Phishing Emails Are the UK's Biggest Online Threat — Here's How to Stop Them

Hero image for the Phishing Emails Are the UK's Biggest Online Threat — Here's How to Stop Them article.

1. Why phishing has overtaken viruses as the UK's #1 threat

Classic viruses still exist, but they're a solved problem for most people: Windows ships with Microsoft Defender, browsers sandbox downloads, and the days of an email attachment silently wrecking your PC are mostly behind us. Phishing went the other way - it got better. AI-written messages have eliminated the broken English that used to give scams away, and the targets have shifted from your computer to your passwords, card details and bank logins - things no antivirus scan can take back once you've handed them over.

The numbers are stark:

Notice what's missing from those headlines: viruses. The modern scam doesn't need to infect your computer. It just needs to fool you for about fifteen seconds.

2. Case study: anatomy of a real UK phishing email

Here's a reconstruction of the kind of email landing in millions of UK inboxes every week - in this case a fake BT billing notice. We've marked the three giveaways:

The three red flags, decoded

• The sender address. The display name says "BT Group", but the actual address ends in bt-secure-account-services.com - a domain BT has never owned. Real BT email comes from @bt.com. The display name is whatever the scammer types; the domain after the @ is the truth.
• Manufactured urgency. "Within 24 hours", "immediately", "your account will be suspended" - pressure is the scammer's best tool, because people who feel rushed don't check details. No UK provider cuts you off with one day's notice over a failed payment.
• The link doesn't go where it says. Hover (don't click) over any button and your email client shows the real destination in the corner. A BT bill will never live at a numbered .top domain. If the link and the brand don't match, it's a scam, every time.

The same playbook, different costumes

That exact structure - trusted brand, urgent problem, link to a fake login page - is recycled across all of the UK's most common phishing campaigns:

• HMRC: "You are owed a tax refund of £243.18" (HMRC never emails about refunds)
• Royal Mail / Evri / DPD: "Your parcel is held - pay a £1.99 redelivery fee" (the fee is bait; the prize is your card details)
• Microsoft 365: "Your password expires today" leading to a pixel-perfect fake login page that harvests your credentials
• Your bank: "We've detected unusual activity - verify your account" with a link to a cloned banking site
• Norton / McAfee renewals: "Your subscription auto-renewed for £349.99 - call to cancel", designed to get you on the phone with a "refund agent" who wants remote access to your PC
• Invoice fraud (small businesses): a supplier's "updated bank details" arriving days before a genuine invoice is due - this one alone costs UK SMEs millions every year

3. The 60-second checklist that catches nearly every phish

You don't need to be technical. Before acting on any unexpected email that involves money, passwords or personal details, run through this:

• Check the real sender domain. Not the display name - the part after the @. Misspellings, extra words (bt-secure-billing) or free webmail addresses are instant fails.
• Hover over every link before clicking. The destination shows in the bottom corner of your screen. Brand and domain must match.
• Ask: was I expecting this? Unprompted refunds, parcels you didn't order, invoices you don't recognise - unexpected is the biggest red flag of all.
• Notice pressure. Deadlines measured in hours, threats of suspension, "act now" - legitimate organisations don't operate like this.
• Never log in from an email link. If the message claims to be your bank, HMRC or Microsoft, close it and go to the website directly - typed by you, or via your bookmark. This single habit defeats almost every credential phish ever sent.

4. Why your spam filter isn't enough (an honest comparison)

"But Gmail and Outlook already filter spam" - true, and they're genuinely good at it. So why did 85% of breached UK businesses still get caught by phishing? Because built-in filters are trained on global mass campaigns. They catch the millionth copy of a known scam brilliantly - and struggle with the fresh template that started circulating this morning, the UK-specific Evri scam that never went viral in the US, or the targeted email that was only ever sent to a few hundred people. Full antivirus suites have the opposite blind spot: they're built to stop malware, and a phishing email contains none - just a link and a lie.

The honest takeaway: keep your built-in filters - they're a good first net. But if your inbox is where your money lives (and for most of us it is), a layer that actually reads each incoming message for intent is the piece that's been missing.

5. EverGuard review: a UK-built tool that reads your email before you do

Full disclosure: EverGuard is built by EverLabs Software Ltd - the same independent UK team behind GadgetScout. We know this product from the inside, which is exactly why it's featured here; judge it on the 30-day money-back guarantee, not our word.

EverGuard grew out of a UK PC-repair business that kept seeing the same thing on customers' machines: not viruses, but the aftermath of phishing emails. Drained accounts, hijacked Microsoft logins, "Norton refund" remote-access scams. So they built the tool they wished their customers had.

How EverGuard catches what filters miss

Instead of pattern-matching against yesterday's known scams, EverGuard runs two AI models over every incoming email in Microsoft Outlook. The first classifies each message; anything that looks risky gets double-checked by the second model before it's allowed anywhere near your inbox. Dangerous emails are pulled out entirely, junk gets moved to a separate folder you can review, and clean mail arrives untouched. In the team's own testing it caught 100% of dangerous emails - and because it works on the content and intent of each message, a brand-new scam template is just as catchable as an old one.

Inside the EverGuard dashboard

Everything lives in one plain-English dashboard: what's been caught, what went to junk, and - because it doubles as a PC health tool - live CPU, memory and disk gauges. The cleanup side removes temp files and caches (with a preview before anything is deleted), manages which programs launch at startup, and fixes broken shortcuts. It's the "tune-up plus protection" combination a local PC shop would do for you, running quietly all the time.

EverGuard in action: what a caught phish looks like

When EverGuard intercepts something dangerous, it never reaches your inbox - you see it listed in the dashboard with a plain-English reason ("impersonates a billing provider; link leads to a recently-registered domain"). No jargon, no judgement calls left to you at 7am before coffee.

Setup, pricing and the honest limitations

• Setup: create an account at everguard.uk, download the app, paste your licence key - about five minutes, no technical steps.
• Price: £4.99/month covering everything, with a 30-day money-back guarantee and month-to-month cancellation. No annual lock-in, no "renewal price" games.
• The limitations, plainly: it's Windows 10/11 only and protects classic desktop Outlook - if you read email purely in a browser (Gmail webmail) or on a Mac, this isn't your tool yet.
• Who it's perfect for: anyone running their life or small business through Outlook on a Windows PC - and especially the family member whose PC you end up fixing. Install it on your parents' machine and the scary emails simply stop arriving.

Try EverGuard free for 30 days →
30-day money-back guarantee · £4.99/month · cancel any time · UK-based support

6. Build a layered defence (the rest of the toolkit)

No single tool is a complete answer. The setup that makes you genuinely hard to scam looks like this:

• An email layer that reads intent - EverGuard (above) if you're on Outlook/Windows, or at minimum aggressive use of your provider's report-phishing button, which trains its filters.
• A password manager - because it autofills passwords only on the real site, a fake login page gets nothing. Our guide: the best password managers for UK users.
• Two-factor authentication everywhere - prefer app-based codes or passkeys over SMS. Even a stolen password then isn't enough.
• The "go there yourself" habit - never log in via an emailed link. Bookmark your bank, HMRC and Microsoft login pages.
• A healthy, updated PC - keep Windows Update on, and have a periodic clear-out (our Windows cleanup tools guide covers the safe options).

Frequently asked questions