The biggest scams of 2025

What was big this year and what to watch out for in 2026
Tali RamseySenior Writer

Tali writes about scams and consumer rights for Which? delving into fraud, technology and consumer rights topics to keep readers safe and empowered.

According to the Office for National Statistics, which collects crime data, fraud incidents jumped from 3.2 million between April 2023 and March 2024 to 4.2 million between April 2024 and March 2025.

It’s realistic to expect that at some point you’ll encounter a scam. If you end up losing money to a scam, contact your bank immediately using the number listed on your card.

Below, we take a look at the most widespread scams of 2025.

Outsmart the fraudsters

free newsletter

Sign up for our free Scam Alerts service.

Our Scam Alerts newsletter delivers scams-related content, along with other information about Which? Group products and services. We won't keep sending you the newsletter if you don't want it – unsubscribe whenever you want. Your data will be processed in accordance with our privacy notice.

Deepfake calls

Scam calls using artificial intelligence (AI) to create or manipulate the caller’s voice were big in 2024 and again in 2025. A survey commissioned by Hiya, a spam call protection company, revealed that a quarter of scam calls in the UK were powered by AI.

Some of the most common versions of these scams included AI voices claiming they were from the police, bogus offers for phones and impersonations of bank staff and employees from HMRC and Amazon. Overall, phone scams were among the most prevalent types we saw reported in our scam sharer tool.

Always treat unexpected calls with caution and try to verify the caller before taking any action.

This is especially important if you’re asked for money, sensitive information or to log into an account. If you know the number, you can search for it on Who Called Me

You can report scam calls by texting the word ‘call’, followed by the phone number, to 7726. On WhatsApp, tap ‘report’ after selecting ‘i’ next to the number in your call log.

Health scam ads

A scam ad impersonating Dragons' Den and Boots to sell diet pills
A scam ad impersonating Dragons' Den and Boots to sell diet pills

An investigation for Which? Tech (June 2025) looked at how dodgy adverts promoting dubious health products are rife on social media. Adverts making blatant false medical claims, impersonating real doctors and pretending to be endorsed by medical bodies aimed to con potential victims out of money.

Adverts we discovered this year were peddling made-up prostate treatments, dodgy diabetes devices, an oscillating positive expiratory pressure (OPEP) device for people with breathing difficulties, slimming patches, fake diet pills and bee-venom cream.

If you come across an advert on social media promoting a health product, you can see whether the images in the advert have been used elsewhere by using a reverse-image searching tool, such as TinEye or Google Image Search (click the ‘Search by image’ icon to the right of the Google search field).

Always double-check any endorsements made on adverts and use a tool such as who.is to look up the website’s details – a recent registration could be a sign of a scam website. 

You can check whether a product or medicine is officially approved by the Medicines and Health Regulatory Agency

Account hacking

A year of headline-making high-profile data breaches could make you worry about the vulnerability of your personal information. Access to your online accounts can be gold dust to a fraudster – impersonating you enables them to target your contacts. 

We saw this play out when a victim of a personal Facebook account hack contacted us. He believed it happened after his device was infected with malware. The hacker then linked the victim’s Facebook account to their own Instagram account.

We often hear about how incredibly challenging to regain access to a hacked account. Make sure you set up two-factor or multi-factor authentication

Never click links in suspicious messages, as these could lead to malware being installed onto your device or being redirected to a phishing site. Instead, navigate directly to the site or app to log in.

Task scams

key information

'I was offered a job on TikTok'

 ‘The scammer contacted me on TikTok with an offer to earn £2 per video for watching content on the platform.' Wendy told Which?

Initially, she earned a few hundred pounds by completing these tasks before being told that there were VIP tasks available, which would require £20 to £40 to release, but would see her earnings jump to £200 to £995.

After she’d sent almost £2,000, the scammer cut off all communication. Even though her account on the platform used to facilitate the scam showed a balance of £2,681, she was unable to access or withdraw the money.

Luckily, Wendy was reimbursed by her bank.

Task scams are a type of job scam that lure you in with the promise of high earnings in return for remote, simple work that requires no experience. They include everything that could sound appealing to those looking for an easy income.

Scammers typically contact ‘recruits’ via WhatsApp, Telegram or social media. We’ve even seen impersonations of real recruitment agents, making the scam seem quite convincing. The task will be easy, such as rating movies, mystery shopping, liking social media posts or completing survey questions, all in return for money.

Eventually, you’ll be asked to pay the scammer to release tasks where you can earn more money, but you’ll never actually be able to retrieve these earnings or get your money back. Some people rack up huge losses from this scam.

In a poll carried out on the Which? Scam Action and Alerts Facebook group, where members share their experiences of scams, one in eight respondents had been targeted by a task scam. 

Unexpected messages from so-called recruiters should be avoided. If you’re offered a job without applying for it or having an interview, you’re most likely being scammed. Also be wary if the job sounds too good to be true, with high salaries in return for very easy work.

At no point should you be asked to pay any money.

Cloud storage

A scam email with a dodgy link telling you that your Cloud storage is full
A scam email with a dodgy link telling you that your Cloud storage is full

According to cybersecurity company Check Point, the most common phishing attacks between January and March 2025 impersonated technology companies.

Microsoft impersonations made up more than a third of these phishing attempts, compared with one in eight for Google and just under one in 10 for Apple.

Which? published warnings multiple times this year about scam emails impersonating Apple’s iCloud service and we uncovered several malicious emails claiming that your iCloud storage was full and you’ll no longer receive emails to your iCloud account, or your payment method had expired – along with malicious links to rectify this.

One in five respondents to our Facebook poll said they had received scam emails claiming that their cloud storage platform was full.

Fraudsters included warnings in these emails to incite panic and prompt you to act quickly without thinking. Examples included losing access to ‘precious files and memories’ and losing ‘access to your account in 48 hours’. 

Common signs that an email may be a scam include it being sent from an unofficial sender address, containing blurred branding, pressuring you to take an action quickly and requesting personal and financial information.

Also, watch out for emails with impersonal greetings, poor spelling and grammar, and those that ask you to follow a link. Forward dodgy emails to report@phishing.gov.uk.

Online shopping scams

We’re increasingly seeing reports of dodgy retailers using fake images to con people with cheap imitations or send nothing at all.

Following random adverts on search engines and social media to buy items can be risky.

Instead, visit the official website of the company you’d like to buy from, or click only on adverts posted by the official company.

Seen or been affected by a scam? Help us protect others

Sharing details of the scam helps us to protect others as well as inform our scams content, research and policy work. We will collect information relating to your experience of a scam, but we won't be able to identify your responses unless you choose to provide your contact details.

Share scam details

Subscription traps

Unauthorised recurring payments to random companies have been appearing on people’s bank accounts, and most have no idea why. These sneaky scams were a common complaint reported to our scam sharer tool, and one in six respondents to our Facebook poll reported being targeted by them.

Most of these subscription traps are very difficult to get to the bottom of, but lots involve clicking on dodgy online adverts. Confusingly, in some cases, consumers enter their card details to genuine companies only to discover unknown subscriptions at a later date.

We’ve previously revealed how dodgy QR codes placed in car parks, shops, hotels and restaurants can lead to unwanted subscriptions, as can following rogue ads found on genuine apps.

If you spot a suspicious payment, contact your card provider and ask it to stop all future payments and request a refund.

If you’ve paid on a credit card, you may be able to get a refund using Section 75 of the Consumer Credit Act, provided the payment is for more than £100 and less than £30,000.

Government impersonation scams

A scam website impersonating the government website to trick you into paying a non-existent paying fine
A scam website impersonating the government website to trick you into paying a non-existent paying fine

In September 2025, scammers created fake government Emergency Alerts emails to take advantage of the Emergency Alerts test. The test was carried out to check that a new warning system, which sends a loud siren-like alert to your phone in the case of an emergency, was working correctly.

Shortly after this test, scam emails began to circulate that claimed to be from ‘Government Digital Services,’ complete with links asking you to respond ‘yes’ or ‘no’ to whether you received the Emergency Alert test.

Reports indicated that the ‘yes’ and ‘no’ links contained malware. The impersonation email titled ‘Emergency Alerts – Confirmation’ included gov.uk branding and links to genuine government advice pages about the Emergency Alerts test to appear legitimate.

Bogus text messages about the winter fuel allowance and unpaid parking fines were also common government impersonation scams this year. These messages contain phishing links, which sometimes lead to very convincing government copycat sites that will ask for your personal and financial information.

Unsurprisingly, a quarter of respondents to our Facebook poll said they had been targeted by government impersonation scams, making it the most common out of all the scams on this list.

If you receive an unexpected text or email purporting to be from the government, you should be wary, especially if it’s sent from a random number or contains a link.

All official government web pages start with gov.uk. You don’t have to apply for the winter fuel allowance and parking fines issued by local authorities can be paid at gov.uk/pay-parking-fine.

key information

How to report a scam

To report a scam, forward dodgy text messages to 7726 and scam emails to report@phishing.gov.uk. You can report suspicious websites to the National Cyber Security Centre, which investigates and removes scam websites.

If you lose any money to a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud, or call the police on 101 if you’re in Scotland.

This article first appeared in the December issue of Which? Magazine

More on this