The internet has opened up a world of new possibilities for scammers. It’s important that you or your relative keep your computer secure and know about the possible risks so that you can avoid them.
On this page you can find details about dealing with online scams.
1. What is an online scam?
2. How big is the problem?
3. Common online scams
4. Top tips for spotting an online scam
5. How to prevent an online scam
6. What to do if you're caught out by an online scam
What is an online scam?
More and more of us are connected to the internet and it can be a great way to stay in touch with friends and family, grab a shopping bargain and do things like banking from the comfort of your own home.
But it also opens up new opportunities for scammers. Online scams are when criminals use the internet to con people into giving them money or personal information. They might make contact via bogus emails, Facebook, Twitter or other social media or messaging services. They might try to direct you to fake websites or trick you into downloading malware, which can attack your home computer.
How big is the problem?
According to the Office for National Statistics, 87.9% of UK adults have used the internet in the past three months (May, 2016). This means that millions of people are at risk from common internet and email scams every day. It's estimated that £670m is lost annually by victims of the most common online scams.
Common online scams
Phishing or twishing
- The scam: fraudsters contact you via email (phishing) or social media message (twishing) claiming to be from your bank or another trusted organisation, such as PayPal, Amazon or eBay. They tell you that your account has been compromised, or you have to verify your security details to keep your account open. There is a link in the message that they want you to follow.
- The reality: the link directs you to a fake website (which can look exactly like the real organisation’s site) where you will be asked to log in. The scammer now has your account details and passwords and can access your bank account or shop online.
- Our advice: never click on a link in an email or social media message, however urgent it might sound. Go to your internet browser and type in the full website address before logging in to your account.
Campaign to safeguard us from scams
Fraud is now at record levels, with more than five million scams costing Brits a mind-boggling £9bn each year. While there are sensible steps we can all take to protect ourselves and older relatives and friends, an unfair burden has been placed on the public. Which? is urging the government to take the lead and ensure companies safeguard us all from scams. Sign up to the campaign here.
Stranded traveller emails
- The scam: you receive an email from a poor person who is stranded abroad – due to a mugging or some other disaster - and needs you to send them money for help. The scammers make the tale believable by hacking into real people’s email accounts and send the ‘help’ messages to people in their address list – so the message might appear to come from a friend.
- The reality: you send them money, then spot your friend in the supermarket that very afternoon.
- Our advice: if in doubt, don’t reply and contact the friend in question by phone.
Computer virus online scam
The scam: you receive an email from a stranger urging you to follow a link, or open an attachment such as a photo.
The reality: once you click on the link or attachment it releases a virus to attack your computer, giving access to criminals who might be able to scan it for your private information.
Our advice: don’t open links in emails from people you don’t know, even if they do sound friendly. Keep your computer security software up to date.
- The scam: phishing emails, instant messages or posts on Facebook and Twitter can direct you to copycat sites. Scammers might also create duplicates of government websites, such as the passport office, the DVLA or HMRC, that appear in search engine results.
- The reality: when you click on that site to apply for your new passport, driving licence or European Health Insurance Card (EHIC), you’ll be charged additional fees. Without a doubt, you’ll pay more than you would if you went directly through the official government departments.
- Our advice: if you are in doubt about which website to use, go through GOV.UK, the government’s official website, to find what you need.
Relationship online scam
- The scam: a stranger starts ‘talking’ to you on a social networking or dating site. They make friends with you and gain your trust over time. They seem really nice and might even say that they are falling in love with you. Then they’ll start to ask you for money, often by telling you an emotional or hard-luck story.
- The reality: it could be a scammer who is after your money, not your friendship. Trust your instincts. If something feels wrong, it probably is.
Our advice: talk to a friend or relative, especially if your new friendship seems to be moving fast. Never send the person money or give them your account details. Be on your guard, particularly if a new friend that you’ve met online asks for money.
If you arrange to meet, make sure it’s in a public place, tell someone else where you’re going and don’t give away too much information too quickly.
The scam: you receive an email, or see an advert, promising miracle tablets – such as slimming tablets - or other medical cures that offer amazing results. Or you might see an advert for an online pharmacy that offers medicines cheaply.
The reality: once you’ve paid for your medicine it might not turn up. Or, if it does, it might be poor quality. Watch out as some can even be harmful to your health.
Our advice: a legitimate online pharmacy should display the General Pharmaceutical Council (GPC) logo. When you click on it, it should take you to the GPC register. Or you can search for a pharmacy directly on the GPC site.
Money mule scams
The scam: you see a job advert online (often on Facebook or Twitter) telling you about a brilliant job as a ‘money transfer agent’. All you have to do is provide your bank details for a legitimate bank transfer and you’ll be paid a handsome fee for your ‘help’.
The reality: Criminals use your bank account to launder illicit money, which could land you in serious trouble. People found guilty could face prison and have their bank accounts closed.
Our advice: be very sceptical of unsolicited messages or job adverts offering easy ways to make money. Get online to check out any company that makes you a job offer and make sure their contact details are correct. Never give your bank account details to anyone unless you know and trust them.
Top tips for spotting an online scam
There are hundreds of different online scams – and scammers might approach you by email, instant message or via posts on Facebook or Twitter. However, there are some telltale signs and tricks you can look out for, including:
- the message is from a complete stranger
- you are being offered something that is too good to be true
- the email claims to be from a trusted organisation, but the sender’s email address doesn't match the organisation’s real website address
- the message uses a general greeting like ‘dear customer’ instead of your actual name
- there’s a sense of urgency, such as threatening to close your account if you don’t act immediately
- there’s a link that may look similar to the proper address but is in fact slightly different and will take you to a fake website
- you’re asked for personal information, such as your username, password or account details.
How to prevent an online scam
Set up your email account to block spam (unwanted messages). Set your social media accounts to the highest levels of privacy and security to stop strangers from contacting you. To find out how to do this check the settings on your account, or go to the help pages.
- Make sure your computer is protected by the latest security and antivirus software. Follow Which? advice about making your computer secure and finding the best antivirus software.
- When shopping online make sure that a site is secure before entering payment details – a secure website address starts with https and should have a padlock symbol in the browser window.
- Never follow links in messages from unknown senders – go to your internet browser and type in the real website address yourself.
- Be wary who you give your personal details to, such as your name, address, date of birth.
- Never reply to scam messages, even to tell them to leave you alone! This only lets the sender know that your email address, or social media account, is active and they are likely to send you more.
What to do if you're caught out by an online scam
There are various things that you or your relative can do if you are caught out by an online scam.
- Report the incident to Action Fraud. You can report the scam online or by calling 0300 123 2040.
- If you think your computer might have a virus or harmful malware, get it checked out by an expert. You can find details of your local IT repair shops in the phone book, or ask friends and family for recommendations.
- Report scam/phishing emails to the internet service provider (ISP) that sent the mail. They can close the account that the scammer was sending from.
- Check the security settings on your internet browser and email account.
- Check the privacy and security settings on your social media accounts. Make sure that you’re comfortable with the amount of personal information you’re sharing, and check who can see it.
- If you suspect that a scammer has stolen login details for an account, report it to the provider (eg bank, retailer or credit-card company) as soon as possible so that they can take the necessary action.
- Read our Scamming older people guide to find out if you’re able to get your money back following a scam, and what steps to take.
- Check out information and advice from our Useful organisations and websites for scams and older people page.
- Phone scams, Postal scams, Doorstep scams: read about other types of scam and how to help you or your relative avoid being caught out.
- Which? recommended antivirus software: find out how to best protect your computer.
- Staying safe on social media: read our tips on staying safe on sites like Facebook.
- Online security and privacy: follow Which? Computing’s tips on how to stay safe online.
Next review due: November 2019