Too good to be true: How to recognise and avoid online scams
7 min | 21 September 2021
From phishing, vishing, and smishing, to home buying scams, online fraud has become much more commonplace since the start of the Covid-19 pandemic.
In the first of a four-part series, we discuss some of the most common types of online scams and what you can do to help protect yourself.
If there ever was a situation worthy of being described as "difficult", Covid-19 is it. Lockdowns, furlough, being unable to hug our loved ones, and all the other consequences of the pandemic have made us feel more vulnerable. And scammers have been taking advantage.
In April 2020, the BBC reported an explosion in scam emails — more than 100 million a day.
So how do you avoid becoming another statistic?
Common online scams and how to avoid them
Some common online scams are:
- Phishing, vishing and smishing
- Authorised payment scams
- Freebie scams
- Home-buying scams
Here's how to spot them and how you can help protect yourself.
Phishing / vishing / smishing
Phishing, vishing, and smishing sound like words from the world of science fiction, but are actually scams where someone pretends to be from a reputable organisation — a legitimate company, your bank, or even a government department.
In phishing, they’ll get in touch by email. Vishing is a scam phone call, while smishing involves texts.
In each case, the aim is to trick you into giving out passwords and other personal details, either by asking you to follow a link or, in the case of vishing, over the phone.
Unfortunately, phishing, vishing, and smishing are commonplace, and worryingly in 2020 more than 75% of organisations surveyed worldwide for a Proofpoint report said they faced a phishing attack. The good news is that they can be easy to spot if you know where to look.
- Suspicious URLs (the address of a website): When you receive emails, particularly from someone you don't know, check the URL. Look out for random characters in the address, or perhaps a URL that ends in .net instead of .co.uk
- Check the email address before clicking anything in the sender's email - if the 'from' is wildly different from the 'reply-to' address, especially with odd spellings, report and block
- URLs in texts could be suspect, unless you're absolutely sure of the sender, avoid clicking on URLs in texts. (You can hover over a link to show the destination address)
- Requests for your data or personal information when it doesn't seem necessary, for example, you shouldn't need to provide your date of birth to verify who you are when ordering a food delivery
- Inconsistent formatting and blurry, or low-quality branding on an email
- If it's vishing, the call might come from a private number or even look like a legitimate number (sophisticated scammers can spoof numbers - so the number you see matches the one you have saved in your contacts list even though it's not coming from that number)
- Careless language: Reputable organisations wouldn't normally send out poorly-phrased texts or emails or leave in typos and grammatical mistakes
- A legitimate company is unlikely to threaten you with legal action out of the blue, you'd usually receive written correspondence if it was a genuine grievance
- Beware of agitated or pushy voices on the phone - these are deliberate tactics to make you panic
- An offer that sounds too good to be true - generally anything that promises a good payout for little effort should be treated with caution
We’ll never send you an email asking for your security information, or for any personal details such as your name or date of birth. If you’re ever uncertain about an email claiming to be from Chase, please forward it to firstname.lastname@example.org then delete it immediately. We’ll send an automated response to let you know that we’ve received it.
Authorised payment scams
Your bank's fraud team calls. Your account's been compromised and you need to move your money to a 'safe account'.
Except it's not safe. It's controlled by a scammer who is trying to trick you into sending them money.
Authorised payment scams are becoming increasingly common, to the point £479m was lost to fraud in 2020.3. Here's what you can do to protect yourself:
- Take your time. Scammers want to panic you into action. Don't play their game
- If you've received an email or SMS, don't reply or follow links. Similarly, if you’ve received a phone call, hang up
- If you need to call back, do it from a different phone if possible in case the scammer has left the phone line open and check the callback or contact details are genuine
- Call your bank's support team. They'll be able to confirm your account's status and advise on next steps. If you're a Chase customer, you can call us directly from within your app by tapping on support then tap 'call us' - and we'll never ask you to move money!
In this type of scam, you're typically offered a free trial of a product or service. Except you're asked for your payment details for "verification." Once you're signed up, regular payments start being taken out of your account.
As with phishing, vishing, and smishing, if an offer sounds too good to be true it probably is. So think carefully before you part with your payment details online.
It's also worth bearing in mind that legitimate businesses are unlikely to offer you a free trial without specifying certain conditions. So if you can't find any terms and conditions, or they're unclear, think twice. If you do have any concerns with how you have shared your payment details or a subscription you have, contact your bank to discuss.
Home buying scams
An unexpected consequence of Covid-19 is that the housing market hasn't slowed down, and home buying scams haven't either.
Typically, the fraudster will impersonate your solicitor and email or call you close to the completion date about a change to their bank details. The aim is to trick you into sending your deposit money to them.
If this happens to you, don't chance it. It's unlikely that a solicitor would make sudden, last-minute changes. So phone them up and double-check the details before you transfer the money.
Nobody is "too smart to fall for it"
Scammers are professionals. It's their job to try and deceive you. And, sadly, sometimes they succeed.
But you can take steps to help protect yourself from their tricks.
Look out for unexpected emails, texts, or calls, and don't be afraid to question strange requests. If you're dealing with a legitimate organisation, they'll be more than happy to address your concerns.
And if you think you've been the victim of a scam, know you're not alone:
- Get in touch with your bank straight away. They'll advise you on what steps you should take
- Use a password manager to store your login data securely
- Consider placing a protective registration on your credit report (Opens in new window). This costs £25 and will alert you if someone tries to get a loan or credit card in your name
- Log on to Have I Been Pwned (Opens in new window) every so often to check if any of your details have been compromised in a data breach
Have a family member or friend you think would benefit from reading this? Pass it on.
We also recommend reading these
- To trust or not to trust? Romance scams, investment scams, and other online confidence tricks
- Is that really you? Staying safe from impersonation scams
- Get smart about card fraud
- BBC.co.uk Article dated 17 April 2020 "Google blocking 18m coronavirus scam emails every day"
- Proofpoint.com Report "2021 State of the Phish Report"
- UKfinance.org.uk Report "Fraud - The Facts 2021"