Every week, thousands of people across the UK receive fake emails, phone calls, and text messages from scammers. It can happen to anyone — and it has nothing to do with how clever you are. Scammers are professionals who do this full time, and they are very good at it.
This guide will show you exactly what to look for, what to avoid, and what to do if something doesn't feel right. Once you know their tricks, they lose their power.
Online scammers are professionals — but once you know their methods, you can stop them in their tracks.
The most common scams in the UK right now
Scammers use a handful of tricks that they repeat again and again. Here are the ones you are most likely to come across:
1. Fake emails from HMRC, Royal Mail, or your bank
You receive an email that looks official — it has a logo, a professional layout, and sounds urgent. It might say: "You owe tax — pay now or face a penalty" or "Your parcel is held — pay £2.99 to release it."
The truth: HMRC never emails you asking for payment. Royal Mail never asks for card details by email. Your bank will never ask you to confirm your password via email.
2. Text messages (SMS scams)
A text arrives saying your parcel couldn't be delivered, or that your bank account has been suspended. It includes a link and asks you to act quickly.
The truth: Legitimate organisations rarely ask you to click links in text messages. When in doubt, go directly to the official website by typing it yourself — never click the link in the message.
3. "Your computer has a virus" pop-ups
A loud alarm sounds and a large message appears on your screen saying: "Your computer is infected — call this number immediately."
The truth: Microsoft, BT, and Apple will never contact you this way. Simply close the browser window — press the X in the top right corner. If the pop-up won't close, just restart your computer. You are not in danger.
Turn it off and back on again. It sounds too simple — but restarting your computer or phone clears most pop-up scam windows, freezes, and suspicious behaviour instantly. If something odd is happening on your screen, a restart is always a safe first step.
4. Phone calls from "the bank" or "the police"
Someone calls claiming to be from your bank's fraud department or from the police. They say your account has been compromised and ask you to move your money to a "safe account" for protection.
The truth: No legitimate bank or police force will ever ask you to move money to another account. Hang up immediately and call your bank directly using the number on the back of your card.
Most scams now arrive by text message or phone call — not just email.
How to spot a fake message — warning signs
Whether it arrives by email, text, or letter, scam messages almost always have one or more of these features:
- Urgency — "Act now", "You have 24 hours", "Immediate action required". Real organisations give you time.
- Threats — "Your account will be closed", "You will be arrested", "A warrant has been issued". This is designed to frighten you into acting without thinking.
- Requests for payment or personal details — Any unexpected request for your bank details, password, National Insurance number, or payment is a red flag.
- Strange email addresses — A genuine email from HMRC will end in @hmrc.gov.uk. If the address looks odd (e.g. hmrc.refund@gmail.com), it is fake.
- Spelling and grammar mistakes — Many scam messages contain errors that a genuine organisation would not make.
If something feels wrong, it probably is. You are always allowed to hang up, close the message, and take your time. No legitimate organisation will pressure you to act immediately.
How to check if a website is safe
A few seconds of checking can tell you a great deal about whether a site is trustworthy.
1. Look for the padlock
In the address bar at the top of your browser, you should see a small padlock icon to the left of the web address. This means your connection to the site is encrypted — your information cannot be intercepted on the way.
2. Check the web address carefully
Scammers create fake websites with addresses that look almost right. For example: Real: www.lloydsbank.com / Fake: www.lloyds-bank-secure.com — Always look at the main part of the address. If it doesn't match exactly, close it.
Passwords — keeping them safe
The easiest method recommended by the UK's National Cyber Security Centre is to use three random words joined together: PurpleRainCoat or TableLampBridge. Long enough to be very secure, easy to remember.
- Use a different password for each website — especially your email and banking
- Never share your password with anyone — including people calling from "the bank"
What to do if something has already happened
If you think you have been scammed, do not be embarrassed. Act quickly:
- Restart your device first — turn it off, wait 10 seconds, turn it back on. This clears most pop-ups immediately.
- Contact your bank immediately — call the number on the back of your card.
- Change your passwords — especially for your email and any financial accounts.
- Report it to Action Fraud — the UK's national fraud reporting centre.
- Tell someone you trust — a family member or friend can help you work through the next steps.
Action Fraud: 0300 123 2040 (Mon–Fri, 8am–8pm)
Online: actionfraud.police.uk
If you feel you are in immediate danger, call 999.
A final word
The internet is a wonderful tool for staying connected, doing your banking, and keeping in touch with family. You do not need to be afraid of it. You just need to know what to watch for. If you ever have a question about a device or staying safe online — our technical team is here to help.
