Scammers are mimicking new security measures designed to keep you safe online, by sending fake emails that attempt to steal your banking credentials and personal data.
Banks, card providers and retailers across the EU are asking customers to provide up-to-date contact information, as part of new checks for online card payments known as strong customer authentication (SCA).
Fraudsters are imitating these messages, aiming to get hold of your details at a time when you may be expecting these requests and so let your guard down.
You may have already been asked for extra details when shopping on a new website, or with a new card, but over the next few months these checks will become routine for payments over u20ac30 (or the equivalent in pounds).
When you pay with your card online, your bank or card issuer will check your identity using two of three possible methods:
These are all in addition to your card number, name, expiry date and CVV code.
It's up to each bank and card issuer which methods they use and they will inform you of the details or devices you might need.
But scams are another concern, and we've seen several early examples of phishing emails that imitate genuine messages from banks.
Below are messages from scammers posing as Santander, Royal Bank of Scotland (RBS) and HSBC.
Each of these scam emails included links to sites that have since been taken down but were set up to capture personal details used to hack into the victim's bank account.
We expect more of these to surface over the next 18 months during the phased implementation of SCA.
Banks and other firms are heavily invested in the fight against fraud, but they could be unwittingly helping fraudsters when they ask customers to click links or confirm sensitive information.
Eight in 10 (78%) Which? members we surveyed think banks and other financial firms should never include links in emails, to make fakes more immediately obvious.
Yet we've seen genuine emails from RBS inviting a customer to download its new ; and from Lloyds telling a user that they'd need to visit the website to register again because their access to online banking had been removed.
This is exactly what phishing emails will do, to trick you into handing over login details or infect your computer.
Companies that use several web addresses are adding to customers' confusion. For example, PayPal users have reported receiving emails with links to both epl.paypal-communication.com and paypal-prepaid.com.
These legitimate addresses can look similar to fake ones, such as digim-partners.com/paypal.
When companies don't make it crystal clear what a valid link should look like, they make it that much harder for customers to stay safe.
One fairly standard technique used by scammers is to put the legitimate brand name or email address as the 'name' that appears beside the email address, as you can see below.
The real sender is shown in brackets here, and has nothing to do with Tesco Bank.
To find the real destination of a link, hover your mouse (without clicking) to preview the website it's pointing to. If an email seems important but you're concerned it could be fake, contact the company in question yourself using a trusted method.