Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

The MoneySaving Forum: join to chat & swap tips with other MoneySavers. Learn how in the Forum Introduction Guide

30+ Ways to Stop Scams

As scams get clever, we need to too!

Get Our Free Weekly Email!

For all the latest deals, guides and loopholes - join the 10m who get it. Don't miss out

Wendy and Helen S

Updated November 2016

stop scams

Scams no longer target just the gullible. They still come in letters, texts and calls, but more crooks are now looking online for the chance to get their hands on your hard-earned cash.

Last weekend, hackers stole from 9,000 current accounts at Tesco Bank (see Tesco Bank help if you're affected). And while there's nowt its customers could've done to stop it, we're all still vulnerable unless we're vigilant. This guide explains what to look out for, how to protect yourself, and what to do if you're a victim of a scam.

What are scams?

stop scams

Scams are fraudulent schemes that dupe people into parting with their personal details and/or cash. They've been around for as long as we can remember, but they're no longer confined to shady door-to-door salesmen or dodgy second-hand car dealers.

Scammers now frequently target people through emails, online banking systems, text messages and online transactions. While fraud is becoming ever more sophisticated, people are still getting caught out by traditional scam letters and phone calls. So you need to be wary.

Some scams are obvious. Someone emails you to say a distant relative has died, and there's no one but you to inherit their $100 million fortune - all you need to do is pay £500 upfront to release the funds. But some scams are a lot less obvious, and a lot more intelligent. This guide's aimed at helping you spot them.

What to do if you've been scammed

Below is a need-to-know checklist of what you should do.

  • If you've already responded to a scam, end all further communication immediately.

  • Call your bank and cancel any recurring payments.

  • Report the scam to the police through Action Fraud on 0300 123 2040, or report a scam anonymously on its website.

  • Speak to the Citizens Advice consumer helpline on 03454 040506 or the Financial Conduct Authority's helpline on 0800 111 6768.

How do I know if I've been scammed?

  • You've got unexplained transactions made to your bank account.

  • Additional financial products pop up on your credit report that you don't remember taking out.

  • Bank statements meant for your address aren't delivered - this could be a sign of ID fraud.

  • You're rejected for credit when you've got a good credit history. It's worth checking your credit reference file on a monthly basis to see if someone is making false applications for credit in your name. See the Credit Check guide for full info.

Can I get my money back?

Your first port of call is the company or person that took your money. It may be worth seeing if you can get your money back from them - though if it's a scam, this route's unlikely.

If you bought something costing £100 or more on a credit card, you may be able to claim it back under a little-known law: Section 75. Once you've paid using a credit card, the card provider and retailer are locked into a legally binding contract, so if the retailer can't or won't refund you, you can raise the dispute with your card provider.

You won't be covered under Section 75 if you used a debit card or spent less than £100 on a credit card, but you could try to claim your money back under the Chargeback scheme. It's a voluntary agreement by your debit or charge card provider to stand in your corner if anything goes wrong. It's not as effective as Section 75, and rules vary between providers.

Unfortunately, if you've transferred the money using sites such as Moneygram, Western Union or PayPal, you generally can't get your money back once you've handed it over.

stop scams

19 tips on how to spot & avoid scams

Scammers continue to find more creative ways to get your cash. This guide can never be completely comprehensive with all the latest scams but we aim to help you to learn what to look out for. The stories around the scams may change, but what you should do to spot and avoid them doesn't.

Have you ever heard of the email from a Nigerian prince wanting you to share his fortune? The person stranded overseas needing £1,000 to get home which they'll pay straight back? Or the lottery you've won in Spain - even though you don't live there, and have never entered a lottery there?

The best way to prevent scammers from getting their hands on your hard-earned cash is to know how to protect yourself in the first place. Here are our top tips on how to avoid scams. They aren't all failsafes, but they can help you think before you act.

Rule-of-thumb: Mistaking the genuine for a scam is nowhere near as bad as mistaking a scam for the genuine.

Fake tax refunds, and other scams to watch out for

stop scams

Every year, millions of people fall for scams sent through the post, by email, phone, text, in person or online. Don't be fooled by professional-looking websites and marketing materials.

Scammers are good at making their scams look authentic. If you're asked to send money to someone you don't know or have won a competition you didn't even enter, stop!

A perennial favourite is the email telling you you're due a tax rebate. HMRC will never email or text you with this information, and have produced guidance on what's genuine HMRC communication, and what's fake.

If you get a fake email, or a suspicious text message, voicemail or phone call either ignore it, or report it to HMRC.

Scams currently common in the UK

There are 1,000s of ways scammers try to catch you out. Common methods include:

  • Calls from someone claiming to be from a Government department or representative (or even MSE!), talking about reclaiming bank charges, PPI or CPP.

  • Pension 'liberation' (more info in our Release Pension Cash guide).

  • Vishing - where scammers tell you they're from your bank and there's been fraud on your account, asking you to call them back, but instead they wait on the line and then get you to hand over bank details.
  • Miracle cures or miracle weight-loss pills - ketones are common, and appear on many people's Facebook pages.

  • Fake bank or Apple emails saying you need to re-verify your account details.

  • Investment scams (the FCA has a site helping you to spot investment scammers - ScamSmart, which includes a database of dodgy companies to avoid)

  • Deceptive prize draws and sweepstakes.

  • Get-rich-quick schemes.

  • Fake court summons emails (more on this at Action Fraud).

  • Job scams - the Metropolitan Police's Safer Jobs site has advice for jobhunters, employees, employers, plus it lets you report suspected scams.
  • Fake calls from someone pretending to be from the Financial Ombudsman Service asking for personal financial details. The ombudsman will never call you out of the blue to ask for information, they'll only be in touch if you've got a case with them already.

You can find out more about financial scams on the Financial Conduct Authority's website or for scams in general, see the Metropolitan Police's Little Book of Big Scams, or the Citizens Advice website.

Find out if hackers have stolen your data

Web security has come to the fore in recent months with major hacks at LinkedIn and MySpace, and more recently Dropbox, resulting in millions of users' account details and sensitive info being stolen and sold online. Fortunately there's a quick, free and easy way to check if your details have been compromised.

The website HaveIBeenPwned? ('pwned' is geek-speak for being made a fool of, it's pronounced 'poned') allows anyone to check if their accounts have been compromised in a number of known data breaches in recent times.

Here's how to use it:

  1. Go to HaveIBeenPwned? and enter your email address. Enter the address you use at any sites you're concerned may have been hacked – for example, the one you usually log in to LinkedIn with.
  2. It'll tell you if your account's been compromised. You'll be shown a list of breaches you were 'pwned' in, with some background info on the hack, plus what data was compromised – eg, email address, password, date of birth, etc.
Quick questions:

Is it legit?

How does it work?

What about 'sensitive' sites?

If my details aren't on there does that mean they're safe?

If your info's been stolen, change your passwords – on other sites too

If the website shows that "you've been pwned", don't panic – but do take action. The first thing to do is change your password on the relevant site immediately (companies often do this as soon as they discover there's been a breach anyway).

However, if you've used the same password on other sites, it's important you reset it on those accounts too. Since stolen data often includes both your email address and password, fraudsters who get hold of it may try and use it to hack into other accounts of yours.

To fully protect yourself, use different passwords for all your online accounts and store them in a password manager, or see password help for full info.

You then need to take steps to make sure you've not suffered any financial harm, and to report it. See what to do if you've been scammed for more on this.

You can choose and store passwords with free software

password manager

The safest way to secure your accounts is to use unique passwords for all your online logins. If this sounds impossible to remember, try a password manager.

These can generate randomised passwords for your various accounts (or you can set your own), and store them all to be accessed with one master password – the only one you'll actually need to remember.

If you prefer to create your passwords yourself and keep them stored in your own noggin, see Martin's Password help blog.

For more info about password managers and tips on choosing strong passwords, see our brand-new 60-second guide to password security.

Your bank will never email you asking for your PIN or password

If you get an email or text from your bank about fraud, ask yourself whether or not that's the usual way you receive contact from your bank. Think about whether it's sensible for the bank to make contact in that way. The British Bankers' Association's Know Fraud, No Fraud campaign highlights eight things your bank will never do, including calling or emailing to ask you for your full PIN or any passwords.

Banks will also never send someone to your home to collect cash, bank cards etc. Get clued up on the full 'Things your bank will never ask you to do' list.

Get free antivirus software

Antivirus Web viruses don't just ruin your computer. They can help steal money or even use PCs to commit crime. Some even lie dormant, waiting to be activated - as was the plan with 2014's GameoverZeus virus. To help prevent viruses keep your web browser up-to-date and your PC backed up with free anti-virus software. See our guide on Free Antivirus Software.

Watch out for poor grammar or dodgy spelling

Be vigilant if an email from a 'retailer' or 'bank' is badly-worded or littered with spelling mistakes. Banks and retailers will spend time crafting any emails they do send, and they're likely to proof them too - so bad grammar, dodgy spelling and poor punctuation are likely to be picked up before any emails go out.

But phishing emails aren't likely to go through such a rigorous process.

When is bbc.co.uk not bbc.co.uk?

spam

Not all links are genuine. By 'hyperlinking' text you can make the link say anything. For example, where does this link - www.bbc.co.uk - go? To the BBC, right? Hover your mouse over it and read what it says at the bottom of the screen though sometimes even that's foolable.

Similarly, where do you think www.moneysavingexpert.1.com goes? Well, it's not to MoneySavingExpert. For web addresses, it's what's before the .com or .co.uk that counts - so this would go to 1.com (which doesn't exist). It's worth looking out for this in web addresses, as it's so easy not to notice extra characters in the web address. Always look where you're clicking.

For more, see Martin's Spam Spotter Rules blog.

Beware phishy links asking for your password

Dodgy email links

Phishing is a type of spam email where scammers try to reel you in with the hope that you've got a connection to the company they're pretending to be from.

Most of us receive plenty of these each year, such as "your bank security is broken, click here" or "we need your help to retrieve funds", or "your subscription's about to run out".

The emails disguise attempts to steal your passwords, bank codes and money. Often they'll ask for bank or credit card details. Sometimes they'll ask you to download viruses onto your computer. There'll be some sort of link in the email. It often looks real.

When you click on it, it'll probably take you through to a professional-looking website – a mirror image of the real thing. You’ll be invited to put your password in – at that stage, you'll be parting with your cash.

They'll mine for your personal details to build a better profile of you, and could use this to commit identity fraud, taking out mortgages, loans and credit cards in your name.

NEVER click on a link and enter your password - no matter how genuine it looks. If it looks like a genuine security concern, call your bank or visit its published web address. See our top tips to see how genuine-looking links can catch you out.

stop scams

To ensure you're not caught out:

Never, ever, ever, ever, EVER open an attachment unless you're 100% sure of its contents. EVER.

Stop 'vishing' scams. Call 'em back if they want personal info

spamIf anyone calls claiming to be from a bank, insurer, utility provider, etc, NEVER give your personal or password details (for example, your mother's maiden name or place of birth). Say you'll call them back, but find the number independently.

Don't rely on caller IDs, or anyone drawing attention to them. Scammers can clone numbers, so it may look like the number your bank uses to call you. Plus, if you can, use a different phone to the one you were called on - so if you're called on your landline, use your mobile.

In one sophisticated scheme, the scammer told the victim their account had been hacked into, and encouraged the victim to phone their bank. The catch was that they didn't hang up after the initial call. They stayed on the line and played a dial tone while the victim called their bank and thought they were speaking to a bank employee.

The victim was then told to type their PIN into their phone keypad, thinking it was safe to do so, and was instructed to hand over their card to a 'bank courier' who collected their card. The scammers then had both their bank card and PIN.

To read more on this scam, commonly called 'vishing' (voice phishing), read our Called by an 'anti-fraud team'? news story.

Filter out fake deals in your Facebook feed

The flood of online scams, cons, hoaxes and frauds which litter social media websites such as Facebook are a modern scourge. We’ve seen a lot of them over the last few weeks: fake £80 Lidl vouchers, five ‘free’ tickets to Legoland, ‘free’ Disneyland passes and even ‘free’ flight tickets have been circulating on Facebook.

Scores of people are fooled every day by these bogus offers and competitions, where scammers tempt you to part with your personal information which they can then sell on to third parties – or even worse, use to steal your identity.

While some of these spurious offers are convincing, there are simple ways of telling what’s legit and what’s fake. And if you do suspect something’s a scam, you should do your best to avoid it and ideally report it to Facebook or whichever social network you’re using. Here are some common things to look out for when spotting a scam:

'£80 Lidl birthday voucher for everyone!' If it seems too good to be true - it often is

Spelling & grammar mistakes are often a telltale sign something's not right

Look at the images for inaccuracies

Look for small details to check if a page is legit

Carefully check links are going where you'd expect

Posts asking you to share & message friends is a common tactic of scammers

Look for warnings on real company pages

Be wary if you've been asked to pay upfront

You should never have to pay to access prizes or funds due to you.

Worse still, if they send you a cheque and ask you to wire the money over as a stop-gap for fees and taxes, the cheque will most likely bounce and you'll be left out of pocket.

Reputable search engines won't necessarily return reputable sites

Dodgy sites

Bogus websites are often set up to cash in on popular products, or payday loans, so be wary if it's an unfamiliar site.

Don't think that because it appears on a reputable search engine, it's a reputable site. Always check first, especially with sponsored links as these pay to appear at the top of search engines' lists - on Google, this'll have a small yellow box marked 'Ad' to tell you it's paid for.

One recent example is payday loan brokers who come up in search engines when people searched for "credit union loans". Check where the link's going before you click. If you've clicked, and it looks dodgy - just don't proceed.

Be careful of urgent deadlines

Nothing needs to be done immediately. Even if your account has been hacked, simply call the number on your bank statement. If you're being asked to hit a deadline, something dodgy is probably going on.

Shred everything and protect bank details

Protect your PIN

Never give your bank account details or PIN to someone you don't know. It's also wise not to have an easily guessable PIN - so don't pick 0000 or 1234!

If there's an unauthorised transaction on your account, contact your provider straight away. The Lending Code has guidance on how banks should help with credit card problems, though they don't have to help if there's proof you've been negligent.

In addition, shred or burn all financial documents, including envelopes, as a branded letter from a bank shows you have a relationship that could be taken advantage of.

Watch out for companies that address you as 'Dear Sir or Madam'

Genuine companies should know who they are targeting with emails. "Dear Customer" may sound polite, but that or any variation of "Dear Sir/Madam" or "Dear Valued Customer" should set off alarm bells.

Many banks will now put something on their emails to identify you - and to reassure you that they know something about you. You'll be addressed by name, and they may put the name of your account or your postcode on the email - information scammers aren't likely to have.

Be social media-savvy

Protect your password!

Social media and online banking means you'll probably have multiple passwords on the go. You should try to change your passwords regularly, and make sure they're complex enough so they're difficult to guess.

A complex password uses more characters and a combination of letters (upper and lower case), numbers and symbols.

Don't use the same password for multiple accounts - this decreases the chance of someone else being able to access several accounts belonging to you. Plus - don't write passwords down.

It's also a good idea to limit the amount of personal information you publish on social networks - so don't put your address on Facebook, and then announce to the world you're going on holiday for two weeks.

Don't text away your fortune

Legitimate marketing messages should identify themselves in the text or in the sent-from number. If not, they're breaking regulations and can be considered spam. Spam texts usually message you from a random 11-digit number and will ask for you to reply - DON'T!

Spam texts are likely to be generic, citing that you're owed accident compensation, a PPI refund or a tax rebate. Some even trick you by asking you to text 'STOP' back to the number to be removed from the mailing list, but that's often just a ploy to see that you're a real person and not an unused mobile number.

If you do get a spam text, forward the text to your network provider for FREE, simply by forwarding it to 7726 (spells SPAM), making sure it includes the sender's number. For full info on how to spot and stop scam texts, see Stop Spam Texts.

Help if you care for an elderly person

Slippers

Anyone can fall for a scam, but the elderly are often hit hardest as they can be over-trusting or afflicted by illnesses such as dementia. Many can lose their life savings, get into debt or have health problems.

If you care for an elderly person, look out for the warning signs. Are they receiving a lot of junk mail or phone calls from strangers, or have they become secretive when discussing finances?

If you're concerned, visit ThinkJessica, a site which shows how some elderly people can become serious victims of scams.

Be wary of numbers starting 084

Since numbers starting with 084, 087 or 09 became premium (this just means calls to these numbers are charged at a higher rate) most reputable companies have stopped using them. In their place scammers have started using these numbers to trick people out of money.

The most common scam leaves you with a missed call - in most cases the phone won't have rung for long enough to answer - and when you call back you're hit with a huge bill. Even if you don't actually call back your bill could sometimes still show that you've made a call lasting anything up to 12 hours - also resulting in a massive charge.

Another scam involves text messages - the scammers will pretend to be from your bank and warn you that a dodgy transaction is about to take place and you need to call an 084 number to stop it. Calls are usually held in a queue before cutting off but you'll still have to pay a hefty bill. So if you get a text that includes your "bank's" number, always find the number independently before you make a call.

14 safer shopping tips

The best way to protect yourself from anything going wrong is to research before you buy. This is easier said than done, but a few quick, pre-emptive strikes can make all the difference:

Check the company's registered

Companies House

All limited companies are listed on the official Companies House site, the Government's register of UK companies (though this doesn't include sole traders). Be wary if its records show a PO box address or just an email.

Get full contact details, including a street address, or fixing problems could be a nightmare. You can also find out who registered the website, and when, on the Whois database, or study the site's worldwide web ranking on Alexa.

If you're donating to a charity, then it should be registered. Check: England & Wales, Scotland, Northern Ireland.

Anything in the top 100,000 means it's reasonably big a good, though not foolproof, indication of legitimacy.

Stop junk mail, calls, texts and cold callers

Junk mail

While they aren't always scams, junk mail, calls and emails offering miracle diet pills can be annoying. So can 'get rich quick' schemes. It is best to remove temptation and research companies you want to approach for goods or services.

If it's definitely a scam letter, then you can either send it (with a covering letter) to "Freepost, Scam Mail", call 03456 113413 or email scam.mail@royalmail.com. Phone or email, and Royal Mail will send you a scam mail report form, and a prepaid envelope so you can send it back with examples of the scam mail.

You can stop legal junk mail in minutes. But occasionally, it'll contain a cracking offer, so bear in mind stopping it may not be MoneySaving.

Grab customer references

If you're dubious about handing over your dosh to a firm, ask for references from happy customers and preferably speak to them in person. Many kosher companies will be happy to do this.

Always read terms and conditions

Even if you don't read the legalese, always at least read the standard terms and conditions before you sign. Plus always ask questions beforehand if there's anything you don't understand, in writing or by email if possible.

Check delivery dates and prices

Always get a price breakdown in writing and ensure it includes VAT. If the delivery date is important, check it, and all costs, before going ahead with a purchase. It's useful to take a copy of online orders. If you've had a late delivery, see our Delivery Fightback guide to see what to do.

Google for complaints

search

The internet is a powerful tool to find other consumers' experiences. Easiest of all, do a quick Google search for the company name next to the word ‘complaints' or 'reviews' for example, "Delboy Ltd complaints".

Always take one-off complaints with a pinch of salt. It could be a competitor, someone malicious or a customer with a grudge. Realistically, how often to you go online to rave rather than rant? Look for trends instead.

Any botched jobs or missing orders should quickly show up. You could also ask a question in the MSE forum.

Pay by credit card

Credit Card

Pay by credit card for something costing over £100 such as flights, kitchens, or sofas, and Section 75 laws super-charge your consumer rights. Unlike debit cards, cheques and cash, pay in full or part (even just £1) on a credit card and by law the lender's jointly liable with the retailer. Though watch out for fees.

This means you have exactly the same rights with the card company as you do with the retailer, so if things go wrong, you can simply take your complaints there instead.

It's important you ALWAYS REPAY IN FULL each month, so there's no interest cost. See the Section 75 guide for a full explanation and take a look at Cashback Credit Cards for how to earn cash on top too.

Protect purchases under £100

Visa logo

Section 75 doesn't apply to purchases under £100, but there's still an option which can help. It's not a legal protection but it's a good secondary back-up.

Spend on Visa, Mastercard and Amex credit cards (under £100) and most debit and charge cards (any amount) and if the goods don't appear within 120 days, or are faulty, you can ask your bank whether they can reclaim the cash from the seller's bank.

Is it a trade association member?

If a company is a member of a trade association, it probably has to stick to a code of practice. What's more, the trade association may be able to help if things go pear-shaped. See more in the Who's Who section of the How to Complain guide.

Tips for buying abroad

If you're clicking for bargains from abroad, scour delivery times and costs. An easy rule of thumb is that the charges for delivery, customs and VAT can add about 30% to the list price, so unless it's over 30% cheaper it may be best to stick with the UK. Read the Cheapest UK Online Shopping article for a full how-to.

You should also check the items are compatible at home, for example, that a DVD bought from overseas will work on your player.

Plus, if you're buying regularly overseas in non-sterling currencies, make sure you're paying in the cheapest and safest way. More in the full Cheap Travel Credit Cards guide.

Know when you have cancellation rights

Cancellation rightsBuy in a store and you're unlikely to have cancellation rights. But many people are surprised to learn you've more rights buying at home, online or by telephone/catalogue from an EU-based business.

Buy something online or in your own home, and you've a legal right to send most goods back within 14 days for a full refund (including outward delivery costs), even if there's no fault. This won't apply to perishable or personalised goods.

You'll usually need to pay for the return delivery (unless the seller doesn't say this in its T&Cs). You also have a right to cancel financial agreements within 14 days. Read the Consumer Rights guide for more info and exclusions on all of these rights.

However, ordering online is balanced by the fact that there's automatically a time gap between ordering and delivering when the company has your money. So if it goes bust in that time, these cancellation rights don't help.

If you've no statutory cancellation rights the store's policy may still allow some – although you may not get a full refund, depending on long it's been since your order or until delivery. Check the terms and conditions.

Make sure your payment's secure

Secure

When you pay for a purchase, always check the site is secure. Although it doesn't guarantee the site isn't a scam, any data you enter is encrypted so it's harder for others to intercept.

It's really easy to tell as the web address will start with "https", rather than just "http". Look for a security padlock on your browser (usually next to the web address).

You should also sign credit and debit cards up to the MasterCard SecureCode and Verified by Visa schemes to add an extra layer of password protection.

What happens if a company goes bust?

Quite simply, its customers are immediately transformed into creditors. This hits hardest if you've ordered goods or tickets, and not had delivery, as then you're simply one of a line of people trying to get your money back out of the company's assets, and you usually get back much less than you paid. Even if you've had delivery, if the company you bought from goes under and there's a problem with the goods, it can mean you've no comeback.

Sometimes there's no protection

Ultimately, there's always a risk that something can go wrong, and you've no protection. If the above routes don't apply, you have to make a decision about whether you're willing to take the risk of parting with your cash. Don't be overly scared of this. Every day we all make transactions based on trust, and this is part of that, but do balance the amount you're spending against the risk.