Personal Fraud

Protect yourself from personal fraud

We are all frequently targeted by fraudsters. Here you will find information on the most common types, along with advice to keep yourself safe.

Telephone impersonation

How it works:

You receive a telephone call from someone claiming to be from your bank, the Police, His Majesty’s Revenue and Customs (HMRC – the UK Tax office) a computer or software company or similar. They may warn of a crime affecting your bank account, or a problem with your computer’s software. HMRC might say that you owe an outstanding tax bill and threaten you with arrest if you don’t pay immediately. They might ask for personal details (including your PIN number), recommend moving money to a ‘safe’ account, ask you to withdraw money to give to a courier along with your bank cards or they may ask for access to your computer.

Protect yourself:

Always stop and think. These calls are extremely common frauds. Never trust calls from unknown sources. Your bank or the police will never ask you to move money or reveal your PIN. HMRC will never ask you to pay over the phone nor threaten you with arrest.

If you receive a call it is best to simply hang up. If you are concerned that it might be genuine, then ask the caller for their name and department. Then call them back on the correct number obtained independently (from your bank card for example, or from Google) ideally using another phone, as the fraudster may sometimes keep the phone line connected so that when you redial you are still connected to the fraudster.

Computer fraud – virus and malware

How it works:

You inadvertently download a virus or piece of malware (malicious computer software) onto your computer. This might be from clicking a link or an attachment in an email. This software can give a criminal access to your computer, allowing them to view your personal details, login information, passwords and more.

Protect yourself:

Never click on links or attachments in emails from people you don’t know or routinely do business with. If you see a computer message asking you to authorise a piece of software that you do not recognise to make changes to your computer, do not allow it. Keep your antivirus software up to date.

Computer fraud – free Wi-Fi

How it works:

The user connects to a free Wi-Fi network. However many free Wi-Fi networks are not secure and information is not encrypted. This means that a criminal can connect to the network and using software bought from the dark web they are able to intercept your device’s communications. This includes auto ‘pings’ to commonly used sites which include login and password information.

Protect yourself:

If possible, avoid using free Wi-Fi. We all have plenty of data on our mobile phone plans now – it is safer to hot-spot onto your own mobile. If you have no choice, then it is recommended to download some VPN (virtual private network) software onto your device first which encrypts your data.

Phishing email and text messages

How it works:

Phishing is a particular type of email or text message scam, whereby victims are targeted from seemingly genuine persons or services, with the aim of tricking the recipient into either providing personal details or clicking on something that will allow the attacker to do something the victim may not be aware of.

Emails and texts can purport to be from banks, building societies, Amazon, eBay, PayPal and many other types of financial sites. Others may purport to be from HMRC or chasing up an unpaid TV licence or parking fine. Common types targeting NHS employees will warn of a problem or imminent lockdown of their NHS-net email account, or a required update to ESR. All are designed to make the user panic and to act without thinking.

The message may ask the user to follow a link to login and confirm or reset their settings. This link takes them to a fake website which will collect their logon details and password, which are then used to commit further fraud.

Protect yourself:

Never follow a link in an email – you do not know where it is taking you to. If you want to access an account or any other website online, always access via the known web address rather than following a link in an email.

Text impersonation

How it works:

You receive a text message from an existing contact. It warns of something unusual or claims that they are in trouble and asks you to send money or access a website. Text messages can be sent using software from the dark web that attaches the message to one of your existing phone contacts.

Protect yourself:

If you receive a message, always stop and think. If the request is unusual, contact the ‘sender’ using an alternative device.

Online shopping

How it works:

As a buyer, the seller may ask for a holding deposit but only accepts PayPal ‘friends and family’ or bank transfer. Once paid they block you and the address (if given) is fake. You may purchase fake or stolen goods. You might by from a website, but the goods never arrive, and the website turns out to be false.

As a seller, you may be sent a message saying a courier will collect the item and another will deliver the money. The courier to collect the item arrives first and the money never arrives. You may be asked to pay a refundable insurance fee for the courier (which is never refunded). You may be sent a message: “Is your item like this one” with a dangerous weblink. The buyer may call to collect your item and show you a screen on a device appearing to show that they have sent you a bank transfer payment. You release the goods, and the payment never arrives, as it was a manipulated image, not a real screen of a website.

Protect yourself:

Only ever pay to individual sellers using PayPal ‘goods and services’ (which offers fraud protection) or cash on collection. Never pay by ‘friends and family’ or by bank transfer. When using online sites beware of those that only take payment by bank transfer. Try and stick to known reputable sites. When shopping online it is best to pay by credit card as this method offers good levels of fraud protection. Be aware of purchasing fake or stolen goods, if something is priced too good to be true, there is normally a reason for that.

As a seller, NEVER release your goods until you have cash in your hand, or money in your PayPal or bank account (that you have verified). Ignore messages that include weblinks and any offers for a courier to collect to goods and deliver the money. Block the account and use the ‘report’ function on the site to flag them as fraudulent.

Romance and dating fraud

How it works:

The fraudster builds a distance relationship over many weeks or months after meeting via a chatroom, dating site or similar. They then suffer some kind of emergency – the apparent loss of a job or their home, a need for medical treatment or similar and either ask for financial help or hope for it to be offered. The relationship isn’t real though, it has been cultivated purely for fraudulent purposes.

Alternatively, they may claim to be having problems with their bank and might ask you to receive and forward payments on their behalf.

Protect yourself:

Be extremely cautious in trusting someone you have only spoken to online or are in a ‘distance’ relationship with. NEVER send money to someone you do not know well or have never met.

Be wary of anyone asking you to receive and forward money for them, you might be unwittingly involved in money laundering.

If you find yourself conflicted and wanting to help someone, talk to family, friends or even the Police (confidentially) for advice before sending any money.

Banking and identity fraud

How it works:

A fraudster gains access to your account or uses your identity to apply for loans and credit. They make unauthorised withdrawals or purchases. If there are low levels of funds in your account, they may set up a small recurring direct debit. They may scan your purse or wallet without your knowledge with a contactless payment machine.

Protect yourself:

Protect your login information and bank cards, keep your cards in a special sleeve or wallet to stop rogue scanning. Keep your banking software / app up to date. Don’t use public Wi-Fi.

Use a shredder for all personal documents. Limit what personal information about yourself you put online and use the highest security settings on social media. Be wary of anyone asking for personal information, do not complete ‘quizzes’ or respond to posts that request personal information on social media – the information requested is often used as passwords or password reset questions.

Review your bank and credit card statements, check every transaction, not just the large ones. Check your credit rating periodically for unexplained changes. Keep your antivirus software up to date.

General advice

Maintain strong passwords. An eight-character password can be cracked in twenty minutes using software from the dark web. A fourteen-character password with a mixture of letters, numbers, upper and lower case and special characters would take the same software six months to crack.

Try and maintain different passwords for each financial site you use. It can be hard to keep track (especially if the passwords are complex) so consider downloading a password vault app for your phone.

Keep your email password standalone, and unique. If your access to another financial site is hacked, the fraudster will want to change the password. This is usually done via an email to your personal email account. If the same password/login combination that the fraudster has gained access to also accesses your email account, then the fraudster can change that password too and lock you out. If your email password is strong, standalone and unique, the fraudster cannot access it and you will be warned should another password change be attempted.

Turn on two factor authentication for any site that allows it. This means that any password reset request has to be confirmed via a second device (normally using a code sent to your phone).

More fraud information: