1. Copycat and fake websites
Fraudsters create very convincing websites that look almost identical to the websites of big retailers. They’ll then use search engine advertising, email, social media or text messages to try to lure you to their website where you’ll be asked to enter login, payment or personal details. They may create their own online shop where you can buy products or build a website that looks exactly like the "big brands" that you're familiar with. Equally, many of us might be looking to support independent, sustainable brands this Christmas – so how can you tell if they are a legitimate company?
What you can do:
- Look for reviews.
- Check Companies House.
- Look out for the padlock symbol next to the URL and check that it starts with "https" (the 's' stands for secure). Generally, this indicates that the website connection is secure, however in recent years criminals have found ways to obtain fake security certificates, so this method cannot be relied upon alone.
- Check the URL is that of the official site and isn't altered or spelled incorrectly.
2. Bogus adverts and counterfeit goods
Once fraudsters have their fake or copycat website in place, they use Facebook, GoogleAds, Google Shopping and other big advertising platforms to target people with their ‘too-good-to-be-true’ deals. They often sell expensive and popular items like the latest toys and smart gadgets, and they’ll create adverts that target people who have already searched for these products online.
Sometimes the products that they are 'selling' might not exist at all and sometimes the items are counterfeit goods - fake products which are a copy of the real thing, such as designer clothing.
It is important to remember that just because an advert is on these big platforms, it doesn’t mean it’s legitimate. If you see an offer that sounds too good to be true, it probably is.
What you can do:
- If a well-known brand emails you with these offers, check the sender address to make sure it really comes from the organisation, and ask yourself whether you usually receive marketing emails from them.
3. Wifi hacking – ‘man-in-the-middle’ attacks
If you see a deal whilst out and about, using a public wifi connection, you may start to complete the purchase on the spot. Fraudsters often target public wifi connections to hack and scrape payment card details, login details and other personal information from those using them.
What you can do:
- If you want to buy something on the go, use your mobile data instead, which is far less vulnerable to these attacks.
- Ideally, do your shopping at home with a secure wifi network – it’s safer than using a public or shared wifi connection.
- Before you enter your personal or card details into a website, check the browser bar for the padlock icon and ‘https’ that tells you this site is secure.
4. Fake order confirmations
Fraudsters may send you an email posing as a retailer with a subject line or title like: ‘Thanks for your order’. They'll ask you to click a link to check the details of your order, or say something like ‘If you didn’t make this purchase, please click here to report it’. The links will take you to a copycat website controlled by the fraudster where you’ll be asked to log in. Once they have captured your login details and potentially card details for a "refund", they may be able to purchase goods through your account.
They may ask you for personal details like name, date of birth, address, or your mother’s maiden name. Why do fraudsters want these details? Because these are commonly the questions we’re asked by our bank to verify our identity. They could use these details to steal your identity and buy goods in your name. Or they may call you pretending to be your bank and recite your personal details back to you to ‘prove’ that they are genuine and convince you to give your Digipass or security details.
This type of scam is increasingly common and fraudsters will use any excuse to contact you and persuade you to give them these details – like a Black Friday deal you didn’t order.
What you can do:
- Check the sender email address.
- Check your bank account for a matching transaction to confirm if a payment has been made.
- If in doubt, don’t click on links or download anything in emails in case they contain malware, check with the bank or the firm on its published number.
- If you do click a link, check the URL is correct (a quick internet search will reveal if a web address is fake).
- Be alert every time you are asked to give personal details – online or over the phone.
- Make a habit of asking yourself: ‘Why do they need this information?” If you are suspicious, call the organisation on the number published on their website to check a request is legitimate.
5. Delivery scams
One of the most common delivery scams starts with a text message or email from a courier or retailer telling you they were unable to deliver and asking you to click a link to rearrange your delivery, where you’ll be asked to enter your personal details. If you enter your details via the link, they may be used to either steal your identity or to harvest your card details to make fraudulent purchases on your account.
In another delivery scam, fraudsters may have already managed to use your personal details to purchase expensive goods in your name and have them delivered to your house. You’ll get a knock at the door from your usual postie, or from a courier service, for an item you didn’t order – but it will have your name and address on it.
The fraudster will be waiting outside for the legitimate courier to leave, before knocking on your door dressed as another courier. They’ll say something like “Sorry, there’s been a mistake with this delivery” – they may even say there was a mix up in the sorting office due to the impact of Covid-19. They’ll take away the goods and you’ll later discover the purchase was made on your card.
What you can do:
- Never click on a link in an unsolicited text message or email. Go to the courier's main website (as advertised on your search engine) and enter the tracking details from there.
- Never give back a parcel addressed to you – call the company to check whether the purchase was made in your name and check your bank account for the transaction. If you still have the goods you can claim a refund.
- Check your bank balance regularly for suspicious payments.
- Read our guide ‘How do I protect myself from identity theft and identity fraud?’
We will never contact you out of the blue to ask you:
- for your digipass PIN
- for your card number or PIN
- for your mobile app passcode
- to transfer money out of your account
- to click a link in an email or text to our internet banking
- to reply to a text that has been sent from an unknown mobile number
- to ask for One Time Passwords (OTPs) - Its fraud if you are asked for your OTP
Take Five to Stop Fraud
We support the Take Five campaign, providing advice about protecting your money from fraud.
Take a moment to stop and think before parting with your money or information.
It’s ok to reject, refuse or ignore requests. Only criminals will try to rush or panic you.
Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
Report suspected fraud
If you suspect fraud, call us immediately on 0330 355 0355.
Our opening hours are:
Mon to Fri: 8am-6pm (Thu: 9am-6pm)
Sat-Sun: 10am-4pm (for calls about fraud, or blocked internet access on the personal current account).
If abroad, call +44 (0)1179 739339.