s email with the official website to be sure it matches.

"Smishing" over text/SMS or instant messaging apps 

Smishing is when scammers send fraudulent messages to mobile phones, trying to steal your personal or financial details. These messages can be hard to spot, as they may even appear within a genuine thread of messages from a real organisation.

Scammers often pretend to be trusted organisations like banks, credit card companies, online retailers, delivery companies, utilities, motorway operators or government bodies. Sometimes, they may even pose as a family member in distress and ask you to send money.

Top tip
Never click on a link or call a number from a text message you weren’t expecting. If you’re unsure, visit the business’s official website and contact them directly.

Signs of a smishing scam:

  • You get an unexpected text claiming to be from a reputable organisation, asking you to visit a website or call a number you don’t recognise.
  • The message tries to alarm you, saying you need to act urgently to avoid negative consequences, such as verifying or updating your account or paying a penalty.
  • You’re asked to click a link that leads to a fake website. Scam sites can look very professional and closely imitate real ones.

Example

You receive a text claiming to be from your broadband provider, saying your last payment didn’t go through and your WiFi will be disconnected. The text includes a link and asks you to update your account details immediately.

Always stop, think and check before acting. Don’t feel pressured – contact your broadband company independently to confirm if the message is genuine.

Further information

The Commission for Communications Regulation (ComReg) is the statutory body responsible for protecting consumers in this area. Read their advice about scam texts.

"Vishing" by phone or voicemail

Scammers call or leave voicemails pretending to be from trusted organisations. They try to trick you into giving personal or financial information.

How it works:

The caller may already know your name, address or account details, or mention fake fraudulent transactions. Some scammers ask you to install software that lets them steal your details when you shop online. They create a sense of urgency to get you to act quickly.

New risks: deepfake voice AI

Scammers can now use AI to clone voices. They might impersonate a family member, your boss or someone you trust. With deepfake technology, a scammer can make a convincing copy of someone’s voice and have it read a script or even answer your questions in real time.

For example, a grandparent might get a call from someone sounding exactly like their grandchild, claiming to be in trouble abroad and urgently needing money. Always be cautious, even if the voice sounds familiar.

How to stay safe from vishing

Never give out personal details if a business or person calls you unexpectedly. Hang up and call back using a number you know is legitimate, such as the one on the back of your card or from the official website. If a family member calls asking for money in an emergency, try to contact them through another method before sending anything.

Example

You get a call from someone pretending to be tech support from a company you know and trust. Scammers often use familiar names such as ‘Eir’, ‘Microsoft’ or ‘Apple’. The person may greet you by your first name and seem very friendly.

They tell you there is an issue with your internet speed and they need to run a speed test. They’ll try to talk you through a series of bogus steps to fix the issue and look for a card payment.

They may even seek to get remote access to your computer and install malicious software there which will provide them with your personal or financial information.

What to do:

If you feel uncomfortable or unsure at any point, hang up immediately. Do not follow any instructions or give out any information. Call the company back using a number you know is legitimate (such as the one on their official website or the back of your card) to check if the call was genuine.

What should you do if you get caught by a scam?

If you have responded to a scam and given your bank account details, notify your bank or card issuer immediately. Ask if you can get the payment reversed through chargeback. Your account can be placed on hold and your card cancelled if necessary. You should also report it locally to the Gardaí.

Sign up for the latest news from CCPC