All too often, Which? hears devastating stories from victims of fraud. The banking industry is stepping up measures to protect customers, but being aware of the risks to your money is key.
Fraudsters' tactics range from the crude to the extremely sophisticated but, whether they target victims with a simple phishing email or trick them into giving access to their devices, the result is the same - innocent people lose money.
Scammers will pose as any trusted organisation to win your confidence - your bank, a retailer, utility company, the police or even the government.
Almost 15,000 cases of impersonation fraud were reported to UK Finance between January and June 2020 - up 84% on the previous year. Victims lost a total of £58m.
technology enables scammers to easily clone a bank's telephone number, meaning you can't trust the caller ID alone. They often gather background information about you from social media, data breaches or phishing messages to make the call more convincing.
Once they have made contact, a scammer needs to get access to your money.
Common tactics include urging you to move money to a 'safe account' because yours has been compromised, or asking you to download software to your phone or computer so that they can 'fix' a spurious problem.
In 2020, the Amazon phone scam played out like this: you answer the phone and an automated message invites you to 'press 1' to cancel Amazon Prime or dispute a fictional transaction.
Now you're through to an 'Amazon call centre worker' who convinces you to download a tool such as TeamViewer to 'secure your account' or 'authorise a refund'. If you do so, you've unwittingly given the scam caller full access to your device.
Remote access tools are used by businesses and IT workers for legitimate purposes, but many people are unaware that scammers misuse them to gain access to their smartphones and computers, allowing them to steal personal data and hack into bank accounts.
Criminals can pay for adverts to appear at the top of search results, so be on your guard when using Google and other search engines such as Bing.
As you can see from the image below, these ads appeared at the top of Google search results when customers searched for 'Revolut help desk', above the genuine Revolut website.
It's too easy for criminals to promote scams on social media platforms and search engines.
Google approved our ads in less than an hour and they gained nearly 100,000 views in a month. We also paid Facebook to promote our page for Natural Hydration, filled with pseudo-advice posts on 'health and hydration' and gained more than 500 'likes' in a week.
Banks are increasingly sending security codes by text message when customers use online banking or make online card payments.
This does offer a layer of protection, by making it harder for scammers to hack into your account or use stolen card details online. But it alsomakes your phone number more valuable to criminals.
This is why the past five years have seen a 400% increase in reports of Sim-swap fraud, where a criminal takes control of your phone number by moving your number to a new Sim or network.
Once they have control of your number, they can intercept any text messages from your bank to steal your security codes.
Clicking on a link in a fake bank email or text could take you a cloned website where fraudsters steal financial or personal details. Or the link might install malware on your computer as another means to capture details.
The National Cyber Security Centre launched the Suspicious Email Reporting Service this year, inviting the public to forward phishing messages to email@example.com. In just two months it had received 1m reports