Throughout the year finances can be put under strain and many of us find ourselves in need of extra cash. Cybercriminals will look to take advantage of this, by tricking people into providing personal information or sending funds to accounts they control.
Here’s an overview of some scams to be aware of, warnings signs to look out for, and tips on how you and your clients can protect yourselves over the festive period.
Investment scams
This is where malicious actors trick people into investing money in non-existent or misleading opportunities, often with the promise of high returns for little risk. This frequently leads to the victim losing some or all their original investment.
Warning signs
- If an investment opportunity seems too good to be true – because it offers unusually high returns with little or no risk – then it is likely a scam.
- Malicious actors often create a sense of urgency, pressuring you to invest immediately. They may claim that a ‘limited-time opportunity’ will expire soon, or that you're missing out on a ‘once-in-a-lifetime chance’.
- You may be asked to pay upfront ‘referral fees’, or the scammer may claim that you can earn commissions by bringing in other investors. Legitimate investment providers don't operate by encouraging people to recruit others for financial gain.
- If you receive an advertisement about a specific investment opportunity via a direct message on social media, beware – legitimate investment providers would never operate in this manner.
How to protect yourself
- Do your research by looking up the company and individuals involved in the investment opportunity. Verify their licenses and credentials through online registers, such as the FCA Register.
- Check if a company is legitimate by contacting them directly through a contact number or email address listed on their official website or the FCA Register.
- Ask for details and don’t hesitate to request all relevant documentation and information. A legitimate investment provider should be open and transparent.
- If in doubt, talk to a certified financial adviser or a legal professional before making any decisions.
Example scam message
Pension scams
Pension scams are fraudulent schemes that target people’s retirement savings, offering fake or misleading investment opportunities to steal or mismanage their pension funds. They often involve the scammer trying to persuade potential victims that they can take funds from their pension before the age of 55.
Warning signs
- Unsolicited offers, websites or any advertisements on social media that promise early access to your pension before the age of 55. Malicious actors often use terms like ‘pension loans’ or ‘cash incentives’ to entice people.
- The promise of high returns on investments or early access to pension funds – particularly as a result of the investment that is being suggested.
- The use of high-pressure sales tactics, and offers of ‘free pension reviews’ or ‘cashback’ schemes.
How to protect yourself
- It's illegal for companies to make unsolicited calls about your pension. If you receive such a call, hang up immediately and report it to your pension provider and the relevant authorities.
- Before making any changes to your pension arrangements, do thorough research and verify the legitimacy of the offer. Consult a trusted financial adviser, and avoid making decisions under pressure.
- If in doubt, refer to the UK Government’s stance on your rights in relation to taking cash from your pension. At present, you cannot withdraw from a pension scheme before the age of 55 unless you have a protected pension age or are in serious or critical health.
- If in doubt, talk to a certified financial adviser or a legal professional before making any decisions.
Example scam message
Email (phishing) scams
Phishing scams use emails that appear to have come from a legitimate source, but which are actually fraudulent. These emails attempt to trick people into revealing personal information, such as passwords or financial details.
Warning signs
- Mismatched or misspelled email addresses. Phishing emails may appear to come from a familiar organisation, but the sender’s email address may be slightly off. For example, ‘enqu1ry@investcentre.co.uk’ instead of ‘enquiry@investcentre.co.uk.’
- Links within the email that look legitimate, but which direct you to fake websites designed to steal your personal information. Be especially cautious if the URL doesn’t match the official website’s domain (e.g., ‘investcentre.co.uk’ vs. ‘invest-centre.co.uk’).
- Unexpected attachments that, when opened, can infect your device with malware or ransomware.
- Unsolicited requests for personal information, such as your password, National Insurance Number, bank account details or credit card numbers. Reputable organisations will never ask for sensitive data via email.
- Emails requesting you to verify your account or login credentials. If you receive one of these, go directly to the company's official website and log in manually, rather than clicking any links in the email.
How to protect yourself
- Always double-check the email addresses and domain. Hover over the URLs of any web links included in the email, and don’t open any unexpected attachments.
- Don’t respond directly to suspicious emails. If you think the email might be legitimate, go directly to the official website of the organisation or company by typing the URL in your browser.
- If you do click on any links within the email, or provide any personal or financial information, make sure you reset your email password and any login credentials, then report the event to the relevant financial institutions as soon as possible.
- Add an extra layer of protection by using two-factor authentication (2FA) and complex passwords (e.g., ‘AjB3Ll!2o24’ instead of ‘ajbellinvestcentre’) on important accounts like email, banking, other financial accounts and social media.
- Verify the email’s authenticity. If you’re unsure, contact the organisation through their official phone number or website to verify whether the email is legitimate.
- Use anti-phishing tools. Many email providers and browsers offer phishing detection and protection features. Keep them enabled and up to date.
- Report phishing attempts to your email provider, and to the company or organisation being impersonated.
Malicious actors often reach out to people via unsolicited phone calls, emails or social media messages. If you're not expecting the communication, it’s important to proceed with caution. Legitimate organisations would never communicate with their prospective and existing clients through social media channels such as Facebook and WhatsApp.
Remember that scammers often send repeated follow-up calls, emails or texts, trying to get you or your clients to invest or act. If you find the contact persistent or aggressive, this could be an indication that somebody is trying to scam you.