They might relate to vaccines, immunity tests, mortgage payments, payment holidays or tax rebates. Fraudsters may even ask you to move your money to a ‘safe account’, giving them access to your money.
They also include fake government web pages and text messages – some encourage you to input banking or security and personal details in order to access payments and tax refunds.
We've also seen fake emails from the World Health Organisation claiming that an attached document shows how you can prevent the spread of the disease. Clicking on the attachment infects computers with malicious key-logging software, which records every keystroke and allows the attackers to monitor your every move online.
It’s important not to let criminals rush or panic you into making a decision that you’d later wish you’d thought about for a bit longer. Taking a moment to stop and think before parting with your money or information, could keep you safe.
A spoof website imitates a genuine website in order to fraudulently collect personal or sensitive data from you. They're designed to look like the genuine site. You can even be on a genuine listing site where people are not who they say they are. You buy goods, pay for them and nothing arrives.
Closely check the website address of any site you're visiting. Watch out for small clues like a spelling mistake in the web address. Check the security certificate. On the login page of a website, click on the padlock symbol next to the address in your browser's top bar.
Be wary when buying goods online, especially from a listing site such as eBay. Goods might not arrive or are not what you ordered. Make sure you carefully check the seller’s history and use online payment options such as PayPal that can help protect you, instead of sending money direct.
Cryptocurrency is cash that only exists digitally. While it is legal (the largest is Bitcoin), cryptoassets aren’t regulated by the FCA or protected by the Financial Services Compensation Scheme. Cryptocurrency values often fluctuate dramatically so even a legitimate investment could be risky.
Criminals use sophisticated tactics to trick people out of their money, including using celebrity endorsement, websites that showcase a non-existent investment, or fake accounts that give the illusion of big profits. You might receive a phone call or email out of the blue offering you an ‘unmissable’ opportunity, or offered a bonus or discount if you invest now.
Once you’ve handed over your investment, the scammer will disappear into thin air. And because cryptocurrency is unregulated, no one can help you get your money back.
Be wary if someone contacts you out of the blue about a cryptocurrency investment opportunity. Don’t give out any of your personal information over the phone, via email or in any form of internet chat.
And don’t be tempted to rush into anything. If someone is trying to push you into acting quickly, it’s likely to be a scam. If you receive something that looks tempting, do your research thoroughly. And if you’re promised high or guaranteed returns, be cautious. No investment is guaranteed, but cryptocurrency investments can be more volatile than most.
Emails designed to steal your details can look like they come from a genuine company, such as your bank or building society, HM Revenue & Customs or a service such as TV Licencing, PayPal, eBay, Amazon or iTunes. Instead of being genuine, they're often unexpected and encourage you to enter or update your personal or security information so it can be accessed fraudulently. There’s often a time limit and they give you a link to click.
Look out for emails from people or companies you don’t know or were not expecting. They sometimes have spelling mistakes and are often not personalised to you. Click on the email address of the sender to check if it looks legitimate. Most legitimate companies will include some personal reference, such as part of a postcode or your account number. Be particularly wary if you've been given new payment details to use. And if it looks suspicious and you’re being asked for confidential information, don’t click any links or open attachments.
Links can often take you to a fake webpage asking you to update or confirm your details or security information. Clicking the link might even trigger the download of a virus onto your device and an attachment can do the same.
Remember - we'll never send you an email asking you to enter your details or linking you directly to our online banking.
Don’t acknowledge or reply to the email. Report it by attaching the email, this will give us more information about the fraudster, and sending it to firstname.lastname@example.org and to the NCSC at email@example.com If attaching is not possible, then forwarding is fine.
How you attach an email depends on the programme you use. If you want to double check, you can find some instructions here:
Someone accesses your computer or mobile phone using software they’ve persuaded you to install.
Be wary of anyone who calls you telling you they need to ‘fix a problem’ with your computer. They might claim to be from your broadband provider for example, and tell you they need to correct an issue with the router. The only way they can do this is by gaining access to your computer.
They might even offer to pay you for doing it, then claim they’ve overpaid you and ask you to log in to your online banking to return the money. Before you know it they have your bank details.
This is when you’re tricked to make a payment to a person you’ve never met and with whom you believe to be in a relationship, or you trust. It often takes place through online dating websites, but criminals may also use social media such as Facebook, Instagram or email to make contact.
Once trust is gained, they’ll ask (either subtly or directly) for money, gifts or banking/credit card details. They pretend to need the money for some sort of personal emergency. It could be for a severely ill family member who requires immediate medical attention or financial hardship due to an unfortunate run of bad luck such as a failed business or mugging.
Never send money or your bank details to someone you haven’t met in person.
Be alert to spelling and grammar mistakes, inconsistencies in their stories and other signs such as their camera never working if you want to video-call each other. Don’t rush into an online relationship – get to know the person, not the profile and ask plenty of questions.
Analyse their profile and check the person is genuine by putting their name, profile pictures or any repeatedly used phrases and the term ‘dating scam’ into your search engine. Perform an image search of your admirer to help determine if they really are who they say they are. You can use image search services such as Google or TinEye.
Talk to your friends and family about your dating choices. Be wary of anyone who tells you not to tell others about them.
Stay on the dating site messenger service until you’re confident the person is who they say they are. If you do decide to meet in person, make sure the first meeting is in a public place and let someone else know where you’re going to be.
Make sure the Wi-Fi you connect to is secure. Don’t use public Wi-Fi for doing anything you wouldn’t want a criminal to see, such as online banking, accessing emails, or anything that requires a username or password.
Use your 3G, 4G or 5G data connection if you’re not sure the Wi-Fi is secure. Data passed via 3G, 4G and 5G is encrypted.
You can also use a Virtual Private Network (VPN) when connecting to public Wi-Fi. A VPN will encrypt information you send, they can be downloaded as apps.
It's also good practice to check your account statements on a regular basis for unusual activity. It's quick and easy with our Online Services.
18 seconds for savings enquiries
20 seconds for mortgage enquiries
To find out more about how we look after your data view our Privacy Notice.