Close-up of hands typing on a keyboard in a dimly-lit room

Brits are losing millions of pounds a year to phishing attacks – Microsoft is helping to stop that

Microsoft is supporting a UK police force in its bid try to stop people losing millions of pounds every year to phishing scams.

City of London Police revealed that Brits handed over £19m in online frauds in the past 12 months, with malicious emails containing harmful links one of the most successful methods used by cyber-criminals.

Action Fraud, the UK’s national fraud and cyber-crime reporting centre, added that it received more than 250,000 reports of phishing – a fraudulent attempt to obtain sensitive information such as usernames, passwords and bank details by disguising oneself as someone trustworthy – between April 2018 and March 2019. Over two-thirds of those reports were about emails claiming to be from a well-known brand. There were almost 70,000 reports of phishing phone calls and nearly 18,000 related to phishing text messages.

City of London Police is now working with Microsoft to ensure people know how to protect themselves online and while using their phone.

They advised people not to click on links or attachments in suspicious emails; never respond to unsolicited messages and calls that ask for personal or financial details; not to use Caller ID or email addresses to determine if a communication is legitimate as these can be spoofed by criminals; and to contact Action Fraud if you have received a phishing message, provided personal or financial details as a result of a phishing message, or lost money to a fraudster.

A woman looks at security settings on her Surface device

Microsoft spends more than $1 billion a year on cybersecurity research

Commander Karen Baxter, National Police Coordinator for Economic Crime at the City of London Police, said: “Phishing messages are a fraudster’s gateway. If you provide personal details in response to these messages, this can give criminals access to your accounts, leaving them free to commit fraud.

“Fraudsters often use spoofed phone numbers and email addresses to trick you. If you receive a message claiming to be from a well-known brand or organisation, always check directly with that brand or organisation to see if it is legitimate. If something feels wrong, then it is usually right to question it.”

One victim, who wished to remain anonymous, told the City of London Police’s Economic Crime Victim Care Unit that he felt stalked. He knew he had fallen victim to a scam and changed his passwords, but wishes he had reacted quicker. It wasn’t until speaking to people he knew who worked in IT that he was told he should cancel false log-ins and change all his passwords.

Microsoft spends more than $1 billion a year on cybersecurity research. Last year the company announced a number of new security tools for business users that included some to prevent phishing attacks, while NSS Labs rated Microsoft Edge as the best internet browser for defending against phishing websites.

Abrahim Bakhtiar, CELA Senior Attorney at Microsoft Digital Crimes Unit UK, said: “Our research shows that more than 40% of people in the UK have been targeted by increasingly sophisticated attacks. The best protection against these scams is awareness – be vigilant and don’t open attachments or click links in unsolicited emails unless you are sure who the sender is, even if the message appears to be from Microsoft. If the email is unexpected, be extra cautious about opening any attachments.”

You can report fraud and cybercrime to Action Fraud on 0300 123 2040 or online at To chat to an Action Fraud adviser, visit the Action Fraud website for a 24/7 web chat service. If you are a business, charity or other organisation that is suffering a live cyber attack, call Action Fraud on 0300 123 2040 immediately, where specialist advisors can take your call 24 hours a day, seven days a week.