Fraudsters can use a range of different techniques to gain your information, cards or
money, some of the
most common current scams include:
Purchase scams happen when you’re paying for an item or service. The item doesn't arrive or the
service doesn't happen and your money is lost.
Typically, these scams:
- seem too good to be true – probably because they are
- have 'limited availability' or are a 'special offer' to encourage you to act before you have
time to think it through
- ask you to send money via bank transfer rather than using normal ways to pay
- use safe sites when shopping online
- use safe ways to pay, such as your debit or credit card
- check the returns and cancellations policy
- research the retailer online to make sure they’re legitimate
- stop and think – would you be willing to send cash in the post for an item you've ordered?
- research and check the validity of the item before agreeing to pay via other means
If you've been a victim of a purchase scam, please call us on 0345 900 0900 so we can look into your case.
QR code scams
These scams involve switching real QR codes with fake ones, then persuading their targets to
scan the QR code with their phone. If you scan the code you could
find money is taken from your bank account or malware is downloaded onto your
M&S Bank will only ever ask you to scan a QR code in the following scenarios:
- as an existing customer, when activating Internet Banking on a new device using your old device
registered with us
- as a new customer, during the process of completing identification checks when opening an
- to find out more about one of our products or services
- to easily navigate to the relevant app store to download the M&S Banking App
If you’re asked to scan an M&S Bank QR code in another scenario, it will not be
Investment or "boiler room" scams
Criminals may contact you to offer investment opportunities which may seem too good to be true.
They often use false testimonials, fake celebrity endorsements, spoof websites and fake companies
with similar names to genuine investment organisations. They can usually provide convincing
marketing materials to make the scams appear genuine.
Check the Financial Conduct Authority (FCA) website to confirm
the company is authorised and also look for verified contact details. The FCA also has a list
of known scam companies and advice on how to avoid investment scams.
Criminals claim they can unlock pension funds by moving them from an existing scheme to a new one,
allowing early access to benefits before the legal age of 55. Targets may be told by the scammer not
to tell their pension provider why they’re trying to withdraw funds.
Victims of these scams are usually asked to pay a very high fee and may also face serious tax
consequences. Be wary of scams like this and, if in doubt, seek advice from registered pension
There are many fake websites, online adverts, emails, social media posts and texts that promise great
holidays or travel arrangements which are fake. Either the holiday doesn’t exist
– or it does exist, but has been sold to you by a criminal who isn’t in a position to
actually sell it to you.
You might not realise you’ve been scammed until the flight tickets don’t arrive, or you
turn up at the resort, airport or cruise terminal only to find there’s no holiday and
you’ve lost your money.
Whether it’s a short break or a dream holiday, you can find out more about how to avoid this
type of scam by checking out Get Safe Online.
Criminals often target those who are strapped for cash to act as 'money mules'. By
to do this, you allow money to be transferred through your account in exchange for payment.
You'll be asked to provide your bank details, receive a payment into your account and
either withdraw it in cash, or transfer it to another account.
Job adverts and spam emails offer 'easy money' and it might seem a harmless way to earn
income, but the money being transferred is stolen and used to fund organised crime.
This can get you into serious trouble. If you're caught, your bank accounts will be
closed, you'll have problems applying for a loan, a mortgage or even a mobile phone
contract. You may also be given a prison sentence of up to 14 years.
To learn more about the consequences of becoming a money mule and what the proceeds of money
are used for, check out the Don't Be Fooled website.
Authorised push payment scams
Recently, we’ve seen an increase in authorised push payment (APP) scams, also known as bank transfer
scams, which happen when fraudsters trick victims into unknowingly transferring money into an
account they control.
Usually, fraudsters gain access to a victims’ information via a hacked email account and then contact
them pretending to be someone the victim does business with or posing as a trusted organisation –
such as the police or HMRC.
For example, some scammers will say they’re calling from your bank’s fraud team about a security
issue and ask you to authorise a payment into a ‘safe account’. Others will pretend to be a
contractor they know you’ve hired after getting information from your email - such as an estate
agent, solicitor or driveway repair company, and trick you into paying an expected invoice into
their account instead.
Always remember, M&S Bank will never ask you to disclose your security details such as a PIN,
online password or temporary ‘one time passcodes’ and would never ask you to move your funds to
a ‘safe account’.
APP fraud can happen to anyone so it’s important you ask yourself the right questions before you make
- Have you been contacted unexpectedly to make this payment? Have you received an unexpected email
or phone call?
- How were you informed of the bank details? If by email, SMS or phone call these should be
checked with a trusted source before proceeding
- Why are you making the payment today?
- Is this a payment you’ve been planning to make?
- Is this a regular payment that you are going to be making?
If you think you've been a victim of APP fraud, please call us immediately on 0345 900
0900 (this number can be checked against the number on the back of your card).
Phishing and smishing
Phishing and smishing scams are used by fraudsters pretending to be from M&S Bank, or other financial
institutions, and involve sending unsolicited emails (phishing) and text messages (smishing) to
trick unsuspecting people into handing over their personal details. These emails or text messages
often contain links to fake websites or online banking login pages that ask you to enter your
personal details – this could be your password, card details or memorable information. By entering
your personal details on these sites, you are providing a fraudster details necessary to access your
Look out for the following signs of a phishing email or smishing text:
They often contain spelling errors or random capitalisation (eg bAnk 0nline with M&s Bank).
They often ask you to click on a link to confirm or validate your security details.
'Vishing' involves a fraudster phoning a potential victim and posing as someone from a bank or building society, the police, HMRC or another trusted, legitimate company. They can even make their call appear to come from a number you know and trust. This is known as Phone Number Spoofing. The call is made either to persuade or coerce the victim into transferring money from their account to another account for "safekeeping" or "holding", to withdraw cash and hand it over "for investigation" or to try to get financial information, such as credit or debit card details (including PIN), bank account details and personal information such as full name, date of birth or address. Then they use this information to gain access to their victim's finances.
Some fraudsters will phone on your landline claiming to be from your bank, credit card company or the
police, and tell you that your account has been compromised. They may say that a courier needs to
collect your cards or ask you to purchase high value goods or foreign currency for collection. They
may also ask you to write down your PIN and hand it over as well. To add credibility the fraudster
may even advise you to cut the card in half.
Identity theft happens when fraudsters get enough information about someone's identity (such as their
name, date of birth, current or previous addresses) to commit identity fraud.
Identity fraud happens when someone uses your personal details without your knowledge or consent.
They might use the information to get a credit card or loan. You may only find out that you've been
a victim of identity theft when you start to receive bills for things you haven't ordered or
Romance fraud happens when victims are deceived into 'false' relationships by fraudsters who aim to
steal their money or personal information. Romance fraud is typically carried out by criminals using
fake profiles on online dating sites.
Bitcoins are increasingly becoming a more common target for fraud and scams, due to the difficulty in
tracking the funds. Fraudsters can employ a range of tactics including; creating fake exchanges to
purchase Bitcoins, fake giveaways to secure personal details or Ponzi schemes where victims are
offered a guaranteed return in exchange for an upfront deposit.
Payment diversion scams
Payment diversion scams are where victims are intending to pay a genuine party but have been
contacted by a fraudster and given the fraudster's bank details to send funds to. For example, a
fraudster masquerading as a conveyancer during a house sale and instructing the victim to transfer
funds to a fraudulent account.