How to spot an online scam

Last updated: 13 May 2020   By Dr Lucy Brown, Editor

Online scams cost customers millions every year, but how can you spot them and protect yourself against them?

In this guide, we'll examine the warning signs of online scams and show you how to identify when something isn't quite right.

Then we'll discuss common fraud types such as financial investment scams and HMRC scams before looking at the ways you can protect yourself online.

We have a separate guide on phone scams which can be found here.

scam alert
Credit: Tuan_Azizi/

In this guide:

What are the warning signs of online scams?

With more of our lives moving online, the opportunities for fraudsters seem to be increasing. Many scams we encounter on the internet fall into distinct categories, and we go into more detail about these categories later in this guide.

However, while some fraudsters devise complex scams that are trickier to spot, the majority have common warning signs that should arouse suspicion.

Unexpected or unsolicited contact

Unsolicited contact via email or other means such as social media websites can often be a warning sign of a scam, especially if you've never had contact with a person or company before. Even if the opportunity sounds good, approach with caution and refer to the other steps in this guide to check whether it's legitimate.

Along with this, remember that email accounts and social media profiles can be hacked - while you might trust the person who sent the email, if it's the first time they've sent you something like that, their account could have been compromised.

Unreasonable demands

If an email or other online message demands a rapid response or the opportunity will expire, it's a good idea to pass. Scammers use time limits to pressure customers into snapping up the opportunity without looking deeply into it. However tempting it sounds, don't be pushed into making a rapid decision.

Equally, if an email or message demands you keep anything a secret from friends or family, that's another huge warning sign. Legitimate opportunities have nothing to fear from you thinking it over or discussing it with other people so politely decline.

If you do say no or even if you just ignore the message, some fraudsters can get pushy and even threatening. Don't be afraid to block those messages or report them if appropriate

Requesting personal details

Email scams often divert customers to pages that request personal information. Whether these are fake websites (more on these below) or simply forms that want you to input your personal details without confirming to you that they are legitimate.

Be cautious before inputting information into any form. Double-check the website you're on is a legitimate one (if you're dealing with a company) by going direct to their site instead of clicking on any link.

Payment information like bank or debit card details should never be shared if you're uncertain about the site you're looking at. Reputable companies and people will understand your reluctance and they won't try to pressure you into anything.

Suspicious contact or payment details

If you're looking at an email or web page, pay attention to the details on the page.

Check the footer and see what address the company or person gives - PO box addresses can be a red flag (although there are legitimate reasons people might have them too). In addition, look at the telephone number if one's given and see if it's a premium rate number or a mobile.

These types of contact phone number can be suspect for two reasons: firstly, they suggest the business doesn't have a dedicated base and, secondly, because premium phone numbers can be a scam in themselves whereby they charge eye-watering amounts of money per minute which is added to a customer's telephone bill.

Payment details, too, can be a red flag. If a company claims to operate in the United Kingdom but payment seems to link to elsewhere, be cautious.

online financial scam

Obvious mistakes

Whether they're communicating with you via email or you've visited a dedicated webpage, companies want to make a positive impression on you. One way they do this is by displaying how professional they are and limiting mistakes to the absolute minimum.

Be on the lookout for obvious mistakes such as misspelling the company name or errors in some of their contact details or claims. Scam emails and scam sites are usually riddled with such errors, although it's important to note that some fraudsters are becoming more sophisticated and there may not be as many errors on a page as we've seen in the past.

However, misspellings and grammatical errors can still highlight a scam. In some cases, English is not the first language of the fraudsters and so they'll make rudimentary errors in the way they phrase things and use plurals incorrectly. One way to check if an email or webpage is suspicious is simply to read a few lines aloud - if there are several errors in a few sentences, it could be the sign of a scam.

Too good to be true

Finally, if an email or a website is offering something spectacular, stop and ask whether it's too good to be true.

Financial investment scams can often offer hugely enticing rewards which are designed to encourage people to ignore their misgivings and jump at the chance. This is usually coupled with a time limitation as we discussed above.

If an opportunity sounds too good to be true, it probably is.

Common scams

So far, we've discussed scams in general and how you can identify that something might not be legitimate when you come across it in an email or elsewhere on the internet.

However, there are some specific frauds which are constantly in circulation, and so it's important to recognise how these work in practice.

Loan fee scams

Loan fee fraud occurs when a lender demands an upfront fee to administer a loan that is then never received by the customer. The scammer takes the upfront fee, sometimes called a deposit, and is often never heard of again. In some cases, repeated fees are requested and customers lose more money.

The target of loan fee scams are those who have limited access to credit from mainstream providers like banks and building societies. The most vulnerable who have lower incomes and poorer credit records can be targeted when they're most desperate for cash, causing further financial hardship.

There's more information on loan scams in our dedicated guide.

DVLA or HMRC scams

We've grouped these scams together because they involve organisations that most households will have dealings with. Receiving an email purporting to be from the DVLA or HMRC can cause panic and the automatic response is to act on what they tell you, especially if they're threatening to fine you or take you to court.

DVLA scam emails take two major forms:

  • They claim a payment has failed and threaten a fine
  • They say your vehicle tax is out of date and threaten consequences

Apart from exhibiting the common hallmarks of scams that we've already mentioned, these emails usually contain links for customers to pay directly. As the DVLA say they don't encourage users to click on any links in correspondence, this is a tell-tale sign of a scam.

HMRC fraud attempts have become synonymous with phone scams, but there are HMRC email scams to be aware of too. These often appear around tax deadline dates, and they take two opposing forms:

  • Tax rebates and refunds - offering customers a rebate if they provide their bank details and other personal details
  • Outstanding tax bills - demanding customers make immediate payment to settle a tax debt

These emails from fraudsters can look authentic, but HMRC will never contact you in this way. They will never ask for your bank details or contact you out of the blue to say they owe you money or you owe them.

If in doubt about a HMRC email, contact them through official channels and not via the details or links provided on the email itself.

Investment scams

Investment scams rely on our fear of missing out and play on our hopes that we can make money more easily and live life more fully.

investment scam

These scams often bear the hallmarks of frauds that we've already discussed above, including unsolicited contact and high-pressure tactics to encourage you to make a decision about your investment rapidly. Another key signifier of this type of scam is that they request you keep the investment opportunity secret from friends and family members.

There are three major types of investment scam:

  • Opportunities that don't exist
  • Opportunities that exist but the scammer doesn't invest the money and steals it instead
  • Scammers impersonate legitimate companies

Common variants of investment scams include:

  • Pension release scams
  • Foreign property scams
  • Cryptocurrency investments
  • Pyramid schemes
  • Binary options
  • Unauthorised forex trading
  • Investments into unregulated products

One golden rule is that if you don't understand how an investment product works then you shouldn't invest in it. Along with that, employ the cautionary steps we mentioned above, especially about saying no if you feel pressured. Don't be afraid to investigate the company - more on this below.

Bogus email scams

The scams we've already discussed are often enacted via email, but it's worth thinking separately about all the different scams that could come through on an email.

A common problem is when a friend or family member's email is hacked and so an opportunity or demand seems to come from them rather than a stranger. Don't trust unexpected emails from associates which seem out of character - i.e. would your cousin usually ask you to invest in a new scheme or offer a loan with an upfront fee?

Keep an eye on tell-tale signs emails might not have come from who they're purporting to be from including unreasonable demands and obvious spelling errors you wouldn't normally expect to find in such an email.

Fake website scams

Following a link can sometimes take you to a fake website. From there, you might be encouraged to input payment details or other personal information which could help the fraudster running the fake website to steal your money.

Fake websites often have the hallmarks we highlighted earlier in this guide - suspicious contact details and glaring errors. However, some can seem genuine and may relate to a company that looks legitimate. You should always investigate a company before you give them personal details or transfer money to them. There's more detail on how to do this below.

Dating scams

Dating apps and social media websites have made it easier than ever for scammers to adopt the persona of someone else and use that persona to defraud innocent victims.

These scams can take place over several weeks and months, with the scammer building up trust with their victim before they ask them to transfer them some money. The amounts can be small to begin with, and that works to build up the relationship. Large amounts of money can be defrauded over lengthy periods of time.

The financial implications of romance scams are only one result, with the emotional ramifications of being scammed in this way also having an impact on a person's life.

Medical scams

Emails and websites purporting to offer medication or other medical equipment should always be treated with caution. Scammers may promise discount supplies that never materialise or, worse, ones that faulty or dangerous.

If any item is being advertised below its general value or is being offered when supplies elsewhere are scarce, firstly check that you haven't been sent to a fake website by going to the company's genuine website and then search for information about the company to check they are legitimate.

How to protect against online scams

Knowing which scams are out there and being able to identify the hallmarks of a fraud are two crucial elements to protect yourself. The final piece of the puzzle is that you should know which actions to take to safeguard your financial and personal security.

older woman online scam

Check on the company

We've mentioned this several times already, but it should be your first port of call whenever you're approached with an opportunity or a deal that doesn't seem entirely genuine.

If the opportunity is a financial investment or pension-related one, the Financial Conduct Authority (FCA) have a dedicated page on their website to help you find out whether it's a scam attempt. Click here to access that.

For other opportunities, don't follow any links in the email or website you've been directed to. Instead, open a new tab and search within Google, Bing or another search engine to find out more about the company. You may find their genuine website which proves the one you've been looking at is a fake, or you may find warnings against the company in the search results - pay attention to these.

Don't click or download

If in doubt, don't click on a link in an email or social media post, and don't download anything from unsolicited contact or that you're still uncertain about.

Reputable organisations like HMRC will never ask you to click on links within emails, and going direct to their website is the best way to see if what you've been sent is a scam.

Equally, downloading attachments could cause viruses or even ransomware to be installed on your computer. These can be another type of scam where fraudsters promise to remove the virus or free your data if you transfer them money. The best advice is never to download anything you're uncertain about.

Be wary of giving away personal information

Finally, your personal information is your secret weapon, and fraudsters will work to get it. Not only your financial information but your name, date of birth, address and email address are all fodder for the fraudster.

So, be as protective of your personal information online as you can be - you wouldn't give your bank details to a stranger shouting at you in the street, and online interactions should be treated with the same caution.


Scams are unfortunately everywhere, and it's vital to arm ourselves against them. As fraudsters diversify their methods and take advantage of new techniques, we have to remain vigilant and only trust after we've undertaken adequate checks and taken security precautions.

While banks in the UK are signed up to the authorised push payment (APP) Voluntary Code which provides refunds to customers who have been fraudulently persuaded to transfer money to a scammer, it's important to note this isn't a catch-all.

Only 41% of the cases assessed in the first seven months of the Code were refunded, although TSB's own Fraud Refund Guarantee has a 99% reimbursement rate.

The problem is, if a bank thinks a customer has been negligent, this hampers their prospect of a refund. APP refunds shouldn't be relied on, then, and it's vital to approach any online interaction with caution and scepticism until you know for certain that it's genuine.


Could you save with a balance transfer deal?

independent comparison

We are independent of all of the products and services we compare.

fair comparison

We order our comparison tables by price or feature and never by referral revenue.

charity donations and climate positive

We donate at least 5% of our profits to charity, and we have a climate positive workforce.

Get insider tips and the latest offers in our newsletter