Wendy and Helen S
Updated May 2017
Scams no longer target just the gullible. They still come in letters, texts and calls, but more crooks are now looking online for the chance to get their hands on your hard-earned cash.
This month there was a terrible malware attack on the NHS. And while there's nowt most ordinary folk could've done to stop it, we're all still vulnerable unless we're vigilant. This guide explains what to look out for, how to protect yourself, and what to do if you're a victim of a scam.
In this guide
What are scams?
Scams are fraudulent schemes that dupe people into parting with their personal details and/or cash. They've been around for as long as we can remember, but they're no longer confined to shady door-to-door salesmen or dodgy second-hand car dealers.
Scammers now frequently target people through emails, online banking systems, text messages and online transactions. While fraud is becoming ever more sophisticated, people are still getting caught out by traditional scam letters and phone calls. So you need to be wary.
Some scams are obvious. Someone emails you to say a distant relative has died, and there's no one but you to inherit their $100 million fortune - all you need to do is pay £500 upfront to release the funds. But some scams are a lot less obvious, and a lot more intelligent. This guide's aimed at helping you spot them.
What to do if you've been scammed
Below is a need-to-know checklist of what you should do.
If you've already responded to a scam, end all further communication immediately.
Call your bank and cancel any recurring payments.
Report the scam to the police through Action Fraud on 0300 123 2040, or report a scam anonymously on its website.
Speak to the Citizens Advice consumer helpline on 03454 040506 or the Financial Conduct Authority's helpline on 0800 111 6768.
How do I know if I've been scammed?
You've got unexplained transactions made to your bank account.
Additional financial products pop up on your credit report that you don't remember taking out.
Bank statements meant for your address aren't delivered - this could be a sign of ID fraud.
You're rejected for credit when you've got a good credit history. It's worth checking your credit reference file on a monthly basis to see if someone is making false applications for credit in your name. See the Credit Check guide for full info.
Can I get my money back?
Your first port of call is the company or person that took your money. It may be worth seeing if you can get your money back from them - though if it's a scam, this route's unlikely.
If you bought something costing £100 or more on a credit card, you may be able to claim it back under a little-known law: Section 75. Once you've paid using a credit card, the card provider and retailer are locked into a legally binding contract, so if the retailer can't or won't refund you, you can raise the dispute with your card provider.
You won't be covered under Section 75 if you used a debit card or spent less than £100 on a credit card, but you could try to claim your money back under the Chargeback scheme. It's a voluntary agreement by your debit or charge card provider to stand in your corner if anything goes wrong. It's not as effective as Section 75, and rules vary between providers.
19 tips on how to spot & avoid scams
Scammers continue to find more creative ways to get your cash. This guide can never be completely comprehensive with all the latest scams but we aim to help you to learn what to look out for. The stories around the scams may change, but what you should do to spot and avoid them doesn't.
Have you ever heard of the email from a Nigerian prince wanting you to share his fortune? The person stranded overseas needing £1,000 to get home which they'll pay straight back? Or the lottery you've won in Spain - even though you don't live there, and have never entered a lottery there?
The best way to prevent scammers from getting their hands on your hard-earned cash is to know how to protect yourself in the first place. Here are our top tips on how to avoid scams. They aren't all failsafes, but they can help you think before you act.
Rule-of-thumb: Mistaking the genuine for a scam is nowhere near as bad as mistaking a scam for the genuine.
Fake tax refunds, and other scams to watch out for
Every year, millions of people fall for scams sent through the post, by email, phone, text, in person or online. Don't be fooled by professional-looking websites and marketing materials.
Scammers are good at making their scams look authentic. If you're asked to send money to someone you don't know or have won a competition you didn't even enter, stop!
A perennial favourite is the email telling you you're due a tax rebate. HMRC will never email or text you with this information, and have produced guidance on what's genuine HMRC communication, and what's fake.
If you get a fake email, or a suspicious text message, voicemail or phone call either ignore it, or report it to HMRC.
Scams currently common in the UK
There are 1,000s of ways scammers try to catch you out. Common methods include:
Calls from someone claiming to be from a Government department or representative (or even MSE!), talking about reclaiming bank charges.
Pension 'liberation' (more info in our Release Pension Cash guide).
- Vishing - where scammers tell you they're from your bank and there's been fraud on your account, asking you to call them back, but instead they wait on the line and then get you to hand over bank details.
Miracle cures or miracle weight-loss pills - ketones are common, and appear on many people's Facebook pages.
Fake bank or Apple emails saying you need to re-verify your account details.
Investment scams (the FCA has a site helping you to spot investment scammers - ScamSmart, which includes a database of dodgy companies to avoid)
Deceptive prize draws and sweepstakes.
Fake court summons emails (more on this at Action Fraud).
- Job scams - the Metropolitan Police's Safer Jobs site has advice for jobhunters, employees, employers, plus it lets you report suspected scams.
Fake calls from someone pretending to be from the Financial Ombudsman Service asking for personal financial details. The ombudsman will never call you out of the blue to ask for information, they'll only be in touch if you've got a case with them already.
You can find out more about financial scams on the Financial Conduct Authority's website or for scams in general, see the Metropolitan Police's Little Book of Big Scams, or the Citizens Advice website.
Web security has come to the fore in recent years with major hacks at LinkedIn and MySpace, and Dropbox, resulting in millions of users' account details and sensitive info being stolen and sold online. Fortunately there's a quick, free and easy way to check if your details have been compromised.
The website HaveIBeenPwned? ('pwned' is geek-speak for being made a fool of, it's pronounced 'poned') allows anyone to check if their accounts have been compromised in a number of known data breaches in recent times.
Here's how to use it:
- Go to HaveIBeenPwned? and enter your email address. Enter the address you use at any sites you're concerned may have been hacked – for example, the one you usually log in to LinkedIn with.
- It'll tell you if your account's been compromised. You'll be shown a list of breaches you were 'pwned' in, with some background info on the hack, plus what data was compromised – eg, email address, password, date of birth, etc.
Is it legit?
We've checked the site out and it's well-known by industry experts – the head of Government-backed online safety resource Get Safe Online says it's a "stark reminder to many" of the need to protect yourself online, while it's been featured by the BBC and praised by leading tech sites such as Wired and Vice magazine's Motherboard.
How does it work?
Once data following a breach becomes publicly available online, the site's owner locates it and uploads it to the HaveIBeenPwned? database where it's made searchable.
Passwords and sensitive data aren't stored on the site – only email addresses or usernames which are used to identify whether a user's account details were stolen.
If my details aren't on there does that mean they're safe?
If your info's been stolen, change your passwords – on other sites too
If the website shows that "you've been pwned", don't panic – but do take action. The first thing to do is change your password on the relevant site immediately (companies often do this as soon as they discover there's been a breach anyway).
However, if you've used the same password on other sites, it's important you reset it on those accounts too. Since stolen data often includes both your email address and password, fraudsters who get hold of it may try and use it to hack into other accounts of yours.
You then need to take steps to make sure you've not suffered any financial harm, and to report it. See what to do if you've been scammed for more on this.
The safest way to secure your accounts is to use unique passwords for all your online logins. If this sounds impossible to remember, try a password manager.
These can generate randomised passwords for your various accounts (or you can set your own), and store them all to be accessed with one master password – the only one you'll actually need to remember.
If you prefer to create your passwords yourself and keep them stored in your own login, see Martin's Password help blog.
For more info about password managers and tips on choosing strong passwords, see our brand-new 60-second guide to password security.
If you get an email or text from your bank about fraud, ask yourself whether or not that's the usual way you receive contact from your bank. Think about whether it's sensible for the bank to make contact in that way. The British Bankers' Association's Know Fraud, No Fraud campaign highlights eight things your bank will never do, including calling or emailing to ask you for your full PIN or any passwords.
Banks will also never send someone to your home to collect cash, bank cards etc. Get clued up on the full 'Things your bank will never ask you to do' list.
Get free antivirus software
Web viruses don't just ruin your computer. They can help steal money or even use PCs to commit crime. Some even lie dormant, waiting to be activated - as was the plan with 2014's GameoverZeus virus. To help prevent viruses keep your web browser up-to-date and your PC backed up with free anti-virus software. See our guide on Free Antivirus Software.
Watch out for poor grammar or dodgy spelling
Be vigilant if an email from a 'retailer' or 'bank' is badly-worded or littered with spelling mistakes. Banks and retailers will spend time crafting any emails they do send, and they're likely to proof them too - so bad grammar, dodgy spelling and poor punctuation are likely to be picked up before any emails go out.
But phishing emails aren't likely to go through such a rigorous process.
When is bbc.co.uk not bbc.co.uk?
Not all links are genuine. By 'hyperlinking' text you can make the link say anything. For example, where does this link - www.bbc.co.uk - go? To the BBC, right? Hover your mouse over it and read what it says at the bottom of the screen – though sometimes even that's foolable.
Similarly, where do you think www.moneysavingexpert.1.com goes? Well, it's not to MoneySavingExpert. For web addresses, it's what's before the .com or .co.uk that counts - so this would go to 1.com (which doesn't exist). It's worth looking out for this in web addresses, as it's so easy not to notice extra characters in the web address. Always look where you're clicking.
For more, see Martin's Spam Spotter Rules blog.
Beware phishy links asking for your password
Phishing is a type of spam email where scammers try to reel you in with the hope that you've got a connection to the company they're pretending to be from.
Most of us receive plenty of these each year, such as "your bank security is broken, click here" or "we need your help to retrieve funds", or "your subscription's about to run out".
The emails disguise attempts to steal your passwords, bank codes and money. Often they'll ask for bank or credit card details. Sometimes they'll ask you to download viruses onto your computer. There'll be some sort of link in the email. It often looks real.
When you click on it, it'll probably take you through to a professional-looking website – a mirror image of the real thing. You’ll be invited to put your password in – at that stage, you'll be parting with your cash.
They'll mine for your personal details to build a better profile of you, and could use this to commit identity fraud, taking out mortgages, loans and credit cards in your name.
NEVER click on a link and enter your password - no matter how genuine it looks. If it looks like a genuine security concern, call your bank or visit its published web address. See our top tips to see how genuine-looking links can catch you out.
To ensure you're not caught out:
Never, ever, ever, ever, EVER open an attachment unless you're 100% sure of its contents. EVER.
Stop 'vishing' scams. Call 'em back if they want personal info
If anyone calls claiming to be from a bank, insurer, utility provider, etc, NEVER give your personal or password details (for example, your mother's maiden name or place of birth). Say you'll call them back, but find the number independently.
Don't rely on caller IDs, or anyone drawing attention to them. Scammers can clone numbers, so it may look like the number your bank uses to call you. Plus, if you can, use a different phone to the one you were called on - so if you're called on your landline, use your mobile.
In one sophisticated scheme, the scammer told the victim their account had been hacked into, and encouraged the victim to phone their bank. The catch was that they didn't hang up after the initial call. They stayed on the line and played a dial tone while the victim called their bank and thought they were speaking to a bank employee.
The victim was then told to type their PIN into their phone keypad, thinking it was safe to do so, and was instructed to hand over their card to a 'bank courier' who collected their card. The scammers then had both their bank card and PIN.
To read more on this scam, commonly called 'vishing' (voice phishing), read our Called by an 'anti-fraud team'? news story.
Filter out fake deals in your Facebook feed
The flood of online scams, cons, hoaxes and frauds which litter social media websites such as Facebook are a modern scourge.
Scores of people are fooled every day by these bogus offers and competitions, where scammers tempt you to part with your personal information which they can then sell on to third parties – or even worse, use to steal your identity.
While some of these spurious offers are convincing, there are simple ways of telling what’s legit and what’s fake. And if you do suspect something’s a scam, you should do your best to avoid it and ideally report it to Facebook or whichever social network you’re using. Here are some common things to look out for when spotting a scam:
'£80 Lidl birthday voucher for everyone!' If it seems too good to be true - it often is
Sometimes there are stonking deals out there and if we have included them on our site or in the weekly email, we will have thoroughly checked they are legit.
But Lidl giving away an £80 voucher to everyone for its birthday (image below), and 100 free flights with British Airways… They sound too good to be true… because they are.
Of course, there are genuine competitions on social media but it’s unlikely any company would give every single person who enters such an expensive prize. It just wouldn’t be feasible.
Spelling & grammar mistakes are often a telltale sign something's not right
Many of these scams are littered with spelling mistakes, which should act as an immediate red flag. If it was a genuine offer from a major corporation, quality checks and editing would prevent spelling mistakes.
One Facebook page, supposedly giving away three Range Rovers in a competition, was titled “Rannge Rover”
They’re not always blatantly obvious, though – so do look out for quite subtle missing letters. One example that I found on a British Airways scam said: “Congratulation! You have won 2 free British Airways Ticket!”
Look at the images for inaccuracies
We’ve seen many people fall for an Easyjet hoax recently in which supposed round-trip tickets were up for grabs due to last-minute cancellations. It came with several images of luxurious business class seats – but the plane’s paint job wasn’t quite the Easyjet shade of orange, and in any case Easyjet doesn’t even have a business class section! So we were able to work out it was a fake.
Look for small details to check if a page is legit
When on Facebook and Twitter pages, most larger companies will be ‘verified’ (indicated by a blue tick on their profile). As a general rule, verified status means you can trust anything posted by an account is legitimate. Yet some major companies aren’t verified, so in this case, look to see if they have the small details any real company would have (eg, lots of ‘likes’/followers, website links, company history).
One bogus ‘Disneyland’ page claiming to give away huge prizes was a pretty convincing fake. It had used the same logo, header and information as the REAL Disneyland page, but it wasn’t verified. It also had only that one competition post on its entire Facebook timeline and the page had only 6,000 likes (the real Disneyland page has 14,000,000).
Other things of note on the page included its spelling and grammar, claiming it’s a ‘fictional character’ instead of an amusement park and its about section saying “Like our page to win”.
Carefully check links are going where you'd expect
Often, when you click one of these scams you’ll be taken away from social media to another website, and it’s really important you check the URL (the website address) to ensure you’re not being led into dodgy online territory.
If Legoland was really giving out five free tickets, you’d most likely be taken to Legoland.com… but in the recent scam, you are taken to Legoland.com-everythingfree.com. When you notice the addition of “everything free” and the double “.com”, the penny should drop that this might not be a genuine website.
One Easyjet scam we saw even had “crook” in the URL… not something you would want to click on.
Posts asking you to share & message friends is a common tactic of scammers
Scammers like nothing more than to have their spurious offers and competitions shared. So a common tactic is to ask you to share the page with your Facebook friends thanking the promoter for the chance to win.
Lidl’s £80 voucher scam asked you to share on your page saying “Thank you for my voucher” and message 15 friends about the offer… unfortunately, that just spreads the scam even further.
Look for warnings on real company pages
Major supermarkets such as Asda and Tesco have both had fake voucher giveaways circling the net, and the legitimate social media pages both posted out a warning saying they are fake. If you ‘like’ or ‘follow’ the real pages (the ones with the blue tick) you can often easily check whether there’s a fake around that you should be wary of.
This is something Lidl had to do with a scam promotion circulating:
Be wary if you've been asked to pay upfront
You should never have to pay to access prizes or funds due to you.
Worse still, if they send you a cheque and ask you to wire the money over as a stop-gap for fees and taxes, the cheque will most likely bounce and you'll be left out of pocket.
Reputable search engines won't necessarily return reputable sites
Bogus websites are often set up to cash in on popular products, or payday loans, so be wary if it's an unfamiliar site.
Don't think that because it appears on a reputable search engine, it's a reputable site. Always check first, especially with sponsored links as these pay to appear at the top of search engines' lists - on Google, this'll have a small yellow box marked 'Ad' to tell you it's paid for.
One example from a few years ago was payday loan brokers who came up in search engines when people searched for "credit union loans". Check where the link's going before you click. If you've clicked, and it looks dodgy - just don't proceed.
Be careful of urgent deadlines
Nothing needs to be done immediately. Even if your account has been hacked, simply call the number on your bank statement. If you're being asked to hit a deadline, something dodgy is probably going on.
Shred everything and protect bank details
Never give your bank account details or PIN to someone you don't know. It's also wise not to have an easily guessable PIN - so don't pick 0000 or 1234!
If there's an unauthorised transaction on your account, contact your provider straight away. The Lending Code has guidance on how banks should help with credit card problems, though they don't have to help if there's proof you've been negligent.
In addition, shred or burn all financial documents, including envelopes, as a branded letter from a bank shows you have a relationship that could be taken advantage of.
Watch out for companies that address you as 'Dear Sir or Madam'
Genuine companies should know who they are targeting with emails. "Dear Customer" may sound polite, but that or any variation of "Dear Sir/Madam" or "Dear Valued Customer" should set off alarm bells.
Many banks will now put something on their emails to identify you - and to reassure you that they know something about you. You'll be addressed by name, and they may put the name of your account or your postcode on the email - information scammers aren't likely to have.
Be social media-savvy
Social media and online banking means you'll probably have multiple passwords on the go. You should try to change your passwords regularly, and make sure they're complex enough so they're difficult to guess.
A complex password uses more characters and a combination of letters (upper and lower case), numbers and symbols.
Don't use the same password for multiple accounts - this decreases the chance of someone else being able to access several accounts belonging to you. Plus - don't write passwords down.
It's also a good idea to limit the amount of personal information you publish on social networks - so don't put your address on Facebook, and then announce to the world you're going on holiday for two weeks.
Don't text away your fortune
Legitimate marketing messages should identify themselves in the text or in the sent-from number. If not, they're breaking regulations and can be considered spam. Spam texts usually message you from a random 11-digit number and will ask for you to reply - DON'T!
Spam texts are likely to be generic, citing that you're owed accident compensation, a PPI refund or a tax rebate. Some even trick you by asking you to text 'STOP' back to the number to be removed from the mailing list, but that's often just a ploy to see that you're a real person and not an unused mobile number.
If you do get a spam text, forward the text to your network provider for FREE, simply by forwarding it to 7726 (spells SPAM), making sure it includes the sender's number. For full info on how to spot and stop scam texts, see Stop Spam Texts.
Help if you care for an elderly person
Anyone can fall for a scam, but the elderly are often hit hardest as they can be over-trusting or afflicted by illnesses such as dementia. Many can lose their life savings, get into debt or have health problems.
If you care for an elderly person, look out for the warning signs. Are they receiving a lot of junk mail or phone calls from strangers, or have they become secretive when discussing finances?
If you're concerned, visit ThinkJessica, a site which shows how some elderly people can become serious victims of scams.
Be wary of numbers starting 084
Since numbers starting with 084, 087 or 09 became premium (this just means calls to these numbers are charged at a higher rate) most reputable companies have stopped using them. In their place scammers have started using these numbers to trick people out of money.
The most common scam leaves you with a missed call - in most cases the phone won't have rung for long enough to answer - and when you call back you're hit with a huge bill. Even if you don't actually call back your bill could sometimes still show that you've made a call lasting anything up to 12 hours - also resulting in a massive charge.
Another scam involves text messages - the scammers will pretend to be from your bank and warn you that a dodgy transaction is about to take place and you need to call an 084 number to stop it. Calls are usually held in a queue before cutting off but you'll still have to pay a hefty bill. So if you get a text that includes your "bank's" number, always find the number independently before you make a call.
14 safer shopping tips
The best way to protect yourself from anything going wrong is to research before you buy. This is easier said than done, but a few quick, pre-emptive strikes can make all the difference:
Check the company's registered
All limited companies are listed on the official Companies House site, the Government's register of UK companies (though this doesn't include sole traders). Be wary if its records show a PO box address or just an email.
Get full contact details, including a street address, or fixing problems could be a nightmare. You can also find out who registered the website, and when, on the Whois database, or study the site's worldwide web ranking on Alexa.
Anything in the top 100,000 means it's reasonably big – a good, though not foolproof, indication of legitimacy.
Stop junk mail, calls, texts and cold callers
While they aren't always scams, junk mail, calls and emails offering miracle diet pills can be annoying. So can 'get rich quick' schemes. It is best to remove temptation and research companies you want to approach for goods or services.
If it's definitely a scam letter, then you can either send it (with a covering letter) to "Freepost, Scam Mail", call 03456 113413 or email email@example.com. Phone or email, and Royal Mail will send you a scam mail report form, and a prepaid envelope so you can send it back with examples of the scam mail.
You can stop legal junk mail in minutes. But occasionally, it'll contain a cracking offer, so bear in mind stopping it may not be MoneySaving.
Grab customer references
If you're dubious about handing over your dosh to a firm, ask for references from happy customers and preferably speak to them in person. Many kosher companies will be happy to do this.
Always read terms and conditions
Even if you don't read the legalese, always at least read the standard terms and conditions before you sign. Plus always ask questions beforehand if there's anything you don't understand, in writing or by email if possible.
Check delivery dates and prices
Always get a price breakdown in writing and ensure it includes VAT. If the delivery date is important, check it, and all costs, before going ahead with a purchase. It's useful to take a copy of online orders. If you've had a late delivery, see our Delivery Fightback guide to see what to do.
The internet is a powerful tool to find other consumers' experiences. Easiest of all, do a quick Google search for the company name next to the word ‘complaints' or 'reviews' for example, "Delboy Ltd complaints".
Always take one-off complaints with a pinch of salt. It could be a competitor, someone malicious or a customer with a grudge. Realistically, how often to you go online to rave rather than rant? Look for trends instead.
Any botched jobs or missing orders should quickly show up. You could also ask a question in the MSE forum.
Pay by credit card
Pay by credit card for something costing over £100 such as flights, kitchens, or sofas, and Section 75 laws super-charge your consumer rights. Unlike debit cards, cheques and cash, pay in full or part (even just £1) on a credit card and by law the lender's jointly liable with the retailer. Though watch out for fees.
This means you have exactly the same rights with the card company as you do with the retailer, so if things go wrong, you can simply take your complaints there instead.
It's important you ALWAYS REPAY IN FULL each month, so there's no interest cost. See the Section 75 guide for a full explanation and take a look at Cashback Credit Cards for how to earn cash on top too.
Protect purchases under £100
Section 75 doesn't apply to purchases under £100, but there's still an option which can help. It's not a legal protection but it's a good secondary back-up.
Spend on Visa, Mastercard and Amex credit cards (under £100) and most debit and charge cards (any amount) and if the goods don't appear within 120 days, or are faulty, you can ask your bank whether they can reclaim the cash from the seller's bank.
Is it a trade association member?
If a company is a member of a trade association, it probably has to stick to a code of practice. What's more, the trade association may be able to help if things go pear-shaped. See more in the Who's Who section of the How to Complain guide.
Tips for buying abroad
If you're clicking for bargains from abroad, scour delivery times and costs. An easy rule of thumb is that the charges for delivery, customs and VAT can add about 30% to the list price, so unless it's over 30% cheaper it may be best to stick with the UK. Read the Cheapest UK Online Shopping article for a full how-to.
You should also check the items are compatible at home, for example, that a DVD bought from overseas will work on your player.
Plus, if you're buying regularly overseas in non-sterling currencies, make sure you're paying in the cheapest and safest way. More in the full Cheap Travel Credit Cards guide.
Know when you have cancellation rights
Buy in a store and you're unlikely to have cancellation rights. But many people are surprised to learn you've more rights buying at home, online or by telephone/catalogue from an EU-based business.
Buy something online or in your own home, and you've a legal right to send most goods back within 14 days for a full refund (including outward delivery costs), even if there's no fault. This won't apply to perishable or personalised goods.
You'll usually need to pay for the return delivery (unless the seller doesn't say this in its T&Cs). You also have a right to cancel financial agreements within 14 days. Read the Consumer Rights guide for more info and exclusions on all of these rights.
However, ordering online is balanced by the fact that there's automatically a time gap between ordering and delivering – when the company has your money. So if it goes bust in that time, these cancellation rights don't help.
If you've no statutory cancellation rights the store's policy may still allow some – although you may not get a full refund, depending on long it's been since your order or until delivery. Check the terms and conditions.
Make sure your payment's secure
When you pay for a purchase, always check the site is secure. Although it doesn't guarantee the site isn't a scam, any data you enter is encrypted so it's harder for others to intercept.
It's really easy to tell as the web address will start with "https", rather than just "http". Look for a security padlock on your browser (usually next to the web address).
What happens if a company goes bust?
Quite simply, its customers are immediately transformed into creditors. This hits hardest if you've ordered goods or tickets, and not had delivery, as then you're simply one of a line of people trying to get your money back out of the company's assets, and you usually get back much less than you paid.
Even if you've had delivery, if the company you bought from goes under and there's a problem with the goods, it can mean you've no comeback.
Sometimes there's no protection
Ultimately, there's always a risk that something can go wrong, and you've no protection. If the above routes don't apply, you have to make a decision about whether you're willing to take the risk of parting with your cash. Don't be overly scared of this.
Every day we all make transactions based on trust, and this is part of that, but do balance the amount you're spending against the risk.