Familiarise yourself with some of the most common scams and play your part in preventing fraud.

Invoice fraud

Invoice fraud involves a fraudster notifying you that payment details for a particular service have changed and providing you with alternative fraudulent details. The fraudster could be claiming to be from the genuine company or even a related third party. Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult.

This type of fraud is commonly seen targeting school fees, holiday and solicitors’ payments amongst others.

Invoice fraudsters are often aware of the relationships between you and the company involved, for example knowing when regular payments are due. They can use techniques to pressure you into paying quickly, such as offering discounts. Fraudulent letters and emails sent are often well-written and look legitimate, meaning the fraud is difficult to spot without being alert and may only be discovered with the genuine company follows up on non-payments. The process of changing bank details or contact details of someone you are paying should be treated with caution. You should independently verify any changes using contact details held on file, not on the instruction.

CEO / chairman fraud

This fraud is a request, often an email purporting to come from a senior person in the company, normally to the accounts department, requesting an urgent payment to a supplier or partner. The fraud attempt often occurs when the senior person is absent, making it difficult to check. The request may outline that the transaction is confidential and sensitive in order to discourage further verification.

Social engineering

Social engineering is the manipulation of situations and people that results in the targeted individuals divulging confidential information. Social engineering can be the enabler to many types of fraud. Fraudsters can approach this in many different ways, including social media, fraudulent websites, email or the phone.

You can protect yourself by:

  • Not disclosing confidential information over the phone unless you're sure that the caller is really who they say they are. If in doubt, hang up and call back on an independently sourced number, such as one from their website or from your records
  • Never sending confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passcodes
  • Keeping your credentials (PINs, passcodes and memorable words) confidential at all times. Banks, including us, will never ask you to disclose this type of information.

Phishing, smishing & vishing

Phishing, smishing and vishing occurs when fraudsters, purporting to be from a legitimate company or organisation, send you emails, texts or make phone calls trying to maliciously obtain information.

For phishing and smishing (email and texts) the message often looks legitimate and may contain a link to a fake website, that captures your personal information when you enter it. Alternatively, by clicking on the fraudulent link, malicious software may be installed on your device, helping fraudsters to gain access to your information. Vishing (phone) involves a fraudster attempting to get you to reveal personal information or to make a payment over the phone by impersonating a genuine employee of a company or organisation.

Online shopping scams

Fraudsters will advertise goods or services that don’t exist or aren’t theirs to sell – or they’ll try to mimic existing websites in order to appear genuine. 

You should always be vigilant when you shop online:

  • Be cautious
  • Never follow a link in an unexpected email. It’s also a good idea to check the spelling in the URL to make sure it’s legitimate. As an example, barcleys-bank.co.uk is incorrect – the real URL is barclays.co.uk
  • Research the seller: before buying online, do some research on the seller to check they’re genuine, and avoid those with poor ratings
  • See the goods: finally, insist on seeing high-value items, like cars on online auction sites, before paying – and always use secure payment methods, such as PayPal or your credit card

Remote access

Remote access is where fraudsters gain the ability to control your computer by persuading you to give them access. They do so from a distance – so they could be anywhere in the world.

  • You receive a phone call out of the blue – the caller claims to be from a technical support service provider, a bank, a large
  • They tell you that your computer or account is experiencing technical problems, and they need to access it remotely to fix the problem
  • They ask you to download software or sign up to a service to fix the computer
  • They ask you to log into your private accounts or for your personal details such as, your bank or credit card details
  • The caller is very persistent.

If you get a call like this, hang up.

Never give your personal or payment details, or online account information, over the phone – unless you made the call, and the phone number came from a trusted source.

Make sure your computer is protected with updated anti-virus and anti-spyware software, and a good firewall. Research first and only download software from a source that you know and trust.

Courier scam

The courier scam is when fraudsters call and trick you into handing your cards and PIN numbers to a courier on your doorstep. There are many variations of the scam, but it usually follows this method:

  • A fraudster will cold call you on a landline, claiming to be from your bank or the police. They state their systems have spotted a fraudulent payment on your card or it is due to expire and needs to be replaced
  • In order to reassure you that they are genuine, they suggest that you hang up and ring the bank/police back straight away. However, they don’t disconnect the call from the landline so that when you dial the real phone number, you are actually still speaking to the fraudster
  • They then ask you to read out your PIN or type it on your phone keypad. They may ask for details of other accounts you hold with the bank or financial service provider
  • Finally, they send a courier to you to collect your bank card. The fraudster will have then obtained your name, address, full bank details, card and PIN.

Protect yourself against courier fraud:

  • Your bank will never send a courier to your home
  • Your bank and the police will never collect your bank card
  • Your bank and the police will never ask for your PIN
  • If you receive one of these calls end it immediately.

Money mules: additional income email scam

Money mules or ‘Money transfer agents’ receive funds into their accounts and send it to the fraudsters using a wire transfer service, minus their commission. They're recruited through a variety of methods, including spam emails, genuine recruitment websites, approaches to people whose CVs are available online, social media, instant messaging and newspaper ads.

This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: handling money that's been obtained fraudulently is a crime. 

Investment fraud and boiler room scams

This is when fraudsters pose as salespeople and contact you offering investment opportunities like shares, plots of land, gold, carbon credits or wine at a supposedly heavily discounted price. They will often use hard sell tactics to persuade the client to buy the shares e.g. creating a sense of urgency or using a persistent and aggressive style. This pressurised tactic is why they are often referred to as boiler room scams.

The company that they are trying to sell may be listed on an illiquid market so the shares cannot be sold. Or they could be a small unquoted company that the broker claims, is planning to list. In other cases, the company itself may not exist or the share certificates delivered are fake.

The Financial Conduct Authority has published a list of firms that they are aware operate in this manner.

In general, the bulk of these firms operate overseas with hotspots being in Spain, Switzerland, Dubai, Japan, Bermuda and the US and are therefore outside the remit of the Financial Conduct Authority. However, these firms are likely to have a UK registered address and a name which suggests legitimacy.

Both inexperienced and experienced people have been affected by this type of scam with a typical victim losing around £20,000.

Further information on boiler room scams can be obtained from the Financial Conduct Authority.

If you think you've fallen victim a scam on your Barclays cards or accounts, contact us.