We've been made aware of phishing emails being sent to some financial advisers that work with us, which look as though they have come from Aviva. Phishing is a type of social engineering where an attacker sends a fraudulent (e.g. fake or otherwise deceptive) message designed to trick a person into revealing sensitive information.
What to look out for
The phishing emails are sent from an email address spoofing Aviva and using the name of a genuine member of staff. The latest examples are coming from @mail-myaviva.com and @mail-myavivaplc.com. The emails are being sent mostly to financial advisers so you shouldn't get one but, just in case you do, they look like this:
[existing email example]
[new email example]
Please keep in mind that these phishing emails may use other fraudulent email domains spoofing Aviva.
What do I do next?
If you receive an email that you think may be suspicious, don't click on any links or respond to the email. Instead, report it to us via our Fraud Hub. We also recommend that you:
- Report it to report@phishing.gov.uk by forwarding the email or a screen shot of it. This service is provided by the National Cyber Security Centre, the UK government organisation that has the power to investigate and take down scam email addresses and websites.
- Mark the email as junk and then delete it
- If you think you've clicked on or responded to a fradulent email, please follow the advice on the National Cyber Security Centre - if you've shared sensitive information
We are investigating this, and are taking action to shut down any fraudulent domains identified.
For more information on ways to spot and prevent fraud, visit our Fraud Hub. You can also find out more about online scams at the National Cyber Security Centre and Action Fraud sites.