Types of attack

Find out about common scams being carried out around the world and how to protect yourself against them:

Description

Fraudsters will try and convince you to make an investment; often using false testimonials, fake celebrity endorsements, spoof websites or phone calls, cloned companies and other replica marketing materials to make the scam appear genuine.

Tips

Conduct your own research to understand the offer and how investments and trading works
Don’t fall for fake endorsements – fraudsters may impersonate famous personalities on social media to make their offer look genuine
Get a second opinion, speak to trusted friends or family members and seek professional independent advice before conducting any investment

Description

Cryptocurrency is increasing in popularity, with some people seeing high returns on investment. However, criminals are using this as an opportunity to steal money by advertising fake investments that don’t exist or falsely advertise high returns.

Tips

Never let anyone set-up a cryptocurrency wallet, upload ID documents or manage investments for you
Don’t fall for fake endorsements – fraudsters may impersonate famous personalities on social media to make their offer look genuine
Don’t be pressured or rushed into making any investment decision, take your time to conduct research

Description

Scammers prey on those who are low on funds to act as ’money mules’. This means you allow money to be transferred through your bank account in exchange for payment.

Tips

Don’t open a bank account in your name for someone else
Don’t allow your bank account to be used to send and receive funds for other people
Never share your pins, passwords or passcodes with anyone

Description

Purchase scams happen when you’re paying for an item, experience, or service that then isn’t received and your money is lost.

Tips

Use safe and official sites when shopping online
Use safe ways to pay, such as your debit or credit card
Research the retailer online to make sure they’re legitimate

Description

This involves unsolicited letters and emails offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. The transactions typically require you to pay an ’advance fee’ or tax to complete the deal. However, any fees paid will be lost.

Tips

Do not send money or provide personal information to anyone who asks for an upfront payment or fee in exchange for financial gain
Always approach online offers, emails, or messages with a healthy dose of scepticism. Don’t trust unsolicited requests for money
It’s ok to reject, refuse or ignore any request. Only criminals will try and rush or panic you

Description

This involves letters or emails which advise the recipient that they have won a prize in a lottery. To obtain the funds, they are asked to respond to the letter or email. A request will then be made for the recipient to provide their bank account details to allow for funds to be transferred.

Tips

Always approach online offers, emails, or messages with a healthy dose of scepticism
Do not send money or provide personal information to anyone who asks for an upfront payment or fee in exchange for financial gain
Beware of urgency. Scammers often create a sense of urgency or pressure you to act quickly

Description

If a criminal tricks you into transferring money to them, it’s known as an authorised push payment (APP) scam. It differs from other types of fraud, as the account holder (you) will have direct knowledge of the payment.

Tips

Always independently verify the identity of the person or organisation requesting the payment, especially if you receive unexpected or unsolicited requests
Beware of urgency – scammers often create a sense of urgency or pressure you to act quickly
Communicate and confirm payment details through trusted and secure channels, rather than relying on email, text message, or messaging apps

Description

Cheque fraud is the alteration, forgery or counterfeiting of cheques.

Tips

Store cheques securely where they cannot be accessed by others
Use full signatures on cheques
Reconcile cheques carefully

Description

Call spoofing is a technique where the fraudster fakes the phone number or caller ID of an existing individual or company to give the impression that you are being contacted by a genuine number.

Tips

Verify requests for personal information, never provide personal or financial information over the phone, unless you initiated the call and are certain of the recipient’s identity
Terminate the call and contact the individual or organisation either on a different phone line or after waiting 30 seconds to ensure the line is properly disconnected
Alternatively, if the call was from someone purporting to be from your bank, visit a branch to discuss your concerns and confirm if the call was genuine

Description

Smishing involves scammers sending text messages pretending to be from your bank, or another legitimate organisation. Their goal is to make you click a malicious link to fill out your personal/banking details.

Tips

Think before you click: is it coming from a trusted source, is there an unreasonable sense of urgency?
If in doubt, contact the organisation using a phone number you know is genuine, or visit their official website
Don’t click on any links or download attachments

Description

An email designed to trick the recipient in to disclosing sensitive information, click a malicious link, or open a malicious attachment. Phishing is often used to establish initial access on a device or network.

Tips

Think before you click: is it coming from a trusted source, is there an unreasonable sense of urgency?
If in doubt, contact the organisation using a phone number you know is genuine, or visit their official website
Don’t click on any links or download attachments

Description

This scam involves a fraudster making phone calls purporting to be from a reputable organisation, such as a bank, the fraud investigation team or police. The call is made to obtain personal financial information (i.e., account details/secure key codes) to gain access to their victim’s finances.

Tips

Hang up the phone properly and wait 15 seconds. Make sure the line is fully disconnected
Wait another 15 seconds before beginning a new call or use a different phone
Contact the organisation using a phone number you know is genuine

Description

Identity fraud involves the use of a person or business’ stolen details to commit crime. Fraudsters can use your identity details to open bank accounts, obtain credit cards, order goods in your name and take over your existing accounts.

Tips

Shred letters or receipts which contain business/personal information
Check your statements carefully and report anything suspicious to the bank or financial service provider concerned
If you receive an unsolicited email or phone call from what appears to be your bank, never reveal your security details, passwords, login details or your pin

Description

The fraudster will purport to be your bank, trusted organisation, or someone you trust like your children, then try to convince you to make a payment or give personal or financial details.

Tips

Only give your personal or financial information to services you have consented to and are expecting to be contacted by
Verify if the person you’re talking to is who they say they are
Don’t give anyone remote access to your computer following a cold call or unsolicited message

Description

Increasingly fraudsters are disguising themselves as legitimate suppliers and asking unsuspecting customers to change the bank account information you have on record. As a precaution, if you get such a request, always take the extra step of checking directly with your suppliers.

Tips

Check the email address carefully for discrepancies. Fraudsters can create new email addresses that are very similar to genuine emails
Never just assume that an email received from a known email address (or with a previous email trail) is genuine
Call a trusted source in your supplier’s company on a known phone number (not one listed on the document requesting the change of bank details) to verify the change

Description

Malware is an umbrella term for a wide variety of malicious code designed with the intention of harming its target, i.e. provide remote access, steal banking information, encrypt and deny access to data, or hijack a device’s computing power. Malware can be installed in a variety of ways, including through email attachments, file downloads, or by clicking on links in malicious websites.

Tips

Keep your devices up to date by installing the latest security upgrades as they become available
Don’t access questionable websites or download free software or apps
Avoid using USB sticks from unverified sources

Description

Remote access takeover is where fraudsters obtain access to your account, either by using malware to take over your device remotely, or by tricking you into providing your account information.

Tips

Keep your computer security programs (such as antivirus and firewalls) up to date
Don’t allow scammers access to your computer to fix a virus or help with slow internet connections
Be wary of unsolicited text messages, do not click links in text messages as they could be malicious

Description

A type of malware that blocks or otherwise restricts access to data under the promise that the restriction will be removed once a ransom has been paid.

Tips

If you suspect a computer has been infected with ransomware, immediately disconnect it from the network
Don’t access questionable websites or download free software or apps
Don’t open unexpected file attachments or click on links, and make sure your devices and applications are up to date on security updates

Description

Pharming is when a fraudster creates false websites in the hope that people will visit them by mistake. People can sometimes do this by mistyping a website address - or a fraudster may redirect traffic from a genuine website to their own. The ’pharmer’ will then try to obtain your personal details when you enter them into the false website.

Tips

Double check the URL carefully for discrepancies
Look out for security indicators on the website, such as HTTPS and a padlock icon in the address bar, to check if a website is safe
Verify the website’s authenticity before entering personal or financial information

Description

This type of scam usually begins with a fast-moving online relationship. The scammer will usually use a fake picture and profile and will go to great lengths to build a rapport and emotional bond. They’ll then appeal to you for money, perhaps for travel or an emergency.

Tips

Never send money to someone you have only met online, and don’t agree to send money on their behalf (could be proceeds of crime)
Make sure adequate privacy settings are enabled on your social media accounts so strangers don’t have access to your personal information
Stay in regular contact with friends and family who are dating online to help spot any changes in behaviour

Description

CEO fraud is a type of business email compromise attack where fraudsters take control of CEO (or senior leader) email accounts or create an email account that is very similar. The fraudsters pretend to be the CEO, with the aim of extracting money from the business.

Tips

Check email addresses for discrepancies
Take one step back before actioning and think whether it’s a normal request that the CEO would make
If making a payment at work, verify the payment by phoning the contact on a known contact number. Don’t call the number on the email

Description

This scam involves fraudsters purporting to be from a customer’s bank, or a courier working on behalf of the bank, contacting customers to say their account has been compromised and that their bank card needs to be collected from their home. They may also ask the customer to key in their PIN or write it down and hand it over along with the card.

Tips

Remember phone numbers can be spoofed. If you’re unsure if you’re speaking to a representative from the genuine company, hang up and call the organisation on a known number
Beware of urgency; scammers often create a sense of urgency or pressure you to act quickly
Never reveal your security details, passwords, login details or your PIN to others

Description

Vehicle fraud is a type of criminal activity involving deceptive practices related to automobiles, which can include altering vehicle titles, tampering with odometer readings, or selling stolen or illegally rebuilt vehicles. The aim of vehicle fraud is financial gain through dishonest means.

Tips

Never send money for a vehicle you haven’t seen, and don’t carry large amounts of cash
Take the vehicle for a test drive before paying the full amount
Ask a qualified mechanic to inspect the vehicle before purchasing it

Description

Scammers design attractive offers to persuade you to transfer your pension funds over to them, or release funds from it and invest it in high risk returns, or the funds are stolen outright.

Tips

If you receive a cold call about a pension opportunity, the chances are it’s a scam; hang up immediately
Be wary of offers for free pension reviews or advice
Don’t make a rushed pension investment without conducting research into the firm you are investing in

Online security matters

The internet offers enormous benefits, from enabling us to communicate and shop online, to making it easier for business to trade across borders. But with these benefits come risks – which is why it’s so important to protect yourself and your business.

Improve your cyber awareness

Our videos and podcasts outline how to build your online security awareness.

Payment fraud learning

Payment fraud, including scams, are major risks which impact businesses of all sizes. This learning will provide you with guidance on how to protect yourself from payment fraud.

Access the learning

Did you find this page useful?

Why didn't you find this page useful?

Thank you. We appreciate you taking the time to give us feedback.

Types of attack

Investment scams

Description

Tips

Cryptocurrency scams

Description

Tips

Money mules

Description

Tips

Purchase scams

Description

Tips

Advance fee or 419 fraud

Description

Tips

Lottery fraud

Description

Tips

Authorised push payment scams

Description

Tips

Cheque fraud

Description

Tips

Online security matters

Improve your cyber awareness

Payment fraud learning

Share

Did you find this page useful?

Why didn't you find this page useful?

Download basket