A spoof website imitates a genuine website in order to fraudulently collect personal or sensitive data from you. They're designed to look like the genuine site. You can even be on a genuine listing site where people are not who they say they are. You buy goods, pay for them and nothing arrives.
Closely check the website address of any site you're visiting. Watch out for small clues like a spelling mistake in the web address. Check the security certificate. On the login page of a website, click on the padlock symbol next to the address in your browser's top bar.
Be wary when buying goods online, especially from a listing site such as eBay, Facebook Marketplace and Vinted . Goods might not arrive or are not what you ordered. Make sure you carefully check the seller’s history and use online payment options such as PayPal that can help protect you, instead of sending money direct.
Here are some ways to avoid the threat:
VPNs are a smart investment for safe browsing, hiding your sensitive confidential information, whilst offering stronger protection.
Limiting access to public-Wi-Fi networks. Not all publicly available Wi-Fi hotspots are secure. Criminals could intercept your data, even if you access an app without retyping your password. Your phone or tablet will still send your password details over Wi-Fi and this information could be intercepted.
Verify seller credibility by reading reviews and checking ratings from other buyers.
Avoid paying sellers directly or using payment methods that lack buyer protection, such as bank transfers or gift cards.
Cryptocurrency is cash that only exists digitally. While it is legal (the largest is Bitcoin), cryptoassets aren’t regulated by the FCA or protected by the Financial Services Compensation Scheme. Cryptocurrency values often fluctuate dramatically so even a legitimate investment could be risky.
Criminals use sophisticated tactics to trick people out of their money, including using celebrity endorsement, websites that showcase a non-existent investment, or fake accounts that give the illusion of big profits. You might receive a phone call or email out of the blue offering you an ‘unmissable’ opportunity, or offered a bonus or discount if you invest now.
Once you’ve handed over your investment, the scammer will disappear into thin air. And because cryptocurrency is unregulated, no one can help you get your money back.
Be wary if someone contacts you out of the blue about a cryptocurrency investment opportunity. Don’t give out any of your personal information over the phone, via email or in any form of internet chat.
And don’t be tempted to rush into anything. If someone is trying to push you into acting quickly, it’s likely to be a scam. If you receive something that looks tempting, do your research thoroughly. And if you’re promised high or guaranteed returns, be cautious. No investment is guaranteed, but cryptocurrency investments can be more volatile than most.
Emails designed to steal your details can look like they come from a genuine company, such as your bank or building society, HM Revenue & Customs or a service such as TV Licencing, PayPal, eBay, Amazon or iTunes. Instead of being genuine, they're often unexpected and encourage you to enter or update your personal or security information so it can be accessed fraudulently. There’s often a time limit and they give you a link to click.
Look out for emails from people or companies you don’t know or were not expecting. They sometimes have spelling mistakes and are often not personalised to you. Click on the email address of the sender to check if it looks legitimate. Most legitimate companies will include some personal reference, such as part of a postcode or your account number. Be particularly wary if you've been given new payment details to use. And if it looks suspicious and you’re being asked for confidential information, don’t click any links or open attachments.
Links can often take you to a fake webpage asking you to update or confirm your details or security information. Clicking the link might even trigger the download of a virus onto your device and an attachment can do the same.
Someone accesses your computer or mobile phone using software they’ve persuaded you to install.
Be wary of anyone who calls you telling you they need to ‘fix a problem’ with your computer. They might claim to be from your broadband provider for example, and tell you they need to correct an issue with the router. The only way they can do this is by gaining access to your computer.
They might even offer to pay you for doing it, then claim they’ve overpaid you and ask you to log in to your online banking to return the money. Before you know it they have your bank details.
This is when you’re tricked to make a payment to a person you’ve never met and with whom you believe to be in a relationship, or you trust. It often takes place through online dating websites, but criminals may also use social media such as Facebook, Instagram or email to make contact.
Once trust is gained, they’ll ask (either subtly or directly) for money, gifts or banking/credit card details. They pretend to need the money for some sort of personal emergency. It could be for a severely ill family member who requires immediate medical attention or financial hardship due to an unfortunate run of bad luck such as a failed business or mugging.
Never send money or your bank details to someone you haven’t met in person.
Be alert to spelling and grammar mistakes, inconsistencies in their stories and other signs such as their camera never working if you want to video-call each other. Don’t rush into an online relationship – get to know the person, not the profile and ask plenty of questions.
Analyse their profile and check the person is genuine by putting their name, profile pictures or any repeatedly used phrases and the term ‘dating scam’ into your search engine. Perform an image search of your admirer to help determine if they really are who they say they are. You can use image search services such as Google or TinEye.
Talk to your friends and family about your dating choices. Be wary of anyone who tells you not to tell others about them.
Stay on the dating site messenger service until you’re confident the person is who they say they are. If you do decide to meet in person, make sure the first meeting is in a public place and let someone else know where you’re going to be.
Make sure the Wi-Fi you connect to is secure. Don’t use public Wi-Fi for doing anything you wouldn’t want a criminal to see, such as online banking, accessing emails, or anything that requires a username or password.
Use your mobile data connection if you’re not sure that the Wi-Fi is secure. Data passed via your own mobile data connection is encrypted and therefore more secure.
You can also use a Virtual Private Network (VPN) when connecting to public Wi-Fi. A VPN will encrypt information you send, they can be downloaded as apps.
It's also good practice to check your account statements on a regular basis for unusual activity. It's quick and easy with our Online Services.
To find out more about how we look after your data view our Privacy Notice.