User guide

Finding your way around the guide

To navigate between pages, click or tap the arrows to go forwards to the next page or backwards to the previous one. The arrows can be found either side of the page and at the bottom, too (circled in green, below).

undefined

 

undefined

 

Menu/table of contents

Click or tap on the three horizontal lines in the top-right of your screen to open the main menu/table of contents. This icon is always visible whether you're using a computer, tablet or smartphone. The menu will open on top of the page you’re on. Click on any section title to visit that section. Click the cross at any time to close the table of contents.

 

Text size

On a computer, you'll see three different sized letter 'A's in the top-right of your screen. On a smartphone or tablet these are visible when you open the menu (see above). If you’re having trouble reading the guide, click or tap on each of the different 'A's to change the size of the text to suit you.

 

Pictures

On some images you'll see a blue double-ended arrow icon. Clicking or tapping on this will expand the picture so you can see more detail. Click or tap on the blue cross to close the expanded image.

Where we think a group of images will be most useful to you, we've grouped them together in an image gallery. Simply use the blue left and right arrows to scroll through the carousel of pictures.

 

Links

If you see a word or phrase that's bold and dark blue, you can click or tap on it to find out more. The relevant website will open in a new tab.

 

Jargon

If you see a word or phrase underlined, click or tap on the word and small window will pop up with a short explanation. Close this pop-up by clicking or tapping the cross in the corner.

 

Help

On a computer, you'll see a question mark icon in the top-right of your screen. On a smartphone or tablet this is visible when you open the menu (see above).

Clicking or tapping on the question mark will open this user guide. It opens on top of the page you're on and you can close it any time by clicking or tapping the cross in the top-right corner.

Understanding and avoiding scams

Scammers will stop at nothing to get their hands on your money. Here we give you the essential tool kit for spotting scams early.

Scammers are cunning and often sophisticated criminals. Their goal is to get round the defences of even the smartest people. Scammers pose as representatives of companies that you already do business with, like Amazon or DHL, or important authorities, like HMRC or the police, to gain your trust.

Scammers do this in a number of ways, on the phone or through fake emails, or they hack the email or social media account of someone you know, to send messages that appear to be from them.

Fortunately, a healthy dose of scepticism can help you to distinguish friend from foe. There are plenty of tactics that can be used to stop scams reaching you and to avoid falling foul of them if they do. 

undefined

Spotting and avoiding scams

This checklist of questions to ask yourself will help you to identify scams.

  1. Have you been called out of the blue? A legitimate company would never make contact out of the blue and ask for your banking or payment details over the phone. If in doubt, hang up and call back on the number published on your paperwork or the company website – ideally on a different phone. A phone line can stay open for up to two minutes after you’ve hung up and fraudsters have been known to stay on the line and play a false dialling tone to persuade their target they’re calling the real company.
  2. Does the email from a company you’re a customer of address you by name? Fake emails can start with ‘Dear customer’ or similar impersonal greetings.
  3. Are you being asked to share your personal details? Never share personal details with anyone who approaches you if you aren’t 100% certain they are who they claim to be. Don’t be swayed if the person already seems to know some personal information about you. A scammer might have found personal information about you on one of your social media profiles, for example.
  4. Are you being pressured to respond quickly? Whether it’s a deal that’s too good to be missed or the threat of a fine or legal action (from HMRC or the DVLA, for example), being rushed into taking quick action is often the sign of a scam. Take a breath and think things through. Never make a payment unless you’re certain your money will be safe, especially via bank transfer, as this has less protection than other payment methods. Visit our site to learn about getting extra protection when you pay.
  5. Does a message contain spelling or grammatical mistakes? Legitimate organisations will rarely, if ever, make obvious mistakes. Look at links and email addresses to check for spelling errors and for names that are similar but subtly different to a real organisation, but don’t click on them. One sneaky trick is the use of letters from different alphabets that look similar to those in the English alphabet. At a cursory glance, the Cyrillic alphabet’s ‘Ъ’ looks similar to ‘b’, for example.
  6. How does the message read? How consistent is it and do the company logos look genuine? Inconsistent fonts and logos can be telltale signs of a scam email.
  7. Are there clear contact details, with a choice of methods? Scammers often use a limited range of contact methods that genuine companies would be unlikely to use – such as a PO box, a mobile number, or a premium-rate number (starting ‘09’).
  8. Are you asked not to tell anyone else about a ‘great’ offer? This is a common tactic with investment and pension scams, whereby scammers don’t want you discussing agreements with your friends, family or independent advisers and potentially revealing the scam.
  9. Does it ask you to make payment via bank transfer or ask you to set up a new payment method? A common tactic used by scammers is to pose as a company you already deal with and ask you to change the account you send payments to, or change your payment method. The scammers will then have your bank or card details.
Find out more

For more information on avoiding scams, visit our Consumer Rights site.

The workings of scams

Many of the most convincing scams use psychological tactics to convince us they are genuine, such as using personal details and impersonating legitimate companies like Amazon or HMRC. This strategic approach is known as ‘social engineering’. It’s quite sophisticated and involves a lot of work on the part of the scammers before the scam is seen by us, therefore increasing their chances of conning even the most sceptical among us.

This type of scam is designed to break down our defences, so if you’ve been taken in by one, it’s important not to feel that you’ve been duped, but rather to arm yourself with the information you need to spot scams like this in future.

A scam using social engineering may involve several stages:

1. A phishing text, email or post on social media may be sent to huge numbers of recipients; the scammers may not even know if individual phone numbers or email addresses exist.

2. If this first contact seems convincing, you might feel confident to fill in personal details on a form. They may try to supplement this with information you post on social media – perhaps a complaint that your broadband service is down, and your supplier can’t fix it till next week.

3. The scammer now knows that your email address exists, their phishing form may have provided your name and phone number, and they know you have an appointment booked with your broadband supplier next week.

4. Now they can call you posing as your broadband supplier and offer to try to fix the problem by taking over your computer remotely. Never allow anyone to take over your computer following a cold call – if in doubt, hang up then call the genuine company back.

Stopping scams getting through

The easiest scam to avoid is one that you never encounter in the first place. Read on for top tips from the Which? Tech Support team to protect yourself and your computer.

  • Use strong passwords to secure your devices and all your accounts, to prevent criminals working them out and gaining access. Even if getting into your account won’t give them access to your money, it could allow them to harvest personal details that help them to target you more personally.

    Use long, unique passwords for each account, including phrases that combine several words and numbers. Pick phrases that are memorable – but only to you – and don’t use personal details that someone could guess.

    If you struggle to remember passwords for all your accounts, a password manager Password managerSoftware applications designed to store and manage online passwords, usually in an encrypted database. could help to manage them. This handy service can even generate secure passwords for you. Visit our site for more advice on creating secure passwords.
  • Use two-factor authentication Two-factor authenticationAn extra layer of protection for online accounts on top of a password, such as a code sent to your mobile phone or app. where it’s an option. This provides an additional layer of security, for example via a one-time passcode sent to an app or your mobile phone, to complement your other login details.
  • Tighten your social media privacy settings so that only people you want to can see details about you and what you post. If, for example, your Facebook settings are set to ‘public’, anyone can see the details such as who you’re friends with or your date of birth and contact details. A scammer could use these to target you (or your friends) more personally. (Scammers may also use social media adverts to target you – learn more about this on our site.
  • Make sure all your devices are up-to-date by running updates to antivirus software, Antivirus softwareSoftware that protects your computer against viruses, malware and other attacks by cyber criminals. your operating system and apps as soon as they are offered. Which? members can read our reviews of the best antivirus software. You could also consider getting security software for your phone or tablet – this is more important for Android devices, whose operating system isn’t as secure as Apple’s iOS.
  • Make sure you regularly clean up data held on your computer or in emails. Deleting anything you no longer need (for example, if you’ve saved data securely to an external hard drive or cloud-based storage) Cloud-based storageWhere your photos, music or other data are stored in a secure, off-site storage system that is managed by a third party. from email or your computer hard drive, reduces information visible to hackers if they manage to gain access to your systems.

For more advice from our Tech Support experts on staying safe online, including how to set up an authenticator app and spot potential scams, visit our helpdesk.

Which? Stamp Out Scams campaign

We’ve been campaigning since 2015 for better consumer protection against scammers. In 2019, this resulted in some banks adopting a new voluntary code to support people tricked into sending money to fraudsters via bank transfer. Previously, these innocent victims had no automatic right to compensation, even if they hadn’t been negligent, but now they are entitled to refunds.

However, not all banks have adopted every aspect of the code of practice, and more work needs to be done to stamp out scams. So we’ll be keeping up the pressure on banks and other important organisations to work harder to protect their customers. You can share your stories, find information for support organisations if you have been a victim of fraud, or read more about our campaign on our site.

Where to find more help

Action Fraud: the UK’s national reporting centre for fraud.

Cifas: a not-for-profit fraud prevention membership organisation. Publishes scam updates and offers protective registration for ID fraud victims.

Neighbourhood watch: offers scam advice.

• Cyber helpline: Expert advice for victims of cybercrime.

 

Back to top