Common scams

Purchase scams happen when you’re paying for an item or service. The item doesn't arrive or the service doesn't happen and your money is lost.

Typically, these scams:

• seem too good to be true – probably because they are
• have 'limited availability' or are a 'special offer' to encourage you to act before you have time to think it through
• ask you to send money via bank transfer rather than using normal ways to pay

Remember to:

• use safe sites when shopping online
• use safe ways to pay, such as your debit or credit card 
• check the returns and cancellations policy
• research the retailer online to make sure they’re legitimate
• stop and think – would you be willing to send cash in the post for an item you've ordered?
• research and check the validity of the item before agreeing to pay via other means

If you've been a victim of a purchase scam, please call us on 0345 900 0900 so we can look into your case.

These scams involve switching real QR codes with fake ones, then persuading their targets to scan the QR code with their phone. If you scan the code you could find money is taken from your bank account or malware is downloaded onto your phone.

M&S Bank will only ever ask you to scan a QR code in the following scenarios: 

• as an existing customer, when activating Internet Banking on a new device using your old device registered with us
• as a new customer, during the process of completing identification checks when opening an account online
• to find out more about one of our products or services
• to easily navigate to the relevant app store to download the M&S Banking App

If you’re asked to scan an M&S Bank QR code in another scenario, it will not be genuine.

Criminals may contact you to offer investment opportunities which may seem too good to be true.

They often use false testimonials, fake celebrity endorsements, spoof websites and fake companies with similar names to genuine investment organisations. They can usually provide convincing marketing materials to make the scams appear genuine.

Check the Financial Conduct Authority (FCA) website to confirm the company is authorised and also look for verified contact details. The FCA also has a list of known scam companies and advice on how to avoid investment scams.

Criminals claim they can unlock pension funds by moving them from an existing scheme to a new one, allowing early access to benefits before the legal age of 55. Targets may be told by the scammer not to tell their pension provider why they’re trying to withdraw funds.

Victims of these scams are usually asked to pay a very high fee and may also face serious tax consequences. Be wary of scams like this and, if in doubt, seek advice from registered pension providers.

There are many fake websites, online adverts, emails, social media posts and texts that promise great holidays or travel arrangements which are fake. Either the holiday doesn’t exist – or it does exist, but has been sold to you by a criminal who isn’t in a position to actually sell it to you.

You might not realise you’ve been scammed until the flight tickets don’t arrive, or you turn up at the resort, airport or cruise terminal only to find there’s no holiday and you’ve lost your money.

Whether it’s a short break or a dream holiday, you can find out more about how to avoid this type of scam by checking out Get Safe Online.

Criminals often target those who are strapped for cash to act as 'money mules'. By agreeing to do this, you allow money to be transferred through your account in exchange for payment.

You'll be asked to provide your bank details, receive a payment into your account and then, either withdraw it in cash, or transfer it to another account.

Job adverts and spam emails offer 'easy money' and it might seem a harmless way to earn income, but the money being transferred is stolen and used to fund organised crime.

This can get you into serious trouble. If you're caught, your bank accounts will be closed, you'll have problems applying for a loan, a mortgage or even a mobile phone contract. You may also be given a prison sentence of up to 14 years.

To learn more about the consequences of becoming a money mule and what the proceeds of money laundering are used for, check out the Don't Be Fooled website.

Recently, we’ve seen an increase in authorised push payment (APP) scams, also known as bank transfer scams, which happen when fraudsters trick victims into unknowingly transferring money into an account they control.

Usually, fraudsters gain access to a victims’ information via a hacked email account and then contact them pretending to be someone the victim does business with or posing as a trusted organisation – such as the police or HMRC.

For example, some scammers will say they’re calling from your bank’s fraud team about a security issue and ask you to authorise a payment into a ‘safe account’. Others will pretend to be a contractor they know you’ve hired after getting information from your email - such as an estate agent, solicitor or driveway repair company, and trick you into paying an expected invoice into their account instead.

Always remember, M&S Bank will never ask you to disclose your security details such as a PIN, online password or temporary ‘one time passcodes’ and would never ask you to move your funds to a ‘safe account’.

APP fraud can happen to anyone so it’s important you ask yourself the right questions before you make any payment:

• Have you been contacted unexpectedly to make this payment? Have you received an unexpected email or phone call?
• How were you informed of the bank details? If by email, SMS or phone call these should be checked with a trusted source before proceeding
• Why are you making the payment today?
• Is this a payment you’ve been planning to make?
• Is this a regular payment that you are going to be making?

If you think you've been a victim of APP fraud, please call us immediately on 0345 900 0900 (this number can be checked against the number on the back of your card).

Phishing and smishing scams are used by fraudsters pretending to be from M&S Bank, or other financial institutions, and involve sending unsolicited emails (phishing) and text messages (smishing) to trick unsuspecting people into handing over their personal details. These emails or text messages often contain links to fake websites or online banking login pages that ask you to enter your personal details – this could be your password, card details or memorable information. By entering your personal details on these sites, you are providing a fraudster details necessary to access your account.

Look out for the following signs of a phishing email or smishing text:

They often contain spelling errors or random capitalisation (eg bAnk 0nline with M&s Bank).

They often ask you to click on a link to confirm or validate your security details.

'Vishing' involves a fraudster phoning a potential victim and posing as someone from a bank or building society, the police, HMRC or another trusted, legitimate company. They can even make their call appear to come from a number you know and trust. This is known as Phone Number Spoofing. The call is made either to persuade or coerce the victim into transferring money from their account to another account for "safekeeping" or "holding", to withdraw cash and hand it over "for investigation" or to try to get financial information, such as credit or debit card details (including PIN), bank account details and personal information such as full name, date of birth or address. Then they use this information to gain access to their victim's finances.

Some fraudsters will phone on your landline claiming to be from your bank, credit card company or the police, and tell you that your account has been compromised. They may say that a courier needs to collect your cards or ask you to purchase high value goods or foreign currency for collection. They may also ask you to write down your PIN and hand it over as well. To add credibility the fraudster may even advise you to cut the card in half.

Identity theft happens when fraudsters get enough information about someone's identity (such as their name, date of birth, current or previous addresses) to commit identity fraud.

Identity fraud happens when someone uses your personal details without your knowledge or consent. They might use the information to get a credit card or loan. You may only find out that you've been a victim of identity theft when you start to receive bills for things you haven't ordered or received.

Romance fraud happens when victims are deceived into 'false' relationships by fraudsters who aim to steal their money or personal information. Romance fraud is typically carried out by criminals using fake profiles on online dating sites.

Bitcoins are increasingly becoming a more common target for fraud and scams, due to the difficulty in tracking the funds. Fraudsters can employ a range of tactics including; creating fake exchanges to purchase Bitcoins, fake giveaways to secure personal details or Ponzi schemes where victims are offered a guaranteed return in exchange for an upfront deposit.

Payment diversion scams are where victims are intending to pay a genuine party but have been contacted by a fraudster and given the fraudster's bank details to send funds to. For example, a fraudster masquerading as a conveyancer during a house sale and instructing the victim to transfer funds to a fraudulent account.