Simple steps to help you stay safe from scams, spoofs, and digital deception.

In this week's Money Matters, I'm looking at an email Jane Garvey got which looks like it was trying to con her.

Jane got an email which looked like it had come from an official government source but almost certainly wasn't.

Q: How do you first spot it might be a dodgy link?

A: The website link (otherwise known as a URL) contained the term '.gov.uk" which makes it look like it comes from an official government source. But here is the thing which should ring a warning bell. This is a con called website spoofing

Website Spoofing

This s far from fool proof so don't rely on it. But one idea on checking whether a website might be fake is to see the structure of the URL. We read things from left to right, but one way of trying to ensure a website is legitimate, is to get used to reading it from right to left - backwards in other words.

Example:

URLs are read right to left, with the actual domain name being just before the first /. For example:

• ✅ Legitimate:https://www.hmrc.gov.uk/login→ Real domain: hmrc.gov.uk

• ❌ Spoofed:https://www.hmrc.gov.uk.fake-site.com/login→ Real domain: fake-site.com→ hmrc.gov.uk is just a subdomain or part of the string to trick you

So, a spoof site can embed .gov.uk as part of a longer or misleading domain to create the illusion of authenticity.

Q: Are there simple things you can do to stop yourself being scammed?

A: Never pay by bank transfer

If you are asked to pay for something online via a bank transfer, don't do it. 

If you buy an item that turns out to be fake or non-existent with a credit or debit card, you do have some rights to get your money back. But if you pay by bank transfer, there’s very little you can do to.

If you've paid for goods or services with a credit or debit card, you have greater protection if things go wrong under Section 75 of the Consumer Credit Act or by using chargeback.

If the scammer took payment for an item through PayPal but failed to send it, you might be covered by PayPal Buyer Protection. However, there are some exceptions and some scammers set up fake PayPal payment forms which actually just get your bank details, so be careful.

Q: Can you trust a trust mark or padlock sign?

A: Research carried out by ANEC, a European consumer organisation, found that seven in ten people say they’re more likely to use a website with a trust-mark label or logo.

But according to the consumer organisation Which? "with more than 50 different trust-mark labels and logos in use across Europe, and many countries also not using them at all, they are not always a sound way of judging whether a website is trustworthy. Also, just because a website appears to carry the logo of a reputable trade organisation, it still doesn’t necessarily mean the website is genuine. If you’re in doubt, you could always contact the trust-mark company to check."

Some websites have an SSL certificate or a padlock - but I worry these can give you a false sense of safety. My own experience has been that I sometimes can't see these logos even on genuine sites so not seeing them doesn't necessarily mean the site is fake.

Conversley scammers can imitate them - so seeing them is not a guranatee the site is safe. Which? advises that "scammers are able to forge or buy these padlocks, so seeing one doesn't always mean a website is safe."

Q: Should I report a fraud?

A: Action Fraud is the fraud and cybercrime reporting centre for England, Wales and Northern Ireland. It gathers intelligence on scams and passes it onto the National Fraud Intelligence Bureau for analysis by the police.

You can report any attempt to steal your money or personal information to Action Fraud by calling 0300 123 2040 or reporting it online.

If you live in Scotland, you can report a scam directly to the police by calling 101.

Q: It's not just individuals - but companies get hacked as well. M&S and Co-op have suffered from a recent blackmail hack. Can individuals be targeted in the same way?

A: Scammers may call you directly on the phone and pretend to be representatives of a tech company. They might even spoof the caller ID so that it displays a legitimate support phone number from a trusted company.

They'll probably ask you to install applications that give them remote access to your device. Using remote access, these experienced scammers can misrepresent normal system messages as signs of problems.

Scammers might also initiate contact by displaying fake error messages on websites you visit, displaying support numbers and enticing you to call. They may also put your browser in full screen mode and display pop-up messages that won't go away, apparently locking your browser. These fake error messages aim to scare you into calling their "technical support hotline".

Reporting tech support scams

Microsoft run a stop scammers scheme, whether they claim to be from Microsoft or not, by reporting tech support scams at: www.microsoft.com/reportascam

Generally - I would never give personal information to someone who has called me or emailed me. I thank them and then INDEPENDENTLY LOOK UP THEIR PHONE NUMBER AND NOT CALL THE NUMBER THEY GIVE ME - and then asked to be put through to the IT support or the named person.

Warning Signs: Scammers will often say that you don't need to call them back as you can see the number they are calling from on your mobile and see that it is the correct number. This is a huge red flag - as scammer can imitate the legitimate number. The mere fact that they suggest this is a way of checking they are legit - is a sign that they may not be.

They may also say that if you call back you will go back to the end of the queue and during your wait - thieves are stealking your money. This is another red flag trick used by thieves so you don't check whether they are legitimate or not.

Q: How do I spot if the call from my bank is legitimate?

A: I feel like I have been shouting into the wind on this issue. The banks make huge, sometimes annoying, checks which we as customers must pass before they talk to us. But this is a very one-sided deal and there is no way we can check that they are who they claim to be.

One simple way of fixing this problem, it seems to me, is for us to lodge a password or phrase with them that they have and which they have to use to prove to us they are who they say they are. I really would like it if the banks started doing this. In the meantime we are in a one-sided relationship that leaves us open to fraudsters and means we have to be more careful.

Here are some practical tips which may help avoid the scammers which are promoted by the Co-op Bank.

How to spot a potential impersonation scam

• You receive a call from the Police telling you that they suspect fraud has occurred on your bank account.

• They will ask you to help with their investigation and to move your money to another account to ‘keep it safe’.  They may even ask you to go to a branch and take out cash to hand over to them. In both scenarios, they’ll ask you to withhold from telling your Bank the real reason you are moving your money as the bank could be involved.

• Stop! Moving this money is a trap and would result in your money being controlled by a criminal.

• You can contact a genuine company to check if a call or text message is genuine by using a trusted number from their website.

• Another twist on this type of scam is when they call pretending to be from the Fraud Department of your bank, asking you again to move your money to keep it safe.

• Be vigilant – if you are unsure if a text message or phone call from us is genuine, contact us using the number on the back of your card, ideally using another telephone as the caller could try to stay on the line.

Q: What are recovery room scams? A: I hesitate in using the word scams as these people are thieves - so they are all terrible people. But recovery scams are perhaps the worst of all because they target people who have already had money stolen from them and then try and steal more in the pretence that the person on the phone is trying to get the money back.

The regulator, the FCA, says "The people behind the original scam may operate the recovery room and contact the victim again pretending to be from a different firm or sell on their details to other recovery rooms. The scam tends to involve cold calling with high-pressure tactics and upfront charges described as a tax, solicitor or administrative fees, which can result in losses that can be greater than the initial loss.

The recovery rooms often have professional-looking websites to persuade visitors they are legitimate and claim to have a UK presence when they don’t. These websites often make false claims to have successfully recovered money for other consumers involved in scams.

Recovery rooms generally use a web-based email address, such as gmail, Yahoo, Hotmail or Russian search engine, yandex."

What You Should do: If you get a phone call offering to recover your losses:

• Ask how the caller has information about your lost money. Any report of fraud can only be shared between other law enforcement agencies. It cannot be shared with a private business operating a recovery room.

• If you’ve been asked to pay a fee or provide your bank account, card or other financial details, end all contact immediately and do not pay any money or provide any banking details.

Q: What are push payments and can I get my money back if I am a victim?

Authorised Push Payment (APP) fraud occurs when a person is tricked into voluntarily transferring money from their bank account to a fraudster’s account. The key feature is that the victim authorises the payment, usually under false pretences.

A: Since October 7, 2024, all UK payment service providers (banks, fintechs, etc.) are legally required to reimburse customers who fall victim to authorised push payment (APP) fraud, unless the customer was grossly negligent.

Under the new rules:

• Mandatory reimbursement must happen within 5 business days (with investigations allowed to pause it for up to 35 days)

• Providers can charge a claim excess of up to £100 and cap reimbursements at £415,000 per case

• 
  

The FCA say that "If you're worried about a potential scam, or you think you may have been contacted by a fraudster, report it to us. Call us on 0800 111 6768 or use our contact form. "

Listen to Money Matters on Times Radio with Adam Shaw, Fi Glover and Jane Garvey at 3:45pm on Mondays.

For more commentary follow me on Twitter/X and BlueSkySocial @adamshawbiz

Please remember everything on this site is journalist commentary and is not financial advice or guidance in anyway.

If you want to contact me - send an email via here