1. Copycat and fake websites

Fraudsters create very convincing websites that look almost identical to the websites of big retailers. They’ll then use email, social media, adverts or text messages to try to lure you to their website where you’ll be asked to enter login, payment or personal details. They may create their own online shop where you can buy products. Many of us might be looking to support independent, sustainable brands this Christmas – so how can you tell if they are a legitimate company?

What you can do:

  • Look for reviews
  • Check Companies House
  • Look out for the padlock next to the URL, which indicates the website is secure
  • Check the URL starts “https” (the ‘s’ stands for secure) to ensure it’s safe to enter sensitive information

2. Bogus adverts  

Once fraudsters have their fake or copycat website in place, they use Facebook, GoogleAds, Google Shopping and other big advertising platforms to target people with their ‘too-good-to-be-true’ deals. They often sell expensive and popular items like the latest toys and smart gadgets, and they’ll create adverts that target people who have already searched for these products online. Just because an advert is on these big platforms doesn’t mean it’s legitimate. If you see an offer that sounds too good to be true, it probably is.

What you can do:

  • If a well-known brand emails you with these offers, check the sender address to make sure it really comes from the organisation, and ask yourself whether you usually receive marketing emails from them.

3. Wifi hacking – ‘man-in-the-middle’ attacks

If you see a deal whilst out and about, using a public wifi connection, you may start to complete the purchase on the spot. Fraudsters often target public wifi connections to hack and scrape payment card details, login details and other personal information from those using them. 

What you can do:

  • If you want to buy something on the go, use your mobile data instead, which is far less vulnerable to these attacks.
  • Ideally, do your shopping at home with a secure wifi network – it’s safer than using a public or shared wifi connection.
  • Before you enter your personal or card details into a website, check the browser bar for the padlock icon and ‘https’ that tells you this site is secure.

4. Fake order confirmations

Fraudsters may send you an email posing as a retailer with a subject line or title like: ‘Thanks for your order’. They'll ask you to click a link to check the details of your order, or say something like ‘If you didn’t make this purchase, please click here to report it’. The links will take you to a copycat website controlled by the fraudster where you’ll be asked to login. Once they have captured your login details they may be able to purchase goods through your account.  

They may ask you for personal details like name, date of birth, address, or your mother’s maiden name. Why do fraudsters want these details? Because these are commonly the questions we’re asked by our bank to verify our identity. They could use these details to steal your identity and buy goods in your name. Or they may call you pretending to be your bank and recite your personal details back to you to ‘prove’ that they are genuine and convince you to give your Digipass or security details.

This type of scam is increasingly common and fraudsters will use any excuse to contact you and persuade you to give them these details – like a Black Friday deal you didn’t order.

What you can do:

  • Check the sender email address
  • Check your bank account for a matching transaction to confirm if a payment has been made
  • If in doubt, don’t click on links or download anything in emails in case they contain malware
  • If you do click a link, check the URL is correct (a quick Google search will reveal if a web address is fake)
  • Be alert every time you are asked to give personal details – online or over the phone
  • Make a habit of asking yourself: ‘Why do they need this information?” If you are suspicious, call the organisation on the number published on their website to check a request is legitimate

5. Delivery scams

One of the most common delivery scams starts with a text message or email from a courier or retailer telling you they were unable to deliver and asking you to click a link to rearrange your delivery, where you’ll be asked enter your personal details.

In another delivery scam, fraudsters may have already managed to use your personal details to purchase expensive goods in your name and have them delivered to your house. You’ll get a knock at the door from your usual postie, or from a courier service, for an item you didn’t order – but it will have your name and address on it.

The fraudster will be waiting outside for the legitimate courier to leave, before knocking on your door dressed as another courier. They’ll say something like “Sorry, there’s been a mistake with this delivery” – they may even say there was a mix up in the sorting office due to the impact of Covid-19. They’ll take away the goods and you’ll later discover the purchase was made on your card. 

What you can do:

  • Never give back a parcel addressed to you – call the company to check whether the purchase was made in your name and check your bank account for the transaction. If you still have the goods you can claim a refund.
  • Check your bank balance regularly for suspicious payments.
  • Read our guide ‘How do I protect myself from identity theft and identity fraud?’


We will never contact you out of the blue to ask you:

  • for your digipass PIN
  • for your card number or PIN
  • for your mobile app passcode
  • to transfer money out of your account
  • to click a link in an email or text to our internet banking
  • to reply to a text that has been sent from an unknown mobile number
  • to ask for One Time Passwords (OTPs) - Its fraud if you are asked for your OTP

Take Five to Stop Fraud

We support the Take Five campaign, providing advice about protecting your money from fraud.

Take a moment to stop and think before parting with your money or information.

It’s ok to reject, refuse or ignore requests. Only criminals will try to rush or panic you.

Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.

Report suspected fraud

If you suspect fraud, call us immediately on 0330 355 0355. We're here 8am-6pm weekdays and 10am-4pm weekends for fraud queries. If abroad, call +44 (0)1179 739339.

How to report suspected fraud