Phishing and e-mail spam

WFN Position

WFN are aware of attempts to defraud WFN members, trustees and the public by impersonating WFN personnel.

"Phishing" is the most common type of cyber attack that affects organisations like ours. Phishing attacks can take many forms, but ultimately it is for identity theft and getting you to share sensitive or personal information such as login credentials, credit card information, or bank account details, or asking you to transfer money.

These scams can be very convincing and are increasingly sophisticated and extremely easy to fall for because they appear to be from people you know or companies you have dealt with in the past and trust.  The e-mails can be difficult to detect because they appear to be harmless, and have a normal, friendly tone or have no links or attachments, bypassing digital security measures such as spam filters, anti-virus and malware detection.

In general, we would advise:

  • Be suspicious of any email or texts that you receive from people and companies you have not had contact or dealings with recently.
  • Be suspicious of any email or texts that asks you for money or to confirm personal information such as bank, address, full name, telephone number etc.
  • Do not click on links or open attachments that are contained in the message.
  • Do not reply to email or text that you suspect to be phishing.
  • Always check the reply address is legitimate BEFORE sending. If possible confirm via the official web site or public directories to check the domain (last part of the email address after the @)
  • Check telephone numbers — these may be premium rate numbers.

Although the WFN maintain controls to help protect our networks and computers from cyber threats, it is not possible to police every phishing scam that appears.  It is the responsibility of each one of us to ensure we remain vigilant and wary of phishing attempts and cyber threats.

If you've already responded to a suspicious message, we would advise that you take the following steps:

  • If you’ve been tricked into providing your banking details, contact your bank and let them know.
  • If you have paid the money, gather all documentation regarding the transaction and emails/invoices received and report the incident as soon as possible to your local police.
    IMMEDIATELY alert your bank to the fraudulent transaction. The bank should immediately try to re-call the funds.
  • If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to the NCSC guidance on recovering a hacked account.
  • If you received the message on a work laptop, computer or phone, contact your IT department and let them know.
  • If you opened a link on your computer, or followed instructions to install software, open your antivirus software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds. 
  • If you've given out your password, you should change the passwordson any of your accounts that use the same password.
  • If you've lost money, tell your bank and report it as a crime.  By doing this, you'll be helping the battle against criminal activity, and in the process prevent others becoming victims of cyber crime.

WFN are not responsible for spam and phishing email that you may receive. Any actions you decide to take is at your own risk and WFN cannot be held accountable for any losses, financial or otherwise, that may 

Thank you again for helping to keep our network, and our people, safe from these cyber threats.

If you have any questions, please contact us at