At M&S Bank we work hard to help you stay one step ahead of fraudsters and on this page
you can keep
updated about the latest types of scams.
Email/phishing scams
Phishing emails will look like they're from a legitimate authority or organisation, or perhaps a retailer you've
bought something from in the past.
Typically, they’ll:
- Encourage you to click on a website link.
- Contain spelling and grammar errors.
- Urge you to take action quickly and threaten to close your account if you don't respond.
- Pretend that you're owed money.
- Ask you to share confidential information, such as your online banking details, passwords, account numbers
or PINs.
Include instructions on how to reply or verify your account - like completing a form attached to the
email.
If you receive a suspicious email:
- Don't click on any links.
- Don't open any attachments.
- Don't reply.
If you're not sure, contact the organisation using a phone number you know is genuine, or visit their website.
If you've received an email from M&S Bank and you think it might be a scam:
Remote desktop takeover/device compromise scam
Fraudsters may contact you pretending to be your bank or another trusted organisation. They
can even make their call appear to come from a number you know and trust.
This is known as Phone Number Spoofing.
They can sound very convincing and may already know some of your personal information,
such as your account number, personal details or recent transactions.
Once they've gained your trust, the scammer may ask you to install a remote access programme
such as 'AnyDesk' onto your phone or computer so that they can take control of your device.
They may tell you that there is a serious problem with your M&S Credit Card or account and ask
you to act with some urgency.
M&S Bank will never ask you to download remote access software to view or take over your
device such as 'AnyDesk' or a similar type of software by another name.
Once the software is installed onto your device the fraudster can take control in any way they like.
This could involve stealing login credentials, gaining access to your other bank accounts and credit
cards and moving your money out of your control.
If you receive a call out of the blue claiming to be from M&S Bank and you are asked to download software
which allows the caller to take control of your device or computer, hang up and call us immediately on
0345 900 0900 (this number can be checked against the number on
the back of your card).
Phone/vishing scams
Phone scams or vishing, are when a fraudster calls pretending to be your bank or another trusted organisation.
They can even make their call appear to come from a number you know and trust. This is known as
Phone Number Spoofing.
They can sound very convincing and may already know some of your personal information, such as your account
number or address. If you feel uncomfortable, or sense something is wrong, don’t be afraid to end the
call. You can always call the organisation on a number that you know, such as the number on the back of your
credit card. Fraudsters can keep the line open and even spoof a dial tone, so try to use a different phone, or
wait at least 15 seconds before making your call. You could also call a friend or relative first, to make sure
a fraudster isn’t listening in when you do make the call.
Typical examples of vishing are:
- Your bank or credit card provider’ advise you that your account is at risk and you need to move your
money to another account to keep it safe.
- Your bank or credit card provider’ needs your help to investigate a fraud.
- Your internet or mobile provider calls you to fix a problem you haven’t reported.
- ‘HMRC’ threaten jail unless unpaid taxes are paid immediately.
Fraud can happen at any place and any time and the fraudsters often look, sound and act like the bank, police
or even your internet provider. A bank can already transfer funds at your request and would never ask for your
passwords, PIN, any One Time Passcodes or secure key codes.
Direct Debit scam
Criminals are circulating a scam on social media sites which promotes the reclaiming of direct debits
on accounts in order to quickly make money.
Victims of this scam are asked to provide their bank account details to criminals acting as a Third
Party on their behalf. The scammer will then contact the bank, advising to cancel one or more
existing Direct Debit payments and claim back already paid money, taking a fee for their "service".
Unfortunately, any money refunded is still owed by the victim and will likely be reclaimed by the
company in a future Direct Debit payment. Resulting in the victim losing out on the money paid as a
'fee' to the criminal.
Remember, never disclose your security details such as a PINs, Passwords or Bank Details, only a
fraudster would ask for these.
If you think you've been a victim of fraud, please contact us immediately either online or via the
phone on 0345 900 0900.
Cryptocurrency scams
Fraudsters may tempt you with investment opportunities in cryptocurrencies.
Beware of cold callers and adverts on social media advertising crypto assets, in particular promises
of high returns and pressure to invest quickly.
Some scams claim to be investing in cryptocurrency, but they’re not paying a wallet provider.
If they are paying a wallet provider, check the following:
- how do you know the wallet is in your name and only you have access to it?
- if the payment does go to a wallet you control, why are you being asked to move your currency to
another wallet?
- how can you keep the contents of your wallet secure and never share access details with anyone
else?
Always conduct your own due diligence prior to investing any funds.
The FCA website provides details
around crypto assets and also has a list of all regulated companies.
You can find out more about cryptocurrency scams from the national cybercrime reporting centre ActionFraud.
Delivery scams
Criminals are sending fake text messages and emails claiming to be from a delivery company.
They say they tried to deliver a parcel to you and ask you to click on a link to find out more or
rearrange delivery.
Don't click on any links or give any information, especially personal or financial details.
If you think the message may be genuine, open a separate window and visit the company's website using
an address that you know is safe. Once there, you can enter your tracking number to see if the
message was genuine.
If you think the message isn't genuine, delete it.
Never give any information if you're contacted unexpectedly by email, phone or text. Contact the
company separately using a phone number you trust.
Please call us immediately on 0345 900
0900 if you think you've been a victim of this scam.
Cost of living scams
Fraudsters will try to take advantage of the cost of living crisis and might get in contact about
a range of issues affecting us all. They might pretend to represent local councils offering financial
support, energy companies, or retailers offering too-good-to-be-true discounts, or direct you to fake
loan websites or offers.
The rising cost of energy is also leading to scammers contacting consumers about energy price offers and
refunds. If someone gets in touch about an offer for a great energy price deal or a refund, don't click
on any links or give them any personal information over the phone. Genuine companies will understand if
you want to look into the offer, or call back on a number you can find on their website.
If you're looking for retail offers and discounts, be wary of offers that seem too good to be true. Use
reputable discount websites by typing the address in rather than using a search engine, or go directly
to the retailer.
Remember, never disclose your security details such as a PINs, One Time Passcodes (OTPs), Passwords
or Bank Details, only a fraudster would ask for these.
If you think you've been a victim of fraud, please contact us immediately either online or via the phone
on 0345 900 0900.
Impersonation scams
Impersonation scams, where criminals pretend to be from organisations we know and trust, are becoming
much more common. They often start with a phone call, email or text informing you:
- you’re eligible for a coronavirus vaccine
- your National Insurance number has been compromised
- you’re eligible for a tax rebate from HMRC
- there’s been a suspicious transaction on your card or bank account
- your account with a retailer has been compromised
Whatever the reason given for contacting you, if it’s a scam, they’re trying to trick you
into giving them money or personal/financial details and they’ll often try to pressure you
into taking action immediately.
Criminals sometimes make the call seem more authentic by using ‘number spoofing’. This
makes their phone number look like one you know and trust.
Remember, never disclose your security details such as a PIN, online
password or temporary 'one time passcodes’, only a fraudster would ask for these.
To help protect yourself from fraud, find out more about impersonation scams by downloading our scams leaflet (PDF,
255KB).
Romance scams
Around Valentine’s Day, fraudsters are known to target victims in what is often known as a
‘romance’ scam. With Covid-19 keeping us mainly at home right now, this scam is becoming
more common, and not just at this time of year.
Criminals will set up fake profiles on dating websites, apps and social media in an attempt to build
a relationship with you. They’ll put time and effort into gaining your trust before eventually
asking for money, perhaps claiming they need it for Covid-19 related medical fees or because
they’ve lost their job and are struggling to pay bills, for example.
Never send money to someone you’ve only met online.
If you think you may have been the victim of a scam, report it to us as soon as soon as
possible by calling 0345 900 0900.
You should also report it to Action Fraud.
Authorised push payment scams
Recently, we've seen an increase in authorised push payment (APP) scams, also known as bank transfer
scams, which happen when fraudsters trick victims into unknowingly transferring money into an
account they control.
Usually, fraudsters gain access to a victim's information via a hacked email account and then
contact them pretending to be someone the victim does business with or posing as a trusted
organisation - such as the police or HMRC.
For example, some scammers will say they're calling from your bank's fraud team about a security
issue and ask you to authorise a payment into a 'safe account'. Others will pretend to be a
contractor they know you've hired after gleaning information from your email - such as an estate
agent, solicitor or driveway repair company - and trick you into paying an expected invoice into
their account instead.
Always remember, M&S Bank will never ask you to disclose your security details such as a PIN,
online password or temporary 'one time passcodes' and would never ask you to move your funds to
a 'safe account'.
APP fraud can happen to anyone and so it is critical you ask yourself the right questions before you
make any payments:
- Have you been contacted unexpectedly to make this payment? Have you received an unexpected email
or phone call?
- How were you given the bank details? If by email, SMS or phone call, these should be checked
with a trusted source before proceeding
- Why are you making the payment today?
- Is this a payment you've been planning to make?
- Is this a regular payment that you are going to be making?
If you think you've been a victim of APP fraud, please call us immediately on 0345 900
0900 (this number can be checked against the number on the back of your card).
SIM swap and number porting scams
There's been an increase in criminals taking over mobile phone numbers using SIM swap and number
porting fraud.
This gives fraudsters control of their victims' calls and texts and allows them to authorise payments
set up in online banking, using personal data they've gained through social media.
With SIM swap, they contact the network provider impersonating their victims. They claim their phone
has been damaged and ask for a new SIM for their new device.
Number porting is similar - the criminals impersonate their victims to get the PAC code (porting
authorisation code), which is needed to switch from one network to another. Sometimes they might
also hack into their online mobile phone account. Once they have the code, they move the number to a
new network provider. Other techniques include claiming their SIM has been damaged and asking for a
replacement, either by phone or in a shop.
Criminals often get personal data for their impersonations from social media.
If calls and texts stop working on your phone, your number could have been stolen - particularly if
you're in a place where you normally have good reception. This is because a mobile phone number can
only link to one SIM at a time.
If this happens, contact your network provider straight away. If you can't get through, contact your
bank to remove the phone number from your account.