We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.

Five online scams to watch out for

We reveal the tactics scammers are using online

Real and fake

The URL distinguishes the real website from the fake

Our latest investigation into scams reveals the ways that scammers are targeting you online – from fake gift vouchers to phishing.

We asked 25 Which? members to collect all the scams they received over a month and the total came to a staggering 477. If they had responded to all of them our panel could have lost the contents of their bank accounts 216 times over.

Here we reveal five ways scammers target you online. If you think you’ve been targeted check out our guide about how to report scams.

1. Using accounts such as iTunes or BT to phish

The scammers use big-name brands to phish – but rather than pretending to be a bank, they can also masquerade as a popular service or shop. Our panel received many different versions of this scam, but common ones pretended that the person being targeted’s account had been frozen, they had ordered something they hadn’t, or that there was a security alert on their account. All gave a link to a website asking for personal details. You can check URLs in the email to spot a fake.

2. Using official-looking emails from the government to phish

In this scam you receive an email that looks as though it has come from a government department. In fact, it’s designed to get your personal information. Our panel received two versions of this type of scam email. One claimed to be from HMRC and said that the recipient was due a tax rebate, and others claimed to be from Government Gateway. The genuine Government Gateway website is used to access government services, such as those for tax self-assessments. Look up the genuine email address on the authentic website and compare it with the sender’s address, as this will be another giveaway. 

3. Using bank accounts to phish

This is the classic phishing scam. Often the scammers say that there has been unusual activity on your bank account or card. You’re told that you need to verify your details and if you do so, you give the scammers access to your accounts. Other versions our panel received said a transaction remained incomplete and that the account holder needed to log in to complete it, or falsely claimed that their email address had been updated. In our research, the companies we saw most commonly spoofed were Barclays, Lloyds and Santander.


Scammers used official logos to make their emails seem genuine

4. Fake gift cards

Our panel received emails purporting to offer gift cards from well-known brands, including Boots and Amazon. None were from the company named. One email, claiming to offer supermarket vouchers, asked you to download a document that contained malware. Others tried to extract personal details. 

5. Fake debts or invoices

In its simplest form, the scammers are hoping that you simply pay the fake debt or invoice they send you. Some come with official-looking court documents suggesting that the company has issued a claim against you. Alternatively, many of the emails we saw had attachments containing computer viruses. These sometimes contain a read receipt, so the scammer knows you’ve opened the attachment and can then call to offer to help sort out your infected computer.

To help protect yourself from viruses use security software – see which ones we recommend in our security software review.

More on this…

  • More advice on how to spot an online scam
  • Find out how to stay safe online
  • See our reviews of call-blocking cordless phones
Back to top
Back to top