25+ ways to stop scams
Scams can trick even the most savvy – so WATCH OUT
Scams don't just target the gullible. They still come in letters, texts and calls, but crooks also look online for the chance to get their hands on your hard-earned cash. There are increasingly sophisticated ways scammers try to target YOUR cash. This guide explains what to look out for, how to protect yourself, and what to do if you're a victim of a scam.
WARNING: Sadly the coronavirus pandemic has triggered a rise in yet more scams, with criminals sneakily looking to exploit your financial and health issues. Our Coronavirus scams blog has all the information on what to look out for.
What are scams?
Scams are fraudulent schemes that dupe people into parting with their personal details and/or cash. They've been around for as long as we can remember, but gone are the days when they were confined to shady door-to-door salesmen or dodgy second-hand car dealers.
These days scammers frequently target people through emails, online banking systems, text messages and online transactions. Yet while fraud is becoming ever more sophisticated, people are still getting caught out by traditional scam letters and phone calls.
Some scams are obvious. Ever received the email explaining that a distant relative has died, and there's no one but you to inherit their $100 million fortune – all you need to do is pay £500 upfront to release the funds? But some scams are a lot less obvious, and a lot more intelligent.
According to the Financial Ombudsman, the number of customers asking for help with fraud and scams complaints increased by 66% in April, May, and June of this year – a whopping 5,025 cases, compared with 3,028 during the same period last year.
We've created this guide to help you spot, avoid and protect yourself against scams.
What to do if you've been scammed
Below is a need-to-know checklist of what you should do:
- If you've already responded to a scam, end all further communication immediately.
- Call your bank directly and cancel any recurring payments.
Report the scam to the police through Action Fraud on 0300 123 2040, or report a scam anonymously on its website. If you're in Scotland, report a scam through Advice Direct Scotland on 0808 164 6000 or on its website. You can also report scams to Police Scotland on 101.
If you wish to seek further advice, contact Citizens Advice Scams Action on its website, or call its Scams Action helpline on 0808 250 5050. Alternatively, you can contact the Financial Conduct Authority's helpline on 0800 111 6768.
How do I know if I've been scammed?
If you've been engaging with what appears to be a legitimate company but now suspect that it's a scam, the following should ring alarm bells:
- Items you thought you'd purchased don't arrive, or arrive but are nothing like the online description.
- With financial services (such as supposed investments), no matter how hard you try, you aren't allowed to withdraw your money.
- You transferred or paid some money, but now the company or person you were speaking to has gone quiet or can't be contacted.
Here are some common tell-tale signs of being scammed without actually engaging directly with the scam:
- You've had unexplained transactions on your bank account. Or maybe additional financial products pop up on your credit report that you don't remember taking out.
- Bank statements meant for your address aren't delivered – this could be a sign of ID fraud. We've got a whole guide on how to Protect your identity from being stolen.
- You're rejected for credit when you've got a good credit history. It's worth checking your credit reference file on a monthly basis to see if someone is making false applications for credit in your name (see our Credit your credit report guide guide for more info on how to do this).
I've been scammed. Can I get my money back?
Your first port of call is to contact the bank where your money was taken from (or the one from where you sent the funds) and explain what happened. While there's no guarantee that your bank will reimburse you even if you have been scammed, this is your best bet in the first instance. Banks should adopt a case-by-case approach.
Alternatively, if you bought something costing more than £100 on a credit card, you may be able to claim it back under Section 75 protection. Once you've paid using a credit card, the card provider and retailer are locked into a legally binding contract, so if the retailer can't or won't refund you, you can raise the dispute with your card provider.
You won't be covered under Section 75 if you used a debit card or spent exactly £100 or less on a credit card, but you could try to claim your money back under the Chargeback scheme. It's a voluntary agreement by your debit or charge card provider to stand in your corner if anything goes wrong. It's not as effective as Section 75, and rules vary between providers.
Unfortunately, if you've transferred the money using sites such as Moneygram, Western Union or PayPal, you generally can't get your money back once you've handed it over.
25+ tips on how to spot, avoid and protect yourself against scams
Scammers continue to find more creative ways to get your cash. This guide can never be completely comprehensive with all the latest scams but we aim to help you to learn what to look out for. The stories around the scams may change, but what you should do to spot and avoid them doesn't.
Have you ever heard of the email from a Nigerian prince wanting you to share his fortune? The person stranded overseas needing £1,000 to get home which they'll pay straight back? Or the lottery you've won in Spain – even though you don't live there, and have never entered a lottery there? What about the Royal Mail delivery to your address which needs extra money to cover the postage?
The best way to prevent scammers from getting their hands on your hard-earned cash is to know how to protect yourself in the first place. Here are our top tips on how to spot, avoid and protect yourself against scams. They aren't all fail-safes, but they can help you think before you act.
Beware LIAR Facebook, Bitcoin & other ads implying Martin or MSE recommends 'em
Whether it's Martin's pic on PPI claims firm or boiler incentive ads, scam binary trading ads, energy door-knockers using our name, or – more recently – Bitcoin pop-ups with an image of Martin encouraging you to invest, they are all an attempt to leech off the hard-earned trust people have in us. Don't touch the ads.
See Martin's video rant below.Embedded YouTube Video
Always remember the old saying... 'If it sounds too good to be true, it probably is'
If a product is the cheapest you've ever seen, you're offered free advice or promised fast cash, we're sorry to say it's probably a scam. You should always independently seek proper financial guidance or advice before making changes to your pension or investing large amounts of money.
If you're worried you're being scammed and need help, first contact your bank and cancel any recurring payments, then report the scam.
Fake HMRC tax refunds, and other scams to watch out for
Every year, millions of people fall for scams sent through the post, by email, phone, text, in person or online. Don't be fooled by professional-looking websites and marketing materials.
Scammers are good at making their scams look authentic. If you're asked to send money to someone you don't know or have won a competition you didn't even enter, stop!
A perennial favourite is the email announcing you're due a tax rebate, or threatening you with arrest over 'unpaid' taxes. HM Revenue & Customs (HMRC) will never email, WhatsApp message, or text you with this information, and have produced guidance on what's genuine HMRC communication, and what's fake.
If you get a fake email, suspicious text or WhatsApp message, voicemail or phone call, either ignore it, or report it to HMRC.
Scams currently common in the UK
There are 1,000s of ways scammers try to catch you out. Common methods include:
- Calls from someone claiming to be from a Government department or representative (or even MSE!), talking about Reclaiming bank charges.
- Pension 'liberation' (more info in our Release pension cash guide).
- Text messages claiming to be from Royal Mail or the Post Office asking you to click on a link and pay a small fee so that a parcel can be delivered.
- Text messages saying you've missed a call and have been left a voicemail. To access the 'voicemail', you're prompted to click a dodgy link in the text.
Vishing – where scammers tell you they're from your bank and there's been fraud on your account, asking you to call them back, but instead they wait on the line and then get you to hand over bank details.
Miracle cures or miracle weight-loss pills – ketones are common, and appear on many people's Facebook pages.
Fake bank or Apple emails saying you need to re-verify your account details.
Investment scams. The Financial Conduct Authority has a site helping you to spot investment scammers – ScamSmart, which includes a database of dodgy companies to avoid)
Deceptive prize draws and sweepstakes.
Fake court summons emails (more on this at Action Fraud).
Job scams. The JobsAware site has advice for job-hunters, employees, employers, plus it lets you report suspected scams.
Fake calls from someone pretending to be from the Financial Ombudsman Service asking for personal financial details. The ombudsman will never call you out of the blue to ask for information – it'll only be in touch if you've got a case with it already.
You can find out more about financial scams on the website of the Financial Conduct Authority. Also check out the Take Five website for more on scams in general as well as the Citizens Advice website.
- Calls from someone claiming to be from a Government department or representative (or even MSE!), talking about Reclaiming bank charges.
Your bank will NEVER email or text you asking for your PIN or password
If you get an email or text from your bank about fraud, ask yourself whether or not that's the usual way you receive contact from your bank. Think about whether it's sensible for the bank to make contact in that way.
The British Bankers' Association's Know Fraud, No Fraud campaign highlights eight things your bank will never do, including calling or emailing to ask you for your full PIN or any passwords. Banks will also never send someone to your home to collect cash, bank cards etc.
One warning sign that a message from a 'bank' is actually a scam is where the name of the message sender looks a bit fishy, for example 'H S B C' (spaces between letters) or 'tsb' (all lower case letters).
If you're unsure, go and independently check your bank statement or card for your bank’s real number, then call the real thing.
Watch out for poor gram-mar or dodgy speelling
Be vigilant if an email or text message from a 'retailer' or 'bank' is badly-worded or littered with spelling mistakes. Banks and retailers will spend time crafting any emails they do send, and they're likely to proof them too – so bad grammar, dodgy spelling and poor punctuation are likely to be picked up before any emails go out.
But phishing emails aren't likely to go through such a rigorous process.
NEVER click links in suspicious texts or emails
Similarly, don't call the phone numbers listed in the messages. If you're concerned the message may be genuine, go and independently research the phone number or website of the organisation and ask them yourself.
When is bbc.co.uk not bbc.co.uk?
Not all links are genuine. By 'hyperlinking' text you can make the link say anything. For example, where does this link – www.bbc.co.uk – go? To the BBC, right? Hover your mouse over it and read what it says at the bottom of the screen – and sometimes even that's foolable.
Similarly, where do you think www.moneysavingexpert.1.com goes? Well, it's not to MoneySavingExpert.com. For web addresses, it's what's before the .com or .co.uk that counts – so this would go to 1.com (which doesn't exist). It's worth looking out for this in web addresses, as it's so easy not to notice extra characters in the web address. Always look where you're clicking.
For more, see Martin's Spam spotter rules blog (again, another old blog, but still relevant).
Get free antivirus software
Web viruses don't just ruin your computer. They can help steal money or even use PCs to commit crime. Some even lie dormant, waiting to be activated.
To help prevent viruses keep your web browser up to date and your PC backed up with free antivirus software. See our guide on Free antivirus software.
Get help choosing and storing passwords
Scammers regularly steal password information and pass it around on the dark web, which is why picking a strong password is so important.
The safest way to secure your accounts is to use unique passwords for all your online logins. If this sounds impossible to remember, try a password manager. These can generate randomised passwords for your various accounts, and store them all to be accessed with one master password – the only one you'll actually need to remember.
If you prefer to create your own passwords, try to make sure they are as strong as possible so people cannot guess what it is. A complex password uses more characters and a combination of letters (upper and lower case), numbers and symbols. Don't use the same password for multiple accounts – this decreases the chance of someone else being able to access several accounts belonging to you. Plus – don't write passwords down.
For more password help, see Martin's Password help blog (while it's from 2011, the advice is still relevant).
Beware phishy links asking for your password
'Phishing' is a type of spam email where scammers try to reel you in with the hope that you've got a connection to the company they're pretending to be from. 'Smishing' – in other words, SMS-phishing – is the same thing when a text is used instead of an email.
Many of us receive these each year, such as "your bank security is broken, click here" or "we need your help to retrieve funds", or "your subscription's about to run out".
The emails (or texts) disguise attempts to steal your passwords, bank codes and money. Often they'll ask for bank or credit card details. Sometimes they'll ask you to download viruses onto your computer or laptop. There'll be some sort of link. It often looks real.
When you click on it, it'll probably take you through to a professional-looking website – a mirror image of the real thing. You'll be invited to put your password in – at that stage, you'll be parting with your cash.
Never, ever, ever, ever, EVER open an attachment unless you're 100% sure of its contents. EVER.
The National Cyber Security Centre (part of GCHQ – the Government's cyber and security agency) has launched a suspicious email reporting service to take phishing scams down – all you have to do is forward suspicious emails to its email@example.com email address.
Once you've reported a suspicious email, the NCSC will analyse it and any websites it links to. If it believes it's malicious, NCSC may:
- Seek to block the address the email came from, so it can no longer send emails.
- Work with hosting companies to remove links to malicious websites.
- Raise awareness of commonly reported suspicious emails and methods used.
While the NCSC is unable to inform you of the outcome of its review, it has assured us that it acts upon every message received – as an example, within the first week, the new email service received over 25,000 reports and, as a direct result, it has already removed over 400 phishing campaigns.
The NCSC has also an online tool where you can report suspicious websites.
If you've received a scam text message, you can forward it to 7726 for free. This will report the message to your mobile phone provider.
Stop 'vishing' scams. Call 'em back if they want personal info
If anyone calls claiming to be from a bank, insurer, utility provider, etc, NEVER give your personal or password details (for example, your mother's maiden name or place of birth). Say you'll call them back, but find the number independently.
Don't rely on caller IDs, or anyone drawing attention to them. Scammers can clone numbers, so it may look like the number your bank uses to call you. Plus, if you can, use a different phone to the one you were called on – so if you're called on your landline, use your mobile.
In one sophisticated scheme, the scammer told the victim their account had been hacked into, and encouraged the victim to phone their bank. The catch was that they didn't hang up after the initial call. They stayed on the line and played a dial tone while the victim called their bank and thought they were speaking to a bank employee.
The victim was then told to type their PIN into their phone keypad, thinking it was safe to do so, and was instructed to hand over their card to a 'bank courier' who collected their card. The scammers then had both their bank card and PIN.
Filter out fake deals in your Facebook feed
The flood of online scams, cons, hoaxes and frauds which litter social media websites such as Facebook are a modern scourge.
Scores of people are fooled every day by these bogus offers and competitions, where scammers tempt you to part with your personal information which they can then sell on to third parties – or even worse, use to steal your identity.
While some of these spurious offers are convincing, there are simple ways of telling what's legit and what's fake. And if you do suspect something's a scam, you should do your best to avoid it and ideally report it to Facebook (or whichever social network you're using) and Citizens Advice's Scam Action.
On Facebook, all UK users can flag ads they believe to be scams or misleading by clicking the three dots in the top right corner of every ad on Facebook, pressing 'Report ad', then choosing 'Misleading or scam ad' and then 'Send a detailed scam report'.
Here are some common things to look out for when spotting a scam:
Sometimes there are stonking deals out there and if we have included them on our site or in the weekly email, we will have thoroughly checked they are legit.
But Lidl giving away an £80 voucher to everyone for its birthday (image below), and 100 free flights with British Airways… They sound too good to be true… because they are.
Of course, there are genuine competitions on social media but it's unlikely any company would give every single person who enters such an expensive prize. It just wouldn't be feasible.
Many of these scams are littered with spelling mistakes, which should act as an immediate red flag. If it was a genuine offer from a major corporation, quality checks and editing would prevent spelling mistakes.
One Facebook page, supposedly giving away three Range Rovers in a competition, was titled “Rannge Rover”
They're not always blatantly obvious, though – so do look out for quite subtle missing letters. One example we found on a British Airways scam said: “Congratulation! You have won 2 free British Airways Ticket!”
We've seen many people fall for an Easyjet hoax in which supposed round-trip tickets were up for grabs due to last-minute cancellations. It came with several images of luxurious business class seats – but the plane’s paint job wasn’t quite the Easyjet shade of orange, and in any case Easyjet doesn't even have a business class section! So we were able to work out it was a fake.
When on Facebook and Twitter pages, most larger companies will be 'verified' (indicated by a blue tick on their profile). As a general rule, verified status means you can trust anything posted by an account is legitimate. Yet some major companies aren't verified. If that's the case, look for small details that any real company would have (eg, lots of likes and followers, links to the official website, company history).
One bogus ‘Disneyland’ page claiming to give away huge prizes was a pretty convincing fake. It had used the same logo, header and information as the REAL Disneyland page, but it wasn't verified. It also had only that one competition post on its entire Facebook timeline and the page had only 6,000 likes (the real Disneyland page has 14,000,000).
Other things of note on the page included its spelling and grammar, claiming it’s a ‘fictional character’ instead of an amusement park and its about section saying “Like our page to win”.
Often, when you click one of these scams you'll be taken away from social media to another website, and it's really important you check the URL (the website address) to ensure you're not being led into dodgy online territory.
If Legoland was really giving out five free tickets, you'd most likely be taken to Legoland.com… but in the recent scam, you are taken to Legoland.com-everythingfree.com. When you notice the addition of "everything free" and the double ".com", the penny should drop that this might not be a genuine website.
One Easyjet scam we saw even had “crook” in the URL… not something you would want to click on.
Scammers like nothing more than to have their spurious offers and competitions shared. So a common tactic is to ask you to share the page with your Facebook friends thanking the promoter for the chance to win.
Lidl’s £80 voucher scam asked you to share on your page saying “Thank you for my voucher” and message 15 friends about the offer… unfortunately, that just spreads the scam even further.
Major supermarkets such as Asda and Tesco have both had fake voucher giveaways circling the net, and the legitimate social media pages both posted out a warning saying they are fake. If you 'like' or 'follow' the real pages (the ones with the blue tick), you can often easily check whether there's a fake around that you should be wary of.
This is something Lidl had to do with a scam promotion circulating:
Companies are increasingly using messaging apps like WhatsApp and Messenger to send news and offers to customers who've signed up to receive them. But as a result scams have started to appear on these newer services too.
WhatsApp users reported receiving a message offering five free Alton Towers passes to 500 families:
Fortunately, both the message and the website it linked to, which asked users to answer some questions and send the link to 20 WhatsApp friends to receive the 'prize', were riddled with telltale signs that it was a scam, such as a slightly incorrect link and a lot of bad grammar, arousing people's suspicions. Alton Towers later confirmed the offer was a scam.
Of course, MSE often features Alton Towers deals, but we check these thoroughly to make sure they're genuine.
In the past Ryanair has also warned of similar hoaxes. Scammers sent people a WhatsApp message congratulating them on winning free tickets and asked them to enter personal details. Ryanair confirmed that it does not have a WhatsApp account.
Be wary if you've been asked to pay upfront
You should never have to pay to access prizes or funds due to you.
Worse still, if you're sent a cheque and asked to wire money over as a stop-gap for fees and taxes, the cheque will most likely bounce and you'll be left out of pocket.
Reputable search engines won't necessarily return reputable sites
Bogus websites are often set up to cash in on popular products, or payday loans, so be wary if it's an unfamiliar site.
Don't think that because it appears on a reputable search engine, it's a reputable site. Always check first, especially with sponsored links as these pay to appear at the top of search engines' lists – on Google, a sponsored link normally appears at the top of a search page and will be clearly labelled as an 'Ad' to tell you it's paid for.
One example a few years ago saw payday loan brokers appearing in search engines after people typed in 'credit union loans'. Check where the link's going before you click. And if you've clicked, and it looks dodgy – just don't go any further.
Be careful of urgent deadlines
Nothing needs to be done immediately. Even if your account has been hacked, get in touch with your bank / provider via the appropriate channels.
If you're being asked to hit a deadline, something dodgy is probably going on.
Shred sensitive documents you don't intend to keep and protect bank details
Never give your bank account details or PIN to someone you don't know. It's also wise not to have an easily guessable PIN – so don't pick 0000 or 1234.
If there's an unauthorised transaction on your account, contact your bank or provider straight away. The Lending Standards Board offers guidance on how banks should help with credit card problems, though they don't have to help if there's proof you've been negligent.
In addition, shred and dispose of all sensitive financial documents, including envelopes, as a branded letter from a bank shows you have a relationship that could be taken advantage of.
Watch out for companies that address you as 'Dear Sir or Madam'
Genuine companies should know who they are targeting with emails, text messages and letters. 'Dear Customer' may sound polite, but that or any variation of 'Dear Sir/Madam' or 'Dear Valued Customer' should set off alarm bells.
Many banks will now put something on their emails to identify you – and to reassure you that they know something about you. You'll be addressed by name, and they may put the name of your account or your postcode on the email or letter – information scammers aren't likely to have.
Be online and social media-savvy
If you've a social media account or are signed up to any forums where you can share messages, try your best to limit the amount of personal information you publish online.
For example, don't put your address on Facebook, Twitter or Instagram, and then announce to the world you're going on holiday for two weeks.
Don't text away your fortune
Legitimate marketing messages should identify themselves in the text or in the sent-from number. If not, they're breaking regulations and can be considered spam. Spam texts usually message you from a random 11-digit number and will ask for you to reply – DON'T.
Spam texts are likely to be generic, citing that you're owed accident compensation, a PPI refund or a tax rebate. Some even trick you by asking you to text 'STOP' back to the number to be removed from the mailing list, but that's often just a ploy to see that you're a real person and not an unused mobile number.
If you do get a spam text, forward the text to your network provider for free, simply by forwarding it to 7726, making sure it includes the sender's number. For full info on how to spot and stop scam texts, see Stop spam texts.
Help if you care for an elderly person
Anyone can fall for a scam, but the elderly are often hit hardest as they can be over-trusting or afflicted by illnesses such as dementia. Many can lose their life savings, get into debt or have health problems.
If you care for an elderly person, look out for the warning signs. Are they receiving a lot of junk mail or phone calls from strangers, or have they become secretive when discussing finances?
If you're concerned, visit ThinkJessica, a website which shows how some elderly people can become serious victims of scams.
Be wary of numbers starting 084
Since numbers starting with 084, 087 or 09 became premium (this just means calls to these numbers are charged at a higher rate) most reputable companies have stopped using them. In their place scammers have started using these numbers to trick people out of money.
The most common scam leaves you with a missed call – in most cases the phone won't have rung long enough for you to answer – and when you call back you're charged a fortune. Even if you don't actually call back your bill could sometimes still show that you've made a call lasting anything up to 12 hours, also resulting in a massive charge.
Another scam involves text messages. Scammers will pretend to be from your bank and warn you that a dodgy transaction is about to take place and you need to call an 084 number to stop it. Calls are usually held in a queue before cutting off but you'll still have to pay a hefty bill. So if you get a text that includes your "bank's" number, always find the number independently before you make a call.
If in doubt about a company, check it is registered
All limited companies are listed on the official Companies House site, the Government's register of UK companies (though this doesn't include sole traders). Be wary if its records show a PO box address or just an email.
Get full contact details, including a street address, or fixing problems could be a nightmare. You can also find out who registered the website, and when, on the Whois database.
Signing up for something? Make sure you read the terms & conditions
Even if you don't read the legalese, always at least read the standard terms and conditions before you sign – if there aren't any terms and conditions then this should ring alarm bells.
Plus always ask questions beforehand if there's anything you don't understand, in writing or by email if possible.
Google for complaints and reviews
The internet is a powerful tool to find other consumers' experiences. Easiest of all, do a quick Google search for a company name next to the word 'complaints' or 'reviews' for example, 'Delboy Ltd complaints'.
Always take one-off complaints with a pinch of salt. It could be a competitor, someone malicious or a customer with a grudge. But if there are reams of complaints or reviews are overwhelmingly negative, it could be a sign that something is amiss.
Pay by credit card for added protection
Pay by credit card for something costing over £100, and Section 75 laws super-charge your consumer rights. Unlike debit cards, cheques and cash, pay in full or part (even just £1) on a credit card and by law the lender's jointly liable with the retailer. Though watch out for fees.
This means you have exactly the same rights with the credit card company as you do with the retailer, so if things go wrong, you can take your complaints there instead.
Remember that it's important you ALWAYS REPAY IN FULL each month, so there's no interest cost. See the Section 75 guide for a full explanation.
There's separate protection for purchases under £100
Section 75 doesn't apply to purchases under £100, but there's still an option for added protection if your purchase costs less than this. It's called chargeback, and while not a legal protection, it's a good secondary backup to Section 75.
So if you spend less than £100 on Visa, Mastercard and Amex credit cards – or any amount on most debit and charge cards – but the goods don't appear within 120 days or they're faulty, you can ask your bank whether they can reclaim the cash from the seller's bank. See full details in our Chargeback guide.
Make sure any payment you make is SECURE
When you pay for a purchase, always check the site is secure. Although it doesn't guarantee the site isn't a scam, any data you enter is encrypted so it's harder for others to intercept.
It's really easy to tell as the web address will start with 'https', rather than just 'http'. Look for a security padlock on your browser (usually next to the web address).
Clever ways to calculate your finances