10 common scams to watch out for and how to prevent them

Card payment methods like contactless and Apple Pay have overtaken cash as consumers’ preferred method of payment, proving the convenience and efficiency of electronic payments.

But, as the digital world expands, so do the tactics of those looking to exploit it.

In 2022, eCommerce fraud losses for merchants grew by 16% and the total cost is expected to exceed $48 billion globally in 2023. And for customers, authorised push payment (APP) fraud – where a victim is tricked into willingly authorising a payment to a scammer – totalled £485.2 million in the UK in 2022.

While ensuring your business has the required card payment security measure is one of the best ways to protect you and your customers from fraud, prevention also means being clued up on how scammers are tricking people out of their hard-earned cash.

To help keep online transactions safe, discover our list of some of the most prevalent scams circulating today.

1. Crypto romance scams

Romance scams have been around for a long time and typically involve a fraudster adopting a fictional or stolen identity to befriend and gain a victim’s trust online. They will build up a close relationship with the victim before manipulating or stealing money from them.

Today, crypto romance (or CryptoRom) scams see fraudsters claiming that they’ve found a lucrative cryptocurrency investment opportunity but lack funds, urging their new 'partner' to invest on their behalf.

Since cryptocurrency is untraceable, it’s near impossible to track the owner or identity of a crypto wallet, so fraudsters can trick victims out of their money without getting caught.

In the UK, crypto scams increased by 72% in December 2022 and reported losses totalled over £329m.

The signs:

• A fast-moving relationship – Some fraudsters can spend months building up a relationship to foster a sense of trust. However, not all will be patient and the biggest sign that someone may have ulterior motives is if the relationship is accelerating quickly.
• A refusal to meet in person – Scammers will reside all over the world and can target victims anyway. If they consistently rebuff efforts or give excuses to meet in person or via a video call, it could be a sign that they may not be who they claim to be.
• Constant talk of financial troubles – In many CryptoRom scams, finances or mentions of financial issues can be mentioned early on in the relationship. This could indicate that scammers are laying the foundations for taking money.
• Pressuring for crypto investments – The most obvious sign is if victims are asked directly for money or investment.

How to try and avoid this scam:

• Background checks – Search on social media for profiles for evidence that the person is real; if the profile was made recently or lacks information, it could be a red flag that it doesn’t belong to a legitimate person.
• Take note of the language used – Given the rise in AI tools, many scammers use artificial intelligence to scam victims en masse. Unnatural wording and generic conversations without personal or unique qualities are signs that someone may be using AI to fuel a crypto romance scam.
• Never share financial details – No matter how genuine someone may seem, never share financial information or make investments on behalf of someone you've never met in person.

2. QR code scams

Ordering at the table changed the dining experience during the Covid-19 pandemic, with restaurants across the country using QR codes and self-ordering technology to help reduce contact with customers.

Despite this, over half (53%) of UK consumers have trouble spotting a malicious QR code.

Scammers are placing fraudulent QR codes over legitimate ones to direct users to fake websites that encourage people to enter their payment information to send money to scammers. These scams are often carried out at restaurants and car parks that implement self-ordering or payment technology.

The signs:

• Inconsistent branding on QR codes – If the branding on a QR code doesn't match the branding of a business or appears amateurish, it can be a big red flag. Well-established companies typically maintain consistent branding across all platforms.
• Suspicious elements on the code – If some visible anomalies or elements seem out of place — like stickers placed on top or evident alterations in the pattern — it could indicate that the code has been tampered with. Legitimate QR codes should have a clean, unobstructed design without any unusual additions.
• Codes in unusual or random places – Think about the location and context of where a QR code is placed. It could be an unauthorised scam attempt if it randomly appears somewhere that doesn't seem logical, like an obscure corner of a room or slapped on a public space without any explanation. Read QR codes from businesses will be strategically placed to help the user.

How to try and avoid this scam:

• Check for Secure Socket Layer (SSL) certification – The website that a QR code directs a user to should always be SSL certified. You can spot a secure, SSL-certified site if the web address starts with “https://” and there is a padlock icon next to the URL.
• Look for two-factor authentication – Also known as 3D Secure Authentication (3DS), two-factor authentication is a key security feature when making online payments. Secure sites that use 3DS will have a Visa Secure, MasterCard SecureCode, or American Express SafeKey logo on them.

 

3. Football ticket scams

Popular sporting events are often the target of ticket fraud scams. Lloyds Bank reported victims losing an average of £410 to ticket scammers in the Premier League 2022/23 season, with football ticket scams increasing by 68%. The Northumbria Police also issued a warning to Newcastle fans against buying counterfeit tickets for the Carabao Cup in February 2023.

Nefarious ticket touts take advantage of the fact that official tickets for many sporting events sell out extremely quickly, with fans turning to third-party resale websites to secure tickets instead. Scammers then list counterfeit tickets for extortionate prices, with event-goers being unable to spot fraudulent tickets on non-authorised selling platforms or social media websites.

The signs:

• Too-good-to-be-true deals – Scammers may offer last-minute ticket deals or VIP packages to make their offer seem more appealing to victims to lure them in.
• Websites without official affiliations – Over 90% of football ticket scams occur on Twitter, Facebook, or Instagram, so always be wary of social media platforms and unaffiliated resale sites.
• Sellers unwilling to meet in person – Ticket scammers can be based all over the world to pull off this scam, which means that they may be reluctant or refuse to meet in person to sell their ‘tickets’.

How to try and avoid this scam:

• Official sources – The only way to be sure that tickets are legitimate is by purchasing from the official club website or accredited ticketing partners. This is often the team, venue, or organisation running the event.
• Never send money via bank transfer to unknown sources – Many scammers request ticket payment by bank or wire transfer, or through a peer-to-peer (P2P) app like PayPal. These methods are designed for sending money to people that you know, like family and friends. They are not intended to be used for eCommerce transactions and do not have protection in place to recover lost funds from fraud.
• Never share sensitive information – Unsecure payment gateways do not ask for four-digit card PINs or online banking information, including passwords. Never share these with anyone.

4. Voice cloning AI scams

Technological advancements, like AI, are becoming increasingly sophisticated, with criminals using voice cloning technology to trick people out of their money.

Scammers will take video or sound clips off a person’s social media account and use it to create a voice clone. The victims of these scams are the family and friends of the person whose voice has been cloned, with criminals using the recording to impersonate them. The family members or friends will be urged to take immediate action, like transferring funds to a 'safe' account due to a fabricated emergency. As the voice clip belongs to someone the victim knows, scammers can call parents pretending to be their children and asking for emergency money.

McAfee’s global study revealed that one in four people said they’d experienced an AI voice cloning scam or knew someone who had. And shockingly, 70% of people said they couldn’t be certain they could differentiate between a cloned and real voice.

The signs:

• Unexpected calls demanding urgent financial actions – Unexpected calls where the speaker is pressuring for an immediate transfer of money is a significant red flag.
• Inconsistencies in the conversation – Voice-cloning technology often struggles to create coherent and contextually accurate conversations. If the "person" on the other end contradicts themselves, gives information that doesn't align with what you know, or seems to dodge direct questions, it's a reason for concern.
• Background noise that sounds artificial – Scammers often use background sounds to give the impression they are calling from a specific location, like a bank. However, if these sounds seem looped, overly consistent, or don't match the context of the call, they could be artificially added post-production to lend authenticity to the scam. Actual calls usually have clear sound quality without inconsistent or intrusive background noises.
• Request for money via cryptocurrency – Cryptocurrency is often the payment method of choice for many criminals as it’s impossible to trace the identity of who money is being sent to. Any requests for funds via common digital currencies, like Bitcoin or Ethereum, should be treated as highly suspicious.

How to try and avoid this scam:

• Verify independently – If you get an unexpected call claiming to be someone you know asking for immediate financial help, it’s best to hang up and call them back directly.
• Don’t make rash decisions – Scammers will use a sense of urgency to encourage victims to make rash decisions in the moment. Never send money to unknown bank accounts or via payment methods you’ve never used before.

 

Watch out for ‘phishing’ text or email messages, like these. DVLA will never ask you to reply, give personal or bank details or ask you to log into an account. https://t.co/XbHnc7Dk8t #cyberaware #scams pic.twitter.com/0zQaiG3hxR

— DVLA (@DVLAgovuk) January 15, 2022

5. DVLA scams

As a reputable and well-known organisation, scammers often impersonate the Driver and Vehicle Licensing Agency (DVLA) to target victims. Recent government data revealed the number of reports of fraudulent DVLA messages increased by 603% from 2019 to 2020.

These illegitimate texts or emails claim to be from the DVLA and warn drivers that they owe unpaid tax, request a payment, or offer a tax refund and encourage the victim to share their payment details or make an unsecure transaction.

The signs:

• Unsolicited messages regarding refunds – Unexpected text messages regarding any form of financial payment or action should always be considered suspicious.
• Spelling and grammar mistakes in the text – Scammers often use broken English or grammatical mistakes within their texts. This is a giveaway that a message or email isn’t legitimate.

How to try and avoid this scam:

• Official communication – The DVLA will never contact you via text about refunds or payment requests. If in doubt, always use the gov.uk website to seek more information about a suspected scam.
• Never share personal details or information – The DVLA will never request payment details over text or email. Links included in these messages are likely to lead to fraudulent websites.
• Keep personal documents private – The DVLA has previously warned against sharing details or images of V5C log books online as they can be used for identity theft.

6. “Say Yes” phone scams

Imagine answering your phone only to be asked a simple question: "Can you hear me?" or “Are you having a good day?”.

At first, it sounds like a simple wrong-number call. The caller, often presenting as a telemarketer, inquires if you can hear them. But this is all part of the scam. By simply responding "yes", your voice can be recorded and exploited for various fraudulent schemes, including unauthorised transactions or contract sign-ups.

The signs:

• Calls that prompt you for a simple 'yes' or 'no' answer – A call that starts without the speaker identifying themself or providing a reason for calling should be treated as suspicious, particularly from unknown or withheld numbers.

How to try and avoid this scam:

• Don’t answer calls from withheld or unknown numbers – Avoid answering these calls as they may also incur costly charges.
• Hang up – If you’ve already picked up a call from an unknown number and are asked, “can you hear me?”, immediately hang up.

7. LinkedIn fake job offer scams

Scammers are creating fake recruiter profiles and advertising non-existent jobs on LinkedIn, costing victims around $2 billion each year.

Fake recruiters will approach job seekers and ask for sensitive information as part of their hiring process. This might include a person’s date of birth and financial information. They may also ask for an application or training fee.

The signs:

• Reluctance to reveal the hiring business – Fake recruiters may refuse to reveal which company they represent or are hiring for, stating that this will be made clear after payment has been made.
• Job offers that seem too good to be true – Scammers will make a role seem extremely lucrative to lure job searchers into applying. Unrealistic benefits, salaries, or a role that doesn’t fully match the applicant should be treated as a red flag.
• Offering the role without the proper hiring process – If a position is offered too soon or without following a clear hiring process, this is another sign that the recruiter may not be legitimate.

How to try and avoid this scam:

• Research the recruiter – Examine their profile history, connections, and endorsements. Check that it matches the brand that they claim to work for.
• Official channels – To be safe, always apply through the company’s official website or HR department.
• Never hand over payment – It’s extremely unlikely that any real role or recruiter will ask for payment as part of the hiring process.

8. Amazon scams

Two popular scams involve ecommerce retail giant Amazon, with fraudulent messages being sent out around customer’s Prime Memberships or accounts at risk of suspension or closure.

Prime membership scams are essentially phishing texts or emails claiming that Amazon Prime account holders must pay or provide payment information to reinstate their membership. These phishing communications are also used to scare Prime members into thinking that their account will be suspended or deleted – and to prevent it from happening, they must follow a fraudulent link that lures them into giving away their money.

The signs:

• Communication asking for personal details – Unexpected emails or text messages stating that there’s something amiss with your Amazon account or membership should be approached with caution. It’s worth noting that the safest way to check on your account status is by logging on through the official Amazon website or app to check the Message Centre or by contacting Amazon’s official customer service helpline.

How to try and avoid this scam:

• Never complete payment outside of the official Amazon website – Amazon will only ever ask for payment via their official website.
• Do not disclose personal details by any other channels of communication – Amazon only requests personal data in the member account section of their official website.
• Avoid clicking suspicious links – Never follow any suspicious links in suspicious emails or texts. Scammers can create fraudulent websites with an uncanny likeness to the official Amazon website, which they will try to direct victims to. If unsure whether you’re on the legitimate Amazon website, close your browser window and visit the website directly.

9. Holiday scams

Action Fraud, the national reporting centre for fraud and cybercrime, has announced that it received 6,457 reports of holiday fraud from 2022-2023, totalling a loss of over £15 million to holiday booking scams.

Scammers create fake travel agencies or websites offering incredible deals on flights and accommodation. They use a sense of urgency to demand upfront payment, only to disappear once it’s been made.

Some popular holiday scams include:

• Fake accommodation deals
• Duplicating official websites by creating fraudulent versions
• Offering ‘refunds’ for flight or hotel cancellations, which aim to steal financial details
• Fake giveaway phishing emails

The signs:

• Significantly lower prices than other providers – If a deal is too good to be true, it’s probably because it is. Be suspicious of deals that are a lot cheaper than competitor offers.
• Lack of ATOL protection – ATOL (Air Travel Organiser's Licence) is a financial protection scheme for air passengers in the UK. Reputable holiday providers should offer ATOL protection, so it can be a major red flag if a provider doesn’t have it.
• Payment only through bank transfer – Bank transfers should only be used to send money to people you know and trust, like family or friends. It doesn’t offer the same consumer protection as paying via a secure gateway, so if a holiday provider insists only on bank transfers, it's a sign they might not be legitimate.

How to try and avoid this scam:

• Use trusted providers – Only book through well-known travel agencies or platforms.
• Verify independently – Cross-check deals on official airline or hotel websites.
• Never click links in suspicious emails – Phishing emails that offer giveaways or massive offers should immediately be considered a scam. Avoid following any of the links and never share any personal details.

10. Brushing scams

Brushing scams involve sending unsolicited items to individuals and then writing fake reviews in their name to boost a seller's ratings. They’re conducted by fraudulent e-commerce websites and get their name from victims who ‘brush’ aside suspicion.

Victims could be targeted by brushing scams if a merchant has access to their personal details, enabling them to send a product to the victim’s home address. Once there is proof of delivery, the merchant can craft fake reviews to increase their ratings and sales figures artificially.

This scam highlights potential data breaches, suggesting that the seller has unauthorised access to personal details.

The signs:

• Packages from e-commerce platforms you didn't order – The biggest giveaway of this scam is receiving a package that you didn’t order.
• Finding reviews written 'by you' that you didn't write – Once receiving an unsolicited package, spotting reviews written in your name confirms that your personal details have likely been used in a brushing scam.

How to try and avoid this scam:

• Change your passwords – Carry out good password hygiene by regularly changing your passwords to something that scammers won’t be able to guess.
• Report unexpected items – Notify the platform if you receive items you didn't order. Often, it’s individual merchants on selling platforms, like Amazon or Etsy, that are carrying out fraudulent activities rather than the entire platform. Reporting the activity prompt means that the website can investigate further.

Become PCI compliant today

There are also steps that businesses, both big and small, can take to help customers stay safe and protected when making online transactions.

If you accept card payments, being Payment Card Industry Data Security Standard (PCI DSS) compliant can minimise the chances of fraud by data breaches.

We can help you become PCI DSS compliant today, or get in touch with us at 0808 274 2017 to learn more about how we can help.

John Clark

Product Manager