Scams are everywhere. They arrive in your email inbox, as SMS messages, in links sent by ‘friends’, in phone calls and even in person.
You can be faced with a scam just about anywhere, at any time. And our aim is to arm you with the knowledge of how scammers work and how they get your payment details so you can spot the scam before you lose your money.
There are some common scams which you can read about such as Microsoft’s tech support, fake tax refunds and , but using the tips below, you should be able to spot the signs of any scam and avoid handing the fraudsters any personal information that they can use to steal your identity or, more importantly, empty your bank account.
1. Spot fake messages and emails
Scams are becoming much more sophisticated. Don’t assume that you can spot one by poor spelling and grammar. Sure, there are still plenty of scams which contain typos, poor English and bad punctuation.
But there are plenty which are as good as official communications from well-known companies, and it’s not too difficult to put together a fake website that looks exactly like the real thing.
The simplest way to check if what you’ve received is a scam is to look at the URL – the web address – of any links in the message you’re reading.
The scammers can’t use the genuine address, as they don’t control the real website and can’t use it to steal your information. Instead, they’ll register a similar-sounding name and hope you don’t notice.
This text message, for example, could appear to be genuine to many people. But a genuine URL begins with https:// and will appear in full as https://www.revolut.com.
Dominik Tomaszewski / Foundry
Web browsers, especially those on phones, may not show the full URL, but you can always click or tap on it in the address bar to see the whole thing.
Jim Martin / Foundry
But in a text message, the https:// part is often hidden, so the full URL in this scam message is actually https://https-revolut.com. It’s close to the real thing, but if you know what to look for, obviously not the genuine article.
2. Don’t click on links or open attachments
Don’t be tempted to tap on or click links you’re unsure of. You can generally work out whether it is dangerous or not before clicking on it.
Plus, these days, a lot of good security software and apps will warn you when they spot a dangerous link in an email or text message. Some can even do this in social media feeds.
Along the same lines don’t open email attachments unless you are sure they are safe. If you’re unsure, do not be tempted to open them. Again, security software can scan attachments and give you a warning if they contain anything dangerous. There’s good free antivirus available if you can’t afford to pay for it.
3. Don’t give out passwords or payment details
If you get a request for your bank details, credit or debit card number or any other type of payment when you weren’t expecting it, be suspicious.
Legitimate companies and organisations do not call out of the blue and ask for payment details or passwords or any other personal information. A common scam is that someone pretending to be from your bank will tell you there’s a problem and that you need to verify (or re-verify) your details.
So, if this happens, whether on the phone, in person or over email or another form, assume it’s a scam and don’t tell them anything.
In the unlikely situation it’s a genuine request, you should say that you’re going to contact the company yourself to find out if the message and request has really come from them. If it is genuine, they won’t have a problem with this.
The only time you should be asked for information is when you call a company to talk about the specifics of a service or account (such as your bank, doctor or insurance company). Even then, they won’t ask for your bank details or password. At most, you’ll be asked for one or two letters from a password, but never the whole thing.
4. Don’t be pressured to act quickly
Just recently, we were told of a phone scam in the UK where the scammers phone victims pretending to be the police. They say that they’re investigating fraud associated with your bank account and need to confirm the details with you.
This is a classic pressure tactic used to cause panic and persuade you to comply against your better judgement.
There are lots of other ways scammers use to put pressure on you by giving you tight deadlines which make you think you have to act immediately.
But you don’t. The first thing to do is to check whether the request is genuine.
As we’ve said, do this by contacting the company or organisation that’s supposedly requesting this information and verify if it has come from them or not.
If you’re told your account is frozen or there’s some issue with your bank, then get in touch with your bank (using official, genuine contact details) and ask them.
5. If it sounds too good to be true…
… it probably is. So many scams promise a great deal or an offer that you mustn’t miss out on.
Some are pretty obvious. You haven’t, for example, been left millions by an unknown relative. And someone you don’t with millions hasn’t contacted you randomly to use your bank account to transfer it to someone else.
Similarly, you haven’t won a competition or sweepstake you didn’t enter.
If you think you’ve seen a bargain on a website you don’t know, check if it is well rated on TrustPilot. Companies can post fake reviews, so read as many as you can to verify they’re genuine. It’s usually possible to tell if they’re not.
If you can’t find any reviews of the company, it’s usually better to pay a little more and buy the product or service from a reputable source.
6. Pay using a credit card
Purchases over £100 in the UK on a credit card are protected by what’s called Section 75. If you don’t receive what you paid for you can tell the credit card company and you may be able to claim the money back.
In the US, credit cards also offer more protection than other ways of paying, but you can also use Apple Pay, Google Pay or another system which hides your card and bank details from the merchant.
7. Check directly with the company in question
Don’t assume that authentic-looking emails, messages or even documents sent through the post are genuine.
The way to verify if something has really been sent to you by a legitimate company is to get in contact with them through official channels.
In other words, don’t call or email using the details provided in the emails or links you’ve clicked on. Find genuine contact details for the company either by Googling or typing in its website address directly into your browser.
Ask if what you’ve received was really sent by them, and you’ll know if it’s a scam or not.
8. Hi mom, I’ve got a new number
One of the newest scams is to send you a message that appears to be from your child. They’ll tell you they’re messaging from a new number and to use this one instead of their old one.
They’ll usually follow up this message with a request for money, including some bank details for you to pay it into.
But the ‘friend in need’ scam can take other forms. You might get a message from a friend on social media asking for money.
Whatever the request, call the person so that you can hear their voice and get them to verify the messages are really from them before doing anything they’ve asked you to do.
9. Refunds and rebates
“You’re due a refund. Please tell us which account to pay it into” is a classic scam.
However, at the moment, fraudsters are using the cost of living crisis to send fake emails and messages about energy rebates and other benefit payments.
The key thing to know is that governments, local councils and other organisations won’t ask for your bank details.
One of the latest scams asks you to click or tap on a link to apply for energy rebates. Again, the government doesn’t ask people for their bank details.
Rebates are usually paid automatically into your account and don’t need to be “applied for”.
If you’re unsure of the process of getting a refund or rebate, then research this first before handing over any personal or payment details.
10. Don’t assume search results are safe
Just because you’ve searched on Google or Microsoft Bing (ok, no-one uses Bing), don’t blindly click on a result thinking that the search engine deems it safe to use.
Search engines should weed out the worst, but they make no guarantee that every site they do serve up is safe to use.
Again, that’s where security software can help. Norton Safe Web is a free web browser extension that will check search results and flag any that are potentially dangerous.
What to do if you’ve been scammed
Speak to your bank, if you think your account might be at risk or you know money has been taken without your authorisation.
If you’re signed up for online or telephone banking, change your password as soon as possible.
As we always advise, use a separate, strong password for all your accounts and never use the same password for multiple accounts. Use a password manager to remember all your logins.
A quick way to get in touch with UK banks is to call the new 159 number. Not all banks are signed up yet, but you can dial 159 from your phone to be connected to your real bank and verify what’s going on.
You can also report fraud to Action Fraud, and contact the Citizen’s Advice for help.
