Latest scam warnings

Throughout the pandemic, fraudsters have been trying to exploit coronavirus as an opportunity for financial crime.

Now that vaccines are available, they’re sending bogus messages claiming to be from the NHS and offering the chance to apply for a Covid-19 vaccine.

These are usually text messages or emails asking you to confirm your personal and financial details through a website given in a link. The same scam is also being used with automated phone calls asking you to press a button on your keypad to provide your details.

Just a reminder that the Covid-19 vaccine is only available through the NHS and is free to all. The NHS will never ask you to confirm whether you want the vaccine or ask for payment for it.

Don’t get caught out, find out more about other coronavirus scams we're hearing about.

Impersonation scams, where criminals pretend to be from organisations we know and trust, are becoming much more common. They often start with a phone call, email or text informing you:

• you’re eligible for a coronavirus vaccine
• your National Insurance number has been compromised
• you’re eligible for a tax rebate from HMRC
• there’s been a suspicious transaction on your card or bank account
• your account with a retailer has been compromised

Whatever the reason given for contacting you, if it’s a scam, they’re trying to trick you into giving them money or personal/financial details and they’ll often try to pressure you into taking action immediately.

Criminals sometimes make the call seem more authentic by using ‘number spoofing’. This makes their phone number look like one you know and trust.

Remember, never disclose your security details such as a PIN, online password or temporary 'one time passcodes’, only a fraudster would ask for these.

To help protect yourself from fraud, find out more about impersonation scams by downloading our scams leaflet (PDF, 255KB).

Around Valentine’s Day, fraudsters are known to target victims in what is often known as a ‘romance’ scam. With Covid-19 keeping us mainly at home right now, this scam is becoming more common, and not just at this time of year.

Criminals will set up fake profiles on dating websites, apps and social media in an attempt to build a relationship with you. They’ll put time and effort into gaining your trust before eventually asking for money, perhaps claiming they need it for Covid-19 related medical fees or because they’ve lost their job and are struggling to pay bills, for example.

Never send money to someone you’ve only met online.

If you think you may have been the victim of a scam, report it to us as soon as soon as possible by calling 0345 900 0900. You should also report it to Action Fraud.

Recently, we've seen an increase in authorised push payment (APP) scams, also known as bank transfer scams, which happen when fraudsters trick victims into unknowingly transferring money into an account they control.

Usually, fraudsters gain access to a victim's information via a hacked email account and then contact them pretending to be someone the victim does business with or posing as a trusted organisation – such as the police or HMRC.

For example, some scammers will say they're calling from your bank's fraud team about a security issue and ask you to authorise a payment into a ‘safe account'. Others will pretend to be a contractor they know you've hired after gleaning information from your email - such as an estate agent, solicitor or driveway repair company - and trick you into paying an expected invoice into their account instead.

Always remember, M&S Bank will never ask you to disclose your security details such as a PIN, online password or temporary 'one time passcodes' and would never ask you to move your funds to a 'safe account'.

APP fraud can happen to anyone and so it is critical you ask yourself the right questions before you make any payments:

• Have you been contacted unexpectedly to make this payment? Have you received an unexpected email or phone call?
• How were you given the bank details? If by email, SMS or phone call, these should be checked with a trusted source before proceeding
• Why are you making the payment today?
• Is this a payment you've been planning to make?
• Is this a regular payment that you are going to be making?

If you think you've been a victim of APP fraud, please call us immediately on 0345 900 0900 (this number can be checked against the number on the back of your card).

As people are more available at home during lockdown, criminals are exploiting the situation with vishing scams.

'Vishing' involves a fraudster phoning a potential victim and posing as someone from your bank, the police, HMRC or another trusted, legitimate company.

Their objective is to trick you into moving your money or giving up sensitive information such as your online password or ‘one time passcodes' to enable the fraudsters to transfer money to an account under their control or purchase valuable goods online.

Always remember M&S Bank will never ask you to disclose your security details such as your PIN, online password or temporary 'one time passcodes' and would never ask you to move your funds to a "safe account".

Top Tips:

• Don't give in to pressure - If someone tries to force you into giving up sensitive information, hang up the phone.
• Stay calm and don't panic - Since these criminals frequently play on your emotions, keep calm and hang up the phone. If you still feel anxious, wait 10 minutes and then call your bank, credit card company, or whoever the caller claimed to be on a number you can trust to check if there is a real problem.
• Be sceptical at all times - Even if the Caller ID matches the name or number of a bank, charity, or some other company or organisation, it could be a trick.

There's been an increase in criminals taking over mobile phone numbers using SIM swap and number porting fraud.

This gives fraudsters control of their victims' calls and texts and allows them to authorise payments set up in online banking, using personal data they've gained through social media.

With SIM swap, they contact the network provider impersonating their victims. They claim their phone has been damaged and ask for a new SIM for their new device.

Number porting is similar - the criminals impersonate their victims to get the PAC code (porting authorisation code), which is needed to switch from one network to another. Sometimes they might also hack into their online mobile phone account. Once they have the code, they move the number to a new network provider. Other techniques include claiming their SIM has been damaged and asking for a replacement, either by phone or in a shop.

Criminals often get personal data for their impersonations from social media.

If calls and texts stop working on your phone, your number could have been stolen - particularly if you're in a place where you normally have good reception. This is because a mobile phone number can only link to one SIM at a time.

If this happens, contact your network provider straight away. If you can't get through, contact your bank to remove the phone number from your account.

Criminals are using the Covid-19 outbreak as an opportunity to try to steal money.

They're posing as organisations such as banks, government, the World Health Organisation or other health service providers, and pretending to offer things like a safe haven for your money or medical guidance. They'll then try to trick you into giving personal or financial information.

These claims are made in fake emails, phone calls, texts and social media using Covid-19 as a cover story. Remember, M&S Bank will never ask you for any PINs or passwords or to move money to a safe account.

Find out more about the latest Covid-19 scams we're hearing about.

If you think you've been targeted by a coronavirus scam, report it to Action Fraud (link opens in a new window).

To get more help protecting yourself against fraud, visit the Take Five (link opens in a new window) website. You can also download our scams leaflet.

The end of the tax year is seen by fraudsters as an opportunity to make 'social engineering' attacks.

These can be:

• Scam emails
• Scam texts
• Bogus phone calls

Watch out for messages pretending to be from Her Majesty's Revenue and Customs (HMRC) saying you've received a tax rebate and asking for your account details.

To spot a scam, look for these tell-tale signs:

• Poor spelling and grammar
• Requests for confidential information such as online banking details, passwords or PINs
• Offers of money or rewards, like lottery prizes
• Warnings your account may be shut down unless you take some type of action

If you get a suspicious email or text, don't reply or click on a link and don't open any attachments. If you think you're being targeted by a bogus phone call, don't be afraid to hang up.