🎣 Phishing

“Phishing” is a type of social engineering attack or scam where someone is trying to steal sensitive information by impersonating someone you trust. It’s often by email, but can also be through voice calls (“vishing”), text messages (“smishing”) or QR Codes (“quishing”), as well as any other communication channel.

If you suspect you have been the target or victim of a phishing attack, or even if you’re not sure, you must follow the “What if I reply to phishing, or open an attachment?” steps below.

You will never be in trouble for reporting any potential security problem, even if you think you were somehow responsible (see our zero blame principle).

How can I spot phishing?

Some phishing attacks are easy to spot, but others can be incredibly sophisticated. There are a few easy rules you can follow to avoid being taken in:

  • If something feels weird, it probably is. Trust your gut.
  • Think about if the person is asking for something they should already have.
  • Anybody asking you to spend money is suspicious, especially if they’re not clear about what it’s for, or are asking for you to do something like buy gift cards.
  • Short emails asking “how are you”, “can you talk” or similar are usually the beginnings of a scam.
  • A sense of urgency is common in scams. If there’s pressure to do something quickly, that’s usually a good reason to take your time and check.

How can I double check?

  • The easiest way is just to ask. If a message claims to be from a specific person, reach out to them and check.
  • If you’re not sure you can forward any email to [email protected], including any attachments.

What if I reply to phishing, or open an attachment?

  1. Don’t panic.
  2. Stop all further contact.
    • If they email you, ignore it (but don’t delete it, in case we need to investigate).
    • If they call you, hang up.
    • Don’t open any other links or attachments.
  3. If you shared any passwords, change them straight away. Use a strong, unique password you haven’t used somewhere else.
    • If you use that same password anywhere else, change your password there as well, but to something completely different.
  4. If you opened an attachment or clicked a suspicious link:
    • Disconnect your device from any wifi networks or internet connection
    • Avoid using the device until given further advice.
  5. Get in touch with the Data Protection Officer straight away by emailing [email protected] or calling 0113 551 0101.
    • Make sure to include what happened – did you reply, click a link, open an attachment etc.
  6. If you have sent any money or shared bank details, contact your bank as a matter of urgency and let them know. You should use your bank’s 24/7 fraud reporting number.

The Tech Team will guide you through what to do next.

Page owner:
Technology Team
Last reviewed:
21 March 2026

© 2026 St Mary's Church, Whitkirk