Case in point, scammers are now impersonating major banks to trick people into ponying up financial information. But a quick look at the sender field in one of these sketchy emails will show its all a trick. Tap or click here to see the signs to watch out for. According to reports from Express, this unusual email has been targeting inboxes in the U.K. with urgent notices of impending charges. Once a victim attempts to cancel the service (by verifying card information, of course), that data is immediately harvested by the scammers, who can then use the card or account information to steal money. If you make the mistake of allowing the person on the other end of the line to access your computer, they then proceed to scan your system for usernames, passwords and all valuable personal data.

Am I at risk for this hack? What can I do to avoid it?

Thankfully, the majority of complaints about these scams appear to come from the U.K., but that doesn’t mean they won’t be coming our way soon. Scammers often take their operations globally after finding local success, so don’t be surprised if you get an email or call about your “subscription” in the near future. You can use this same trick to identify other phishing attempts on your account since it’s difficult for hackers to hijack an official company email address for mass-mailing campaigns. The same can be said with phishing websites, which don’t even bother to compromise or spoof domain names most of the time. Attack patterns like magecart attacks are much more dangerous to your finances, as they embed themselves into existing webpages with trusted URLs to scan what you type. Tap or click here to see what a successful magecart attack can do. If you want to avoid getting caught a phishing campaign, here are some easy steps you can take to stay safe:

Avoid opening emails if you don’t know the sender. It’s one of the easiest ways to avoid getting suckered into a phishing campaign. If you never open malicious messages in the first place, they can’t hurt you.Never download attachments unless you’re 100% sure of what they are and who they’re from. If an email comes in from a trusted friend or relative, it’s worth calling them to make sure they actually sent it. Email attachments are one of the most common methods for malware infection, after all.Always check the sender’s email domain. If the email claims to come from a trusted source, use your best judgment and look at the sender field. If it’s from a mismatched URL, that’s as big of a red flag for phishing as any.Don’t ever click unknown links in emails. Just like with attachments, it’s worth getting in touch with the email’s sender to make sure you’re not visiting any malicious or dangerous websites.Check the URL for any site you visit. You can do this by hovering your cursor over a link before clicking on it. This doesn’t just apply to links from emails, but anywhere else you visit on the web. If a URL appears mismatched to the contents of the page, get as far away as you can.If an email asks for personal data or login information, ignore it. Most businesses and platforms will never ask for your information point-blank, and will usually give you the option to reset these things on your own.

If you follow these steps, there isn’t much a campaign like this can do to you other than keep trying to trick you. But as bad as this all is, we have to give the scammers credit for creativity. It’s just up to us to be even more creative.