Illustration of an envelope
  • Security

Email scams

Fraudsters will often use emails to trick you into handing over your money or personal information

What is phishing?

Phishing is an email scam designed to trick you into handing something over to a fraudster, whether that’s money or your personal information such as bank account numbers or online banking passwords.

The email might have branding to make it look like it comes from a business or organisation you already have a connection with – your bank, your doctor, a tradesperson or HM Revenue and Customs (HMRC). Or it might appear to come from a business you’d be interested in buying from – a holiday company or fashion brand.

How to spot a phishing email

With the rise of artificial intelligence (AI), fake emails are getting more convincing all the time. But there can be some signs that an email isn’t genuine, so look out for:

  • An amazing, time-limited offer or strong encouragement to ‘click here/now’ – encouraging you to respond quickly
  • An email that doesn’t use your name – perhaps they don’t really know who you are
  • Spelling and grammar mistakes (though phishing emails are getting more sophisticated than they used to be)
  • Imagery or design that looks familiar but doesn’t feel quite right
  • An unusual email address – it might look a bit similar but does it really match the official company’s email address?
  • Encouragement to click on an unknown link – if you’re not sure, visit the organisation’s website directly rather than clicking through
  • A request for you to share personal data

We’ve added new features to our emails to help you better identify them as genuine messages from us.

  • If you’ve registered with a UK home address, we’ll use part of your postcode in the emails we send, except for Premium Bonds prize winner emails.
  • Emails from NS&I will have ‘NS&I Customer Services’ or “NS&I’ as sender names and will be from one of the following email addresses:
  • We’ll never send you a link in an email going directly to our login page, or ask you to enter your online banking details.
  • Our email footers will only contain links to our ‘Contact us’ page, privacy notice and official NS&I social media channels such as Twitter (@nsandihelp) and Facebook (@nsandi).

    • Contact us

    Privacy notice

    Twitter (@nsandihelp)

    Facebook (@nsandi)

If you have a concern about an email that appears to be from NS&I, please send it to us straight away at:

phishing@nsandi.com

What to do if you suspect fraud

If you’ve seen something that doesn’t feel right, STOP!

  • Break the contact – don’t reply, click on any links, call any phone numbers or make any payments
  • Check if it’s genuine: contact the organisation directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card or by calling 159 for banks
  • Before you delete the email, forward it to report@phishing.gov.uk

What to do if you’ve already responded to the email

Don’t panic! What you do next depends on whether you’ve replied, clicked a link, sent information or made a payment. Take a look at the advice on the government’s new Stop!ThinkFraud website on what to do if you’ve been a victim of fraud.

Stop!ThinkFraud - National Campaign Against Fraud is brought to you by UK government in partnership with City of London Police, National Cyber Security Centre and National Crime Agency. stopthinkfraud.campaign.gov.uk/

If you have won a Premium Bonds prize we'd love to hear from you

Tell us on Facebook

Related articles