Phishing is a fake email, and smishing is a fake text message, both designed to look like they come from a company you trust so you hand over a login or a payment. They are common, but they share tell-tale signs. Once you know them, they are much easier to spot.
The signs to look for
| Sign | What it looks like |
|---|---|
| Urgency or threat | "Act now or your account will be closed." Genuine messages do not pressure you to act in a panic. |
| Asks for secrets | Requests your password, PIN, full card number or a one-time code — things we never ask for. |
| Odd link or sender | A web address that is not on our genuine-domains list, or a sender address that is almost-but-not-quite right. |
| "Safe account" | Tells you to move money to a new account to protect it. This is always a scam. |
| Small details that don't fit | Your name missing, an amount or reference that is wrong, clumsy spelling, or a request you were not expecting. |
Even if a message looks convincing, do not use its link or phone number. Open credicorp.co.uk yourself, sign in, and check. If it was genuine, the information will be there; if it was a scam, you have lost nothing.
What to do with one
Do not reply, tap links or call the number. You can report scam texts to your mobile network (often by forwarding to 7726) and suspicious emails to the National Cyber Security Centre at report@phishing.gov.uk. Then delete it. If you are not sure whether a message is real, check how we will and won't contact you.
If you have already clicked or shared something, act quickly — see what to do if you think you have been scammed. For confirming a website is genuinely ours, see which Credicorp websites are genuinely ours.
See also: Advance-fee and fake loan offer scams, Choosing a strong password for your business account, How do I spot a scam pretending to be from Credicorp?.