While fraud and scams are not new, advances in technology give criminals more ways to attempt to access your money. Knowing the techniques they use can help you protect yourself and your money.
Fraud or scam?
In everyday use, the words fraud and scams are used interchangeably. However, we think it’s useful to use clear definitions.
Fraud happens to you, scams happen with you.
Fraud is wrongful or criminal deception intended to result in financial or personal gain. Fraudsters access a customer’s account or take money without the customer’s permission.
A scam is a type of fraud, but where customers are tricked in to taking actions themselves, which then gives a fraudster access to accounts and money.
Fraudsters gain the customer’s confidence and make them believe that the actions they’re being asked to take are for a legitimate purpose.
If you think you've responded to a scam or been a victim of fraud, contact us straight away and report it to Action Fraud on 0300 123 2040
Tips for spotting fraud and scams
While there’s no one-size-fits-all approach when it comes to protecting yourself from fraudulent activity, we’ve put together a list of things that can help you spot and avoid fraud and scams.
- Always think carefully before making a payment, especially if it’s a lot of money for you. Speak to someone you trust first, like a friend or family member, before making payments.
- Pay extra attention to the warnings we provide when making a payment. They’re in place to help you bank safely and avoid being scammed.
- Anyone can be easily impersonated, and criminals can make the caller ID, email address or name look exactly like the genuine caller. So, if you receive an email, text or call, verify it’s genuine by phoning them back on a known and trusted number.
- When making a payment, always take the time to complete extra checks to make sure the payee and the payment is genuine. This includes reading reviews, researching companies or websites, and verifying the person or company are who they say they are.
- Don’t allow anyone to access your computer or devices remotely. This is because criminals can ask you to click on a link or download an app.
- Remember, your bank, the police or any trusted organisation will never ask you to withdraw, transfer or send back money from your account. If you’re asked to do this, it’s a scam.
If you're concerned or think you've responded to a scam email or text or given your details out to the wrong people, you should contact us first on 0800 9 123 123 and report it to Action Fraud on 0300 123 2040
Common types of scams and fraud
There are lots of different types of scams and fraud. See our list of helpful links below to find out more about each type.
With these scams, criminals pose as HMRC to try and persuade you to send them money by insisting that you make an urgent payment or click on a link in a message. For example, they could send an outstanding bill or tax rebate messages. They may even threaten you with court action, bailiffs, or police arrest if you don't take urgent action.
These scammers can contact you at any time of year, though they tend to get more tax assessment deadline dates. They might make contact through:
- text messages
- instant messaging services like WhatsApp
- phone calls
- or even social media.
The caller ID or email address might say it's from HMRC or HM Revenue and Customs, but criminals can fake these details to appear the same as the genuine ID. HMRC will never call you out of the blue about a claim, payment or debt that you don't already know about and will never call threatening legal action.
How you can protect yourself
- Never make a payment to HMRC if they contact you out of the blue, even if you're threatened with police or court action.
- Always check what you owe directly with HMRC on the GOV.UK website.
- Never rely on the number on the caller display as proof that it's HMRC you're talking to. This can be falsified (known as spoofing) by a criminal to appear as if they're calling from HMRC or any other organisation.
- Never be pressured into providing personal or financial information to anyone.
Romance and friendship scams
These happen when fraudsters take advantage and convince someone that they want to become friends or are romantically interested. Scammers typically create fake online profiles designed to lure you in. They may use a fictional name or falsely take on the identities of real, trusted people such as military personnel, aid workers, or professionals working abroad.
These fraudsters can spend a long time building trust, though they can all happen rather quickly. They’ll invent a reason to ask for your help using the emotional attachment they've built with you and say that they'll repay you.
For example, they might say they need help with travel costs or hospital bills. Or they may prey on your sympathies by telling you a family member or someone else they're responsible for is ill and needs money for medical treatment.
How to protect yourself
- Never send money to someone you haven’t met in person.
- Always consider the possibility that the approach may be a scam, particularly if the warning signs listed above appear. Try to remove the emotion from your decision making no matter how caring or persistent the ‘prospective partner’ is.
- Be wary of requests for money. Never send money or give credit card details, online account details, or copies of important personal documents to anyone you have met online.
Social engineering is a manipulation technique used by fraudsters to get you to share personal and confidential information, or to perform an action for their benefit.
- Social engineering can happen over the phone, in person or digitally.
- People often don’t realise it’s happening as they can be naturally trusting and criminals use sophisticated techniques, invoking fear, panic or building a friendship.
Social engineering is also used in scams to make people take action where they wouldn’t normally do so. For example:
- sending a payment to an account without verifying that it’s genuine
- allowing someone access to devices
- giving away personal or security information without realising the other person is a fraudster.
The fraudsters impersonate a trusted source such as your bank, the police, or even a friend or family member.
See below for a few examples of social engineering.
In a remote access scam, a scammer attempts to persuade you into giving them remote control over your personal computer. They do this by asking you to download a legitimate app such as TeamViewer or AnyDesk, or by simply getting you to click on a link.
You should never allow remote access to your devices unless you have verified that the caller is genuine and trusted. Even if access is granted, never open any banking apps or windows. Remote access gives the other person full access to view and act on everything you can.
Phishing (emails), smishing (text), and vishing (voice calls)
These are the most common social engineering tactics. They can appear very real and are increasingly difficult to know if they are genuine. Never reply or act on anything without verifying that it’s from a legitimate source. Visit our ‘How to report fraud’ section on this page to learn more.
Investment scams are evolving and are now more common than ever. Criminals use intense, high pressured sales techniques to convince you to invest in worthless or non-existent shares.
Investment scam criminals will usually get in touch after you’ve shown interest in their fake firm on social media or through a google search, but they can also cold call people out of the blue. The criminal appears professional and may offer investments in commodities including cryptocurrencies, carbon credits, property, land, gold, or wine. The investment offer is supposed to provide the investor an excellent return in a short time frame.
Fraudsters are very clever and convincing. There are warning signs to look for that can help you to spot a possible investment fraud:
- An unsolicited email, private message or cold call offering any form of investment. Cold calling to sell you shares or investments is illegal.
- ‘Limited time only’ offers that don’t give you enough time to consider the investment.
- A pushy and persistent sales technique.
- Company names which sound familiar or have a slight variation to a legitimate company that is registered with the Financial Conduct Authority (‘clone’ companies).
- A company that encourages keeping your investment secret to ensure maximum returns.
The FCA has created ScamSmart, an online tool to help consumers identify if their investment is a scam or not. Answer 4 questions with drop downs for multiple choice and get a clear picture on the potential investment and the potential risks.
ScamSmart aims to help you understand whether the company you’re planning to invest with is regulated by the FCA and whether there’s a potential it’s a cloned/spoofed company. Remember, you must carry out your own due diligence checks on the company (like checking the telephone numbers you’ve been given match those registered to the company and you contact them directly using the genuine number to confirm the details).
How to protect yourself from investment and cryptocurrency scams
- Make the right checks – firms providing regulated financial services must be authorised by the FCA. You can check whether they are authorised on the FCA’s register
- Avoid clones (fake companies that look genuine) - use the contact details on the FCA Register, not the contact details you’ve found on an online advert, or that the firm gives you when they make contact.
- Don’t assume it’s real – professional-looking websites, adverts or social media posts don’t always mean that an investment opportunity is genuine. Criminals can use the names of well-known brands or individuals to make their scams appear legitimate.
- Stay in control – avoid uninvited investment offers whether made on social media or over the phone. If you’re thinking about making an investment, thoroughly research the company first and consider getting independent advice.
- Never download software or apps that allow someone remote access to any of your devices, including your computer, laptop, tablet or phone.
- Don’t allow anyone to set up a cryptocurrency wallet, upload ID documents or manage investments on your behalf remotely.
Visit the FCA website to learn more about how to avoid investment scams and protect yourself.
Cold-calling to sell shares or investments is illegal. Dealing with an investment criminal will almost certainly result in you losing your money. Remember: If something sounds too good to be true, it’s probably a scam.
These scams trick online shoppers into thinking they’re dealing with a legitimate contact or company when it’s actually a scammer. Fraudsters can advertise on social media, genuine selling sites, create fake websites or hack sellers’ accounts.
These scams can happen when you find something online that you want to buy. This could be a holiday, flights, concert tickets or a games console. Once payment has been made, the seller disappears, leaving you with either no goods at all, or goods that are less valuable or significantly different to those advertised.
These scams can happen when selling items online. You may send the goods as agreed and never receive payment, or you may be tricked into returning an overpayment. The fraudster may send you a cheque for a greater value than the value of the item being sold. They ask for the extra money to be transferred back or sent on to a third party, for example a ‘shipping agent’.
How can you spot them?
These fraudsters are very clever and convincing, but there are sometimes warning signs that could help you identify them in the future.
- An item that is advertised as priced under the recommended selling value – does it sound too good to be true?
- The seller makes extra effort in communication to push the sale through.
- The buyer sends you more money than they need to pay for the item, asking you to return the difference.
- A seller you don’t know and trust asks you to use ‘PayPal Friends & Family’ service or to pay for goods by bank transfer.
- Facebook Marketplace is a great way to buy and sell locally, but be cautious when buying an item that you can’t see in person. The seller may be using a fake profile, or if they have a website, it may not show their own buyer and seller protection information. Buying this way is high risk.
How can you protect yourself?
Even if there are no warning signs, we’d recommend considering the following:
- If buying from a reputable buying site such as eBay, Airbnb, Autotrader or Gumtree, stick to the advice and process they’ve provided. Never communicate outside the site.
- Avoid paying in cash, or by direct money transfer where you can pay with secure payment methods, such as PayPal or your credit card.
- If you’re buying a large item such as a car, make sure you see it in person before making any payment.
- Be wary of accepting payment for goods by cheque.
- Never send personal or financial details by email.
- Research the seller and site and always read the reviews. Check several review sites and compare them. This helps rule out any fake reviews left by fraudsters.
Impersonation scams happen when a fraudster contacts you pretending to be from your bank, the police, or another trusted organisation to convince you to send them money.
They’ll create a sense of urgency, a reason to panic to stop you from thinking straight. They may tell you that you’ve been a victim of an attempted fraud or had an overpayment that needs to be returned. They may even give you details of a false spend on your account which you don’t recognise, or that your account is no longer secure and that you need to take urgent action. They’ll insist that, in order to keep your money safe or prevent further losses, you need to move your money to a ‘safe’ or newly opened account.
Many fraudsters use something called ‘spoofing’. This is where someone deliberately falsifies how their contact number appears on the caller ID, messenger name, or email address to disguise their identity and try to convince you that they’re someone else.
Fraudsters will use a variety of methods to contact you, so always be cautious and check that the request is genuine. See below for some examples of impersonation methods.
Telephone, text, or email
This is when someone contacts you claiming to be someone they’re not, for example your bank, Amazon, HMRC, a parcel company, or even the police. Fraudsters want you to act urgently and try to pressure you into clicking a link, revealing your security details, or to transfer or withdraw your money.
Fraudsters send messages or make contact through messaging services like WhatsApp, direct messages, Facebook and any social media platform. They may pretend to be a friend or loved one in need of help.
Invoice or mandate scams
These happen when a fraudster sends a bill, invoice, or other payment request to someone asking for payment following the supply of goods or services, even a house purchase. Often, they’re received by email and will always look to be from a genuine business or contact.
The contact may even impersonate a solicitor, family member, friend, colleague, or a senior member of staff, asking for an urgent payment to be made.
They’ll ask you to either set up a brand-new payment, or to change the account details on an existing payment. Often, they insist on urgent payment to avoid additional charges or further consequences. This is done to try and make you panic into taking quick action.
In fact, fraudsters can intercept emails, text and social media messages, and send fake requests that look genuine. They want to trick you into paying the fraudulent account rather than the genuine company’s account. It’s often not until the money’s been sent and the customer is chased for payment by the real company that the fraud is uncovered. By this time, the funds have usually long disappeared from the fraudulent account and aren’t recoverable.
How can you protect yourself?
Always check the payment request, amount, and account details with someone in person or over the phone. If you’re calling them, only use a publicly available phone number, such as the one from their direct website.
If you’re ever concerned about a request for money or information, take time to think about what you’re being asked to do and carry out any other checks you need to do until you’re happy that the request is legitimate. Never be hurried into sending money to an account.
Advance fee scams
An advance fee scam is when a fraudster asks you pay in advance for the promise of goods or services that you never get.
Examples of this type of scam could be:
- paying an ‘admin fee’ to release funds from a loan
- paying a deposit for accommodation which doesn’t exist
- paying a fee to release lottery winnings
- paying a ‘recovery fee’ to fraudsters who promise to recover money lost in a previous scam. If you have been a previous victim of a scam, you can be targeted by this specific scenario.
Fraudsters will use a variety of methods to contact you. This can be through email, text message, phone call, social media or a combination of two or more to build trust. Always be cautious and consider how you can verify that the person, organisation or opportunity is genuine.
This is where people are persuaded to unwittingly launder money and are known as 'money mules'. Criminals look to dupe people into laundering money on their behalf.
They do these in a number of ways, see below for some examples.
- Advertising what looks like a legitimate job where you are managing finance, or ‘make money working from home’.
- A friend asking you to deposit money at your bank and transfer it for them (they’ll claim their own account is blocked).
- Or someone asking you to bank a cheque and then give or transfer them the cash.
You may be asked to receive money into your account only to withdraw those funds and send it on. Some fraudsters may even offer that you keep some of the funds as a commission or thank you.
Please be aware that:
- criminals normally approach you through social media
- the money you’re asked to transfer is normally stolen or the proceeds of crime
- handling this money could result in criminal prosecution
- your accounts could be frozen and potentially closed
- wages kept by you as part of the transfer will be recovered from your account, and you may be liable for the full value of the funds you received
- details of your involvement may be shared with other banks, making the opening of another bank account difficult.
SIM swapping happens when fraudsters ask their victims' mobile phone operator to issue a new SIM card so that they can access mobile banking messages. The victim’s SIM card is deactivated and the messages are instead received on the fraudster’s device. Fraudsters often obtain the details required about the victim’s mobile phone through phishing (see above).
Santander has developed award-winning SIM swapping detection technology, but customers should be aware of any issues with their mobile phone which could be related to SIM swapping.
The warning signs are:
- receiving an unexpected text message advising that your SIM is transferring
- losing network connection for an unusual length of time in a place where you would normally have a connection
- your phone showing the message ‘invalid SIM’ or ‘no SIM’.
If you think any of the above has happened with your phone please contact your mobile phone service provider immediately using the number displayed on their website.
How to protect yourself:
- set a secure password with all phone service providers
- dispose of your phone bills securely
- keep your phone switched on at all times – this way you’ll notice if it’s not working.
Identity theft affects over 100,000 people every year. With a few personal details, a criminal can open new bank accounts, get new credit cards, claim benefits and apply for official documents like a driving licence - all in your name, and all traceable to you.
The warning signs are:
- 'lost' mail, for example your bank statements or credit card bills suddenly stop arriving
- your rubbish bags have been tampered with
- you start getting bills you don't recognise
- strange Direct Debits or payments appear on your account.
How to protect yourself:
- shred sensitive information - never simply throw it away or recycle it
- delete suspicious emails from organisations requesting personal information – remember, we'll never ask for such information by email
- think twice before giving out personal information
- if you move house, redirect your mail
- use online bank statements instead of printed, posted ones.
Contactless card fraud
Contactless payments are relatively new, and a quick and convenient way to pay especially if remembering a PIN or using a fiddly number pad is a problem.
Contactless card fraud can occur if your card is stolen or temporarily taken away from you, allowing criminals to tap it at payment terminals or skim the card details.
Banks have controls in place to limit this but to keep yourself safe just make sure you keep hold of your card all the time. And if you do lose your card or have it stolen, report it to your bank as soon as possible.
And don’t believe some reports in the media about ‘in pocket’ contactless machines that mean fraudsters can steal your money by just walking close to you, it’s nonsense!
Cash machine skimming
Using a cashpoint is easy, convenient and almost always safe. But sometimes criminals tamper with cash machines to steal your card information, or PIN.
Here are a few things to look out for when you use a cashpoint.
- A device might be placed over the card slot which scans your card details, or a fake keypad may have been placed over the top of the real one. Look out for parts of the cashpoint machine that appear a different colour or material to the rest.
- Tiny cameras the size of a pinhead can be drilled into cash machines which photograph you and your card while you take cash out. Look out for damage or possibly stickers that could be trying to cover up damage where holes have been drilled.
- Someone could simply be looking over your shoulder while you’re taking out cash to try and see your PIN. Then they find a way to take your card by distracting you.
Keeping yourself safe at the cashpoint:
- if the cash machine looks like it has been tampered with, don't use it
- when entering your PIN, cover it with your hand
- look out for anybody standing too close or trying to distract you.