Phishing scams are becoming smarter and harder to spot. Scammers are constantly adapting. Whether it’s a fake email, a suspicious text or a message in your Facebook Page inbox, they’re finding new ways to trick you into giving away personal details. Their goal is to get you to hand over sensitive information without even realising.

This piece breaks down exactly what a phishing scam is, shares real examples we’ve seen firsthand and explains how to protect yourself and your accounts. If you use email, text or social media, this is one blog you don’t want to skip.

What is a Phishing Scam?

A phishing scam is a deceptive attack where scammers try to gain access to your online accounts and data. The three main places you’re likely to encounter phishing scams are:

  • Email
  • Text messages
  • Social media

As online protection improves, scammers are upping their game. It’s important to be aware of where phishing scams appear and how to identify them.

Ask yourself if you’ve ever received an email, text or social media message that seemed a little odd. Chances are, you’ve received many phishing scams during your time on the internet.

What Are Some Phishing Examples?

So, what are the tell-tale signs that an email, text or social media message could be a phishing scam? As a leading digital marketing agency, we’ve received our fair share of phishing attempts. While many arrive via email, we also receive plenty through social media.

Below are some recent and common phishing attempts we successfully avoided.

1. Email Fraud – Deceptive Emails Impersonating Brands

As a digital marketing agency offering organic and paid social services, we are more prone to receiving phishing scam messages from people trying to deceive us. One example is a fake policy violation email claiming to be from Meta. Because we know what to look for, this scam was identified immediately and deleted.

The first thing to check in any suspicious email is the sender’s address, as this is often the first red flag. Scammers frequently use addresses that look similar to legitimate ones but contain small errors or unusual domains. Always compare it against the official email addresses used by the company the message claims to be from.

Another common sign is the link embedded within the email. At face value, it may look completely genuine, often appearing as a familiar or trusted URL. However, if you hover over the link (without clicking it), you’ll usually see the real destination and it often looks nothing like the official website. This is a classic example of deceptive text-hyperlinking used in phishing scams.

Scammers also rely heavily on urgent or threatening language. They try to pressure you into acting quickly by claiming things like account restrictions, policy violations or immediate consequences if you don’t respond right away.

Finally, phishing emails often lack specific details. They might reference vague accounts, generic pages or information that doesn’t match anything you actually use. When multiple signs like these appear together, it’s a strong indicator that the message is fraudulent.

If you identify these red flags, the safest action is to report the email, block the sender and mark it as spam.

2. Social Media Messaging – Meta Phishing Scam

I’ve seen a lot of these throughout our time advertising on Meta, and once you start advertising, so will you. It’s all too common to receive messages from people claiming to be from Meta support.

You’ll find this happens a lot more to the admins of Facebook pages. Scammers will prey upon the inboxes of pages that run adverts, as they know there is a chance of money!

First, it’s important to remember that Meta will never message your Facebook page. If you have a support chat open with Meta, it’ll be through your personal profile, separate from a page’s inbox. You can differentiate a Meta support chat from a regular chat by the blue verification tick.

Take a look at a real social phishing message we received. 

Do you notice anything suspicious about it? The name is a red flag, as a Meta employee will never message you directly. As with the Phishing email, the scammer resorts straight to threats, claiming our page will be deactivated.

The next thing to observe is the link the scammer has included. It’s clearly not an official Meta or Facebook link. If you receive a message like this, it’s imperative that you don’t click the link or interact with the sender. Instead, you should flag the message as spam and delete it.

With this in mind, keep your eyes peeled and identify when a scam comes to your inbox. Exercise caution when receiving messages and take any necessary precautions, such as reading the linked URL without clicking it, checking for the verification badge that confirms the communication is direct from Meta. If you receive messages like this, it is highly likely that you are being targeted as part of a social phishing attack.

3. Text Message Phishing

This form of phishing has been ramping up in its frequency over the years. Personally, I find them to be the most ineffective. The phishing texts I receive are usually centred around a ‘missed delivery’ or claiming to be from a government service such as HMRC.

Most of the time, these scams come from mobile numbers that are obviously fake. Sometimes, though, the scammers can spoof the number they send from to make it appear genuine. This is why it is important to exercise great levels of caution when receiving a text that could be a scam.

Here’s an example of a recent text message scam.

As you can see, the message supposedly comes from Evri, the delivery company. When I received this message, I immediately ran through a list of questions in my head, such as:

  1. Have I ordered something that is being delivered with Evri?
  2. Do I recognise the number?
  3. Do other texts from Evri show the sender’s name as a mobile phone number?

Asking yourself these questions can protect you from scams. Always check the official company website for advice. Here is an official statement from Evri on text-message-based scams

I Think I’ve Been a Victim of Email Fraud, Text Scams or Social Phishing. What Should I Do?

If you believe you have interacted with a phishing scam, the first thing I would recommend you do is secure your accounts. For example, if you think your Facebook account login has been stolen, try logging in. If you can access your account, change your password immediately and make sure you have 2-factor authentication enabled.

If you cannot access your account, contact support immediately and let them know what has happened. Give them as much information as you possibly can so they can help you with the situation.

If the phishing scam has resulted in the compromise of your bank account details, contact your bank immediately. Freeze any cards at risk and file an indemnity claim for any money lost.

A dependable way to help ensure you don’t input your details in phishing scams is through the use of a password manager. Password managers such as 1Password know the correct domain for the logins saved. With their Passkeys feature, you mitigate the need for a password. 

Stay alert. Stay informed

If you found this guide useful, share it with your team or friends to help them stay protected too.Got questions or want to learn more about online security and digital best practices?

Get in touch with us at Pod Digital: we’re here to help you stay one step ahead.