Information on how to recognise and protect yourself against scams and Fraud

Investment, pension or insurance scams

Investment, pension or insurance scams are a form of fraud where you may be asked to make payments with a promise of higher than usual returns. However there is a high risk that you could lose some, or all, of your money.

Often the investment opportunities or policies that scammers offer don’t really exist – or don’t have the rewards that are being promised. Scammers can appear professional and trustworthy, so even experienced investors may fall victim to these schemes.

It’s very important to remain vigilant when you are looking to access your money. Between April 2018 to April 2019, victims of investment fraud lost an average of £14,600 as fraudsters employed increasingly advanced psychological tactics to persuade victims to invest.

How to spot an investment scam

  • Be vigilant – if a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal that sounds too good to be true, be extremely cautious. If you get a call from someone who claims to be from your bank or financial services provider, don’t give away any personal details unless you are satisfied that they are who they claim to be.
  • Scammers often use very convincing tactics to get you to sign up. Beware of anyone trying to pressurise you into making a decision.
  • Scammers will make an investment sound very appealing and will often suggest that it’s less risky than it is.
  • Offers made by scammers often sound too good to be true. For example, you might be offered far better interest rates or returns than you’ve seen elsewhere.
  • Scammers are persistent and will often try to form a relationship with you in an effort to build your trust. Beware of anyone who calls you repeatedly and/or anyone who is overly familiar or tries to keep you on the phone for long periods of time.
  • You might be told that you’re receiving a very special and/or limited offer and/or not to tell anyone about the offer you’ve been given. But talking with trusted friends and family about any investment offer you’ve been given could help you spot a scam.
  • Scammers are known to target previous victims of investment fraud, claiming that they can recover lost money. You might be asked to pay an upfront fee but these companies will not get back your money.
  • Some companies that run scams base themselves overseas in order to avoid regulatory requirements. Be cautious if a company that is based overseas contacts you with investment opportunities.

Phishing scams

“Phishing” is the process of sending an unsolicited email or text message, purporting to be from a person or organisation you trust, such as a bank, tax authority or other legitimate source, but is in fact fake.

The message will ask you to respond or click a link to give away personal and/or financial information. In some cases the message may ask you to download a file which could contain a virus or other unwanted software (known as malware) on your computer, tablet or phone.

The scammer’s aim is always to obtain enough information to use your identify for further fraudulent activities or to gain access to one or more of your accounts.

If you receive an unexpected email or an email from someone you don’t know, don’t open it, and delete it immediately. Never click on a link or open any attachments. Always make sure your that anti-virus and anti-spyware software are up to date, and that you use a firewall when accessing the internet.

Unless you are certain that the message is genuine, don’t act on any of the information that’s provided. Simply call the organisation the message claims to be from, using the telephone number on their website, and verify that the email is genuine.

How to spot a phishing message

  • The sender’s email address may look unusual, such as a random combination of letters and numbers or is much longer or shorter than usual.
  • You may be asked to click on a link, but before you do, carefully examine the link and ensure that it doesn’t contain any strange characters, words or letters.
  • Fake messages can often look convincing at first sight, but at closer inspection you may notice poor design, typos or grammatical errors, or unusual terminology.
  • Phishing messages may ask you to do something unusual or ask for information the real sender would already have.
  • Scammers will try to create a sense of urgency to prevent you from examining their message too closely, therefore be wary of any messages with an exceptionally short deadline or notice.
  • When you click on a link in any email, always ensure that the website displays the padlock symbol in the address bar before entering any information.

Remote access scams

In a remote access scam, a fraudster attempts to persuade you to give them remote control over your computer, laptop, tablet or smartphone which allows the scammer to steal money and/or private information. Remote access scams are often related to technical support scams, (e.g.: someone who claims to be from Dell Computers technical support) and typically start with a cold call from a fake support specialist telling you your computer is infected with malware, or a scary-looking pop-up message that says there’s a problem with your computer.

Once the fraudster convinces you to give them remote access, they’ll ask you to install a program such as LogMeIn, TeamViewer or GoToAssist, which allows someone from another computer to operate your computer as if they were sitting right in front of it. Normally, these programs are used for legitimate purposes, but they can also be used by fraudsters for criminal purposes.

While the scammer is connected to your device, they will make it seem like there is a problem and that they can help you fix it for a fee of a few hundred pounds or dollars. While a fraudster has remote access to your computer, it’s likely that they will install malware which allows them to steal additional information pertaining to your identity, including your passwords and financial information.

How to spot a Remote Access Scam

  • Technical support specialists from legitimate companies and government departments never call you unannounced, so if you receive a call purporting to be from some kind of computer tech support, it is almost definitely a scam.
  • Legitimate companies don’t put their phone numbers on security warnings and advise people to call them. If you see a pop-up or virus warning on your computer advising you to call a number, it’s likely to be a scam.
  • Never give remote access to anyone you don’t know, no matter how convincing or trustworthy the person appears to be.
  • If in doubt, simply call the organisation in question, using the telephone number on their website, and verify that the request for remote access is genuine.

Account hacks

This type of “hack” (or unauthorised use) occurs when your email account or another online account has been compromised. Online accounts such as your mailbox often contain personal info that may be used to commit fraud.

Hackers use a number of different techniques in an attempt to gain access to your online accounts. This may include trying to guess your password by entering lots of different commonly used passwords, or by using information about you that’s publicly available such as important dates, children or pet names, your favourite sports team, etc.

Sometimes the companies that hold your account, such as your email provider or bank, suffer a data breach in which your username and/or password may be exposed. If you’re using the same password for several accounts a breach to one account may lead to other accounts being compromised at the same time.

It is also possible that you inadvertently have given away your password, by being tricked into telling someone what your password is, or by entering it in a fake website or app which is designed to steal your credentials.

How to prevent account hacks

  • Use a password that is not based on information someone may be able to find out about you, such as dates, names, sports teams or other commonly known information. The same applies to security questions.
  • Ensure your password conforms to complexity rules (at least 12 characters long and contains an uppercase character, a lowercase character, a number and a special character) and is changed regularly, we recommend changing your password every three months.
  • Never give your password out to anyone. Legitimate companies will never ask you for your password or answers to your security questions.
  • Enable Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA), this type of authentication adds another layer of protection. Enabling this will mean that in addition to your password, you will need a unique one-time use code to log in. This is usually sent to your mobile phone.
  • Don’t use the same password for all your accounts, or the same password with a small variation between different accounts.
  • Before you enter your password on a website or app, ensure that the login screen looks legitimate and secure.
  • When you become aware that a company whose services you use have suffered a data breach (by law they have to make you aware as soon as possible) ensure you change your password and any other security information immediately.

Identity fraud

Identity theft happens when fraudsters access enough information about your identity, such as your name, date of birth, current or previous addresses, etc. and use this information without your permission to commit a crime or to deceive or defraud another person or organisation. Most identity fraud is committed to obtain some kind of financial advantage, such as accessing your credit card, bank or other financial accounts.

If you’re a victim of identity theft, it can lead to fraud that can have a direct impact on your personal finances and could also make it difficult for you to obtain loans, credit cards or a mortgage until the matter is resolved.

Fraudsters commit identity theft by stealing your personal information. This is often done by using information about you that is already in the public domain, for example on social networking sites or other online profiles. Sometimes fraudsters take documents from your rubbish or by making contact with you and pretending to be from a legitimate organisation.

How to protect against identity fraud

  • Be careful when sharing personal information online. Often information shared on social media, online forums or other online profiles can be used as a first step to obtain your personal data. Ensure that privacy settings on your profiles are set to the appropriate level.
  • Don’t throw away anything with your name, address or financial details without shredding it first.
  • If you receive an unsolicited email, text message or phone call from what appears to be your bank or building society asking for your security details, never reveal your password, login details or account numbers. Be aware that a bank will never ask for your PIN, security number or password.
  • If you are concerned about the source of a call, wait five minutes and call your bank from a different telephone, making sure there is a dialling tone.
  • Check your statements carefully and report anything suspicious to the bank or financial service provider concerned.
  • Don’t leave things like bills lying around for others to look at.
  • If you’re expecting a bank or credit card statement and it doesn’t arrive, tell your bank or credit card company.
  • If you move house, ask Royal Mail to redirect your post for at least a year.