User guide
Finding your way around the guide
To navigate between pages, click or tap the arrows to go forwards to the next page or backwards to the previous one. The arrows can be found either side of the page and at the bottom, too (circled in green, below).
Menu/table of contents
Click or tap on the three horizontal lines in the top-right of your screen to open the main menu/table of contents. This icon is always visible whether you're using a computer, tablet or smartphone. The menu will open on top of the page you’re on. Click on any section title to visit that section. Click the cross at any time to close the table of contents.
Text size
On a computer, you'll see three different sized letter 'A's in the top-right of your screen. On a smartphone or tablet these are visible when you open the menu (see above). If you’re having trouble reading the guide, click or tap on each of the different 'A's to change the size of the text to suit you.
Pictures
On some images you'll see a blue double-ended arrow icon. Clicking or tapping on this will expand the picture so you can see more detail. Click or tap on the blue cross to close the expanded image.
Where we think a group of images will be most useful to you, we've grouped them together in an image gallery. Simply use the blue left and right arrows to scroll through the carousel of pictures.
Links
If you see a word or phrase that's bold and dark blue, you can click or tap on it to find out more. The relevant website will open in a new tab.
Jargon
If you see a word or phrase underlined, click or tap on the word and small window will pop up with a short explanation. Close this pop-up by clicking or tapping the cross in the corner.
Help
On a computer, you'll see a question mark icon in the top-right of your screen. On a smartphone or tablet this is visible when you open the menu (see above).
Clicking or tapping on the question mark will open this user guide. It opens on top of the page you're on and you can close it any time by clicking or tapping the cross in the top-right corner.
Phone-based scams
Phones give us the security of always being contactable, but not all calls or messages are welcome.
Cold calls are annoying, but they were once something we only had to deal with via our landlines. However, a scammer with your mobile phone number can get hold of you by calling or texting at any time, perhaps when you’re on the move and distracted.
As with email scams (see Email and social media scams), scammers’ approaches can be many and varied. The Microsoft scam, for example, involves a scammer calling you about a supposed issue with your computer – the caller may try to trick you into downloading software to gain control of your machine. Companies like Microsoft wouldn't call with unsolicited technical support, so never allow a cold caller access to your computer – they could hold your computer to ransom, or access to your online banking (see Avoiding banking, credit and debit card scams). Never hand over a fee to a cold caller.
We've seen a surge in 'robocalls' – pre-recorded messages claiming to be from your bank or a company such as Amazon. The message invites you to 'press one to speak to an adviser', who is a scammer trying to get you to hand over money. Hang up if you receive a message like this, and mark the call as spam if your mobile gives you the option to do so.
Phone number spoofing
Scammers can use technology that shows their display name and/or number as that of a legitimate organisation, such as a bank. If you already do business with the organisation whose details are on your caller display, you may not think twice about trusting the person on the other end of the line. Using the same technology, scammers can even make fraudulent texts appear in an existing text chain from a known company.
Don’t give your trust automatically. Legitimate callers will never object to you calling them back later. While genuine companies may sometimes call you unexpectedly, they would never:
- Ask for extensive personal details such as your full banking password or your Pin. Calls that try to elicit personal details are known as ‘vishing’ scams.
- Ask you to transfer money urgently because of an account security issue.
In 2019, telecoms regulator Ofcom launched the ‘do not originate’ scheme, aimed at preventing the spoofing SpoofingWhere scammers use software to make a display name or phone number appear to be that of a genuine organisation. of phone numbers from banks, HMRC and insurers. It applies to numbers that these organisations publish so that customers can call them, but from which they never make outgoing calls. Phone companies are told that these numbers should always be blocked.
HMRC has implemented the ‘do not originate’ scheme, and told us in late 2019 that it had been hugely effective. We now want to see all banks and insurers implement it. Ofcom is investigating prevention tactics, but until these are established, treat any unexpected call as a scam (see Understanding and avoiding scams for advice on responding to a suspicious phone call). Sign up for our free scam alerts to receive regular email updates on the latest scams doing the rounds, from phone number spoofing to phishing emails. Visit our site to sign up.
A Which? member received a call that appeared to be from HMRC, which played a recorded message accusing him of tax evasion. While sceptical at first, the answers given by an ‘adviser’ who came on the line after the recorded message persuaded him the call was legitimate. The caller already knew some details about the member, such as his address, and threatened that he would be arrested if he didn’t pay the fictional fines. Alarmed, he made the payments via bank transfer.
His bank initially refused to refund him as he’d authorised the payments. After Which? intervened the bank reimbursed him in line with the new code on bank transfer scams. Treat calls that come out of the blue with suspicion and don't transfer money without checking the call is genuine.
Messaging and WhatsApp scams
Short for SMS phishing, smishing is where fraudsters try to get you to reveal personal information via text or messaging apps like WhatsApp and Facebook Messenger. On a small mobile screen, it can be harder to spot the telltale signs of a scam, like spelling or grammatical errors. See examples of smishing on Which? Conversation. Don't click on any links and never provide personal details. Delete the message, and if you're suspicious, contact the organisation directly.
Sim-swap fraud
This is where criminals trick your mobile network into transferring your phone number to another Sim card so that the fraudster receives all your calls and texts – including one-time security passcodes you use for two-factor authentication. Combined with other personal details, this can give the fraudster access to your online banking accounts and more.
Network providers have been stepping up security to make this scam harder to pull off, but reports of Sim-swap fraud to the UK’s national reporting centre, Action Fraud, continue rising.
You may receive a text supplying your porting authorisation code (the code needed to switch over your phone number) or warning that a Sim port is in process, but in some cases you may not know anything is wrong until your phone unexpectedly loses service.
If you suspect your phone’s been targeted, contact your mobile provider urgently so it can block your number temporarily. You should alert your financial providers too, in case the scammers have gained access to your details. You could use an app such as Authy to set up two-factor authentication, rather than receiving the code by SMS, as it will be harder for a scammer to access this.
Stop unwanted calls and texts
There are tactics you can use to minimise unwanted calls, including registering with the free Telephone Preference Service (TPS). Unfortunately this won’t prevent market research calls, international calls or outright scams. Also look out for calls from scammers claiming to be from the TPS with requests for money to renew your protection – the TPS would never call asking for your personal details. Report any unwanted calls and texts to the relevant authority (see Reporting scams).
• Action Fraud: the UK’s national reporting centre for fraud and cybercrime.
• Information Commissioner’s Office (ICO): the organisation responsible for data protection in the UK. Report spam texts to the ICO.
• Ofcom: the UK’s phone regulator. Visit Ofcom's site to complain about any silent calls you receive.
• Phone-paid Services Authority: contact them for problems involving premium rate numbers (such as those starting ‘09’ – see Understanding and avoiding scams).
• Telephone Preference Service (TPS): you can register your phone number to stop unsolicited marketing calls; you can also complain if a company calls you even though you’re registered.