A-Z of scams

Advance fee fraud

This type of fraud is where someone asks you to make an upfront payment or fee for goods or services. For example, you may get an email about a new business opportunity. They ask for a fee to release those details – then you don’t hear from them again.

AI-powered scams

This type of fraud uses artificial intelligence to make scams more convincing and easy to repeat. Criminals use tools like deepfake videos and voice cloning to mimic business leaders. This tricks staff into approving payments. 

They also use AI to:

• Craft realistic phishing emails.
• Create fake websites.
• Build fake identities that can slip past security checks.

These attacks are highly customised, fast, and hard to detect. As a result, they pose one of the most dangerous emerging threats to businesses.

Asset misappropriation fraud

The assets here may be cash, data or intellectual property. Third parties or employees abuse their position to steal these assets through fraud activity. This could be making false expense claims or fake invoices. More complex examples include payroll fraud and embezzlement.

Authorised Push Payment (APP) Scams

APP fraud is where fraudsters trick people into making electronic payments.

They may:

• Pose as someone else – Like banks, regulators or even the Financial Conduct Authority (FCA).
• Mislead the person about the true purpose of the payment. 

Boiler room fraud

Many investments scams run from offices known as boiler rooms.

Business Email Compromise (BEC)

This is a type of phishing where fraudsters impersonate executives, employees or suppliers, using a scam email to try to trick you into giving away details or moving money.

Cash point scams

There are many ways fraudsters can get your card details and cash. Some stand close behind you to see what your PIN is.  Others tamper with the cash points to record your card details and steal your money – this is also called skimming.

Charity scam

With this type of fraud, fraudsters ask you to donate to their charity. But, it won't be genuine. They've just made it up to scam you out of your money. Not sure if a request is real or fake? You can check a charity name and registration number on the charity register.

Cheque fraud

This type of fraud is less common today, but it still happens. Fraudsters steal cheques, then change the payee name or amount. They also forge signatures and can create convincing fake cheques. They use these to trick people into handing over goods, services or cash.

Corporate Identity theft

Fraudsters steal details about your business to use for fraud. For example, they may use your credit details to order goods. They could also file fake documents with Companies House to change your company name or other details.

Credit/debit card scams

This is when a fraudster steals your card details, or even the card itself. They’ll then use it to buy goods or make investments in your name.

Deepfake

A video or image where criminals have digitally changed a person’s face, body or voice to look like they’re someone else. Often hard to spot, the fraudsters use them to steal identities and for other types of fraud.

Digital footprint

If you share details about yourself or your business online or on social media, it leaves a trail. This is your digital footprint, which other people can find. Fraudsters try to get details from your footprint to help them with scams.

Distributed Denial of Service (DDoS)

Cyber criminals use software to access a company website or system lots of times, all at once. This overloads the website. Real users won’t be able to use it and eventually the site will crash.

Domain name scams

Fraudsters can try to trick you into buying, selling, listing or converting a domain name. They'll get you to pay but won't do any work.

Government agency scams

You may get a call, email or text that looks like it's from a government department or a well-known company. A message could say you need to pay a fine for breaking the law. An email might ask you for your banking details to claim a tax rebate, or ask you to register to meet new rules.

For example, a text that claims to be from HMRC, demanding urgent payment. Or emails that say they’re from Companies House and need you to pay for a new service that turns out to be fake.

Hacking

Hackers break into computers and networks. Once in, they can gain sensitive information to commit fraud.

Identity theft

Fraudsters steal your personal details and pretend to be you, to commit fraud.

Investment scams

An investment scam is when someone tries to trick you into giving them money by pretending it’s a smart way to invest.

The scammer might promise easy money or say you can’t lose. They often use professional‑looking websites, fake reviews, or pretend to be part of a well‑known company to gain your trust.

Once you send them money, they may disappear or keep asking for more, making excuses like extra “fees” or “taxes”. In the end, you don’t get any money back.

Invoice scams

Fraudsters can copy an email or hack into an account to send new payment details. If somebody you deal with changes their payment details, call them back to double check. Use a number you trust, not one from an invoice.

Loan scams

Loan scams cover a whole range of scams you should watch out for. For instance, they offer you a fake loan with large fees or pretend to be a real loan company. You may reply to an advert for a fast loan and the application is successful despite your credit history.

Before you get your loan, they may ask you to pay an upfront fee. Loan arrangement fees are quite common, but most lenders add them to the loan as a repayment. If they ask for this money upfront, it could be a scam.

Malware

This is software that attacks your device. Fraudsters often hide it in tempting links, attachments and downloads. They then use it to steal your details or money.

 Mandate scams

Mandate fraud is also known as Payment Diversion Fraud (PDF) or Business Email Compromise (BEC). You get a call or an email from someone who claims to be from a company you pay regularly. Their aim is to steal your money. They may say that their bank account details have changed.

If this happens to you, always check with the company directly. Use their official website or a contact number you know.

Pension scams

Fraudsters will usually contact people out of the blue, saying they’re from a pension company. They'll try to convince you to transfer your pension to them. To avoid this, you should watch out for offers of free pension reviews, offers to release funds, and high-pressure sales tactics.

Pharming

Fraudsters use programs to take you from the website you were trying to visit to their own sites. The site often looks like the one you were trying to visit. But it's a fake one used to steal your details or attack your device.

Phishing

This is a scam that uses an email to try to trick you into giving away details or moving money.

 Ponzi schemes

These are ‘get rich quick’ scams that work like this:

• A fraudster offers an investment with very high returns in a short space of time.
• The first investors get the returns and tell their friends and family.
• There are no profits. Instead, the first investors are paid with money from the new investors.
• Eventually, the scheme fails. The fraudster disappears with all the investors’ money.

Purchase scams

Fraudsters convince you to buy goods or services that are either not what you expect or don’t exist at all. You often see this type of scam online, on shopping sites or auction sites like eBay, Facebook Marketplace or Gumtree.

Pyramid schemes

These work a bit like Ponzi schemes. If you invest, you’re prompted to recruit more people, for a commission. The scheme falls over when it runs out of new investors and money.

Other names for this type of fraud are:

• Franchise fraud
• Multi-level marketing
• Chain referral scheme

Quishing

This is a scam that uses a QR code (a square barcode) to try to trick you into giving away details or moving money. A fraudulent QR code will often redirect you to a scam website or to download malware. Often found at parking meters, restaurant menus or electric vehicle charging stations, fraudsters will replace a genuine QR code with a sticker containing a fraudulent QR code. 

Remote access scams

These can look like a pop-up message to say your device has a virus. Others start with a call from someone who says they’re from your bank. They’ll say they need to connect to your computer to deal with fraud activity on your account. The aim is to get data from your device.

Romance scams

Fraudsters pretend to be interested in a romantic relationship online to trick you into giving them money or personal information. They will pretend to be someone else with fake profiles on social media and dating sites. Their aim is to build trust over time and they chat in a certain way that makes you feel like you’re in a real-life relationship. They will often ask you to keep a relationship secret, to stop friends and family from asking questions that could expose the scam. 

SIM swap fraud

This starts when fraudsters gain data about you or your business. This could be through your digital footprint or social engineering. They may also pay other criminals for stolen data. Then they use this to trick mobile network staff to transfer your phone number to a SIM card they control.  

Once they hijack the number, they can get calls and SMS messages meant for you. This includes one-time passcodes (OTPs) that you use for banking and two-factor security checks. They can use this for payment fraud, identity theft and to take over accounts.

Skimming

This is a type of cash point scam. A fraudster fits a special device in a cash machine. It records details from your card and a hidden camera captures your PIN when you enter it.

Smishing

This is a scam that uses text messages to trick you into giving away your details or moving money.

Social engineering

Fraudsters use this on you or someone who works for you. They’ll try to talk you into giving away personal or banking details, or performing actions. They can use this to steal your money, or access systems or accounts.

Spoof or spoofing

To ‘spoof’ means to copy. Fraudsters can spoof a phone number, text message or email, so it seems genuine.

Spyware

A type of software used to track your actions and collect your details without you knowing. Fraudsters often use keystroke loggers. These track the buttons you press on your keyboard. This means they can capture your passwords and personal details as you type them.

Ticket scams

The chance to buy cheap tickets might sound great. But there are lots of fake ticket sites that may ask you to pay by direct bank transfer. These are hard to trace. Always buy tickets from official sites.

Trojan

This is a type of malware that hides in a normal file. They usually spread using social engineering and can appear as a genuine link or attachment. Trojans can give fraudsters access to your personal information.

Virus

A type of malware. A computer virus can spread from a file or document to infect your device. Once in place, fraudsters use them to steal your money and details.

Vishing

This is a scam call. Fraudsters can phone you and pretend to be us or other well-known companies. They may ask you to make a payment, transfer money to a safe account or for banking details. 

Voice cloning

This starts with a fraudster getting a sample of someone speaking. Then they use AI tools that learn that person’s voice. They can use the AI-created voice in phone calls to gain money or other information. This article explains how to spot AI voice clones.