Bank fraud cost UK consumers £1.17 billion in 2023, according to UK Finance. Scams are becoming more sophisticated — AI-generated voice calls, cloned bank websites, and social media investment fraud now account for a growing share of losses. Understanding how each scam works is the most effective defence.
This guide is part of the Bank Security hub, which also covers safe online banking practices and how to complain to your bank if things go wrong.
Common Bank Scams at a Glance
| Scam type | How it works | Primary warning sign |
|---|---|---|
| Impersonation (vishing) | Fake call from your bank, HMRC or police | Asks for PIN or to move money |
| Authorised push payment (APP) | Tricks you into transferring money yourself | Urgency, new payment details |
| Phishing | Fake emails or texts with malicious links | Suspicious sender, urgent tone |
| Investment fraud | Promises high returns from fake schemes | Unsolicited approach, guaranteed returns |
| Romance fraud | Fake relationship leads to financial requests | Never meets in person |
| Purchase fraud | Fake online seller | Bank transfer only, too cheap |
Impersonation Scams (Vishing)
How They Work
A scammer calls claiming to be from your bank, HMRC, the police, or a government body. They often know your name, partial account details, or your home address — bought from data breaches — to sound convincing. They then create urgency: suspicious activity, a compromised account, or an unpaid tax bill.
What Banks Will Never Ask
- Your full PIN or password
- A one-time passcode (OTP) sent to your phone
- You to transfer money to a “safe account”
- Remote access to your computer or phone
- A courier to collect your debit or credit card
Red Flags
| Legitimate bank | Scammer |
|---|---|
| Will let you hang up and call back | Discourages you from ending the call |
| Sends notifications via official app | Sends links via SMS or email |
| Never asks for full PIN | Asks for PIN to “verify your identity” |
| Has no urgency beyond what is reasonable | Creates extreme time pressure |
What to do: Hang up. Dial 159 or the number on the back of your card using a different phone or after waiting five minutes (scammers can hold your landline open).
Phishing (Emails and Texts)
Spotting Fake Messages
| Element | Legitimate | Suspicious |
|---|---|---|
| Sender address | name@barclays.co.uk | name@barclays-secure-alerts.com |
| Greeting | Uses your full name | “Dear Customer” or “Dear Account Holder” |
| Links | Match official domain exactly | Slightly altered URLs |
| Request | Informational | “Verify now or your account will be suspended” |
| Grammar | Professional | Errors or unusual phrasing |
Checking Links Safely
- Hover over any link (do not click) to preview the destination URL
- The domain must match exactly —
barclays.co.ukis legitimate;barclays-uk-secure.comis not - Go directly to your bank’s website by typing it yourself rather than clicking any link
- Use your bank’s official app for account actions
Authorised Push Payment (APP) Fraud
APP fraud is the most costly scam category — because you are tricked into authorising the transfer yourself, making recovery harder than for unauthorised transactions.
Common Scenarios
| Variant | Story told | Who is targeted |
|---|---|---|
| Conveyancing fraud | Solicitor sends “updated” bank details for house deposit | Home buyers |
| Invoice fraud | Supplier notifies you of “new” bank details | Businesses and landlords |
| Safe account fraud | Your bank says your account is compromised; move money immediately | Everyone |
| HMRC impersonation | Urgent tax demand with threat of arrest | Everyone |
| CEO fraud | Boss urgently needs an unscheduled payment transferred | Finance teams |
How to Protect Yourself
- Always verify new payment details by calling the organisation on a number you already hold — not one provided in the message
- Question all urgency — legitimate solicitors, HMRC, and banks do not demand instant transfers
- Use Confirmation of Payee — this checks the recipient’s name against the account before you send
- Set up new payees when calm — never rush a large payment
Since October 2024, the PSR’s mandatory reimbursement scheme requires banks to refund most APP fraud victims up to £85,000 within 5 business days. Exceptions: if you ignored explicit fraud warnings, were grossly negligent, or acted dishonestly.
Investment Scams
Warning Signs
| Legitimate investment | Investment scam |
|---|---|
| FCA regulated — verifiable on the register | Unregistered or cloning a real FCA firm |
| Explains risks clearly | Guarantees returns |
| No cold-contact approach | Unsolicited call, email, or social media DM |
| Realistic returns | Promises 10–20%+ annually with “no risk” |
| Verifiable track record | Vague history or fake testimonials |
How to Check Before Investing
- Visit the FCA Register at register.fca.org.uk — search for the firm by name and check the details match exactly
- Check the FCA Warning List at fca.org.uk/scamsmart for known scam firms
- Verify contact details independently — scammers clone real firms’ names and registration numbers but use different phone numbers and addresses
- Be sceptical of any return above around 5–6% per year without clear explanation of the risk
Crypto Scams
Cryptocurrency scams follow predictable patterns: celebrity endorsements (often deepfake video), guaranteed returns, and platforms that show fake profits but block withdrawals. Any unsolicited approach promising crypto gains should be treated as a scam until proven otherwise.
Romance Fraud
The Pattern
- Contact via dating app, social media, or even a misdialled text
- Rapid emotional connection — professes love quickly
- Can never meet in person or video call reliably (claims to be overseas, military, oil rig)
- A financial emergency arises — medical, legal, a business deal
- Requests escalate once the first payment is made
Warning Signs
| Behaviour | Why it is suspicious |
|---|---|
| Profile photos look like a model | Likely stolen images — use reverse image search |
| Falls in love within days | Building emotional dependency rapidly |
| Always has an excuse not to video call | Hiding real identity |
| Financial crisis appears at a convenient moment | Testing willingness to send money |
| Asks for gift cards or bank transfers (not PayPal) | Harder to trace or reverse |
If you have been romantically defrauded, contact Action Fraud and your bank immediately. There is no shame in it — these scammers are professional manipulators.
Purchase Fraud
Spotting Fake Sellers
| Legitimate seller | Fraudulent seller |
|---|---|
| Accepts card or PayPal with buyer protection | Insists on bank transfer only |
| Has verifiable reviews (Trustpilot, Google) | No reviews or obviously fake ones |
| Price is realistic for the item | Suspiciously below market value |
| Business address and contact details available | Unwilling to share real information |
Safer Online Purchases
- Pay by credit card for purchases over £100 — Section 75 of the Consumer Credit Act gives you a claim against the card provider if the seller fails to deliver
- Use platform buyer protection where available (eBay Money Back Guarantee, Amazon A-to-z)
- Avoid bank transfers to private sellers for high-value goods — there is no recovery mechanism if it is a scam
- Research before paying — search the seller’s name alongside “scam” or “review”
What to Do If You’ve Been Scammed
Immediate Steps
| Time | Action |
|---|---|
| Right now | Call your bank’s fraud line or dial 159 to try to stop or recall the payment |
| Within hours | Report to Action Fraud — 0300 123 2040 or actionfraud.police.uk |
| Same day | Change passwords on any accounts that could be compromised |
| Same day | Screenshot all messages, emails, and transaction records |
| Within days | Check your credit report for any other suspicious activity |
If Your Bank Refuses to Refund
- Request a final response letter in writing from the bank
- Escalate to the Financial Ombudsman Service (financial-ombudsman.org.uk) — free, and the decision is binding on the bank
- Provide all evidence: screenshots, call logs, payment records, and your written timeline
- For guidance on the complaints process, see how to complain to your bank
How to Protect Yourself Day-to-Day
Core Security Habits
| Action | Why it matters |
|---|---|
| Use strong, unique passwords for banking | One data breach won’t compromise all accounts |
| Enable two-factor authentication (2FA) | A stolen password alone is not enough to log in |
| Set up transaction alerts | Spot unauthorised activity the moment it happens |
| Review statements weekly | Catch small fraudulent transactions before they escalate |
| Keep your phone’s OS updated | Security patches close known vulnerabilities |
Phone Safety
- Let unknown numbers go to voicemail — scam calls rarely leave messages
- Register with the Telephone Preference Service (tpsonline.org.uk) to reduce cold calls
- Never confirm personal or account details to an incoming caller
- Use 159 to reach your bank if you receive a suspicious call claiming to be from them
For a full guide to keeping your online banking account secure, see the safe online banking guide.
Summary
The two rules that prevent most bank fraud:
- Never share PINs, passwords, or one-time passcodes — with anyone, ever
- Verify before you pay — call back on a number you already hold, never one given to you
If you are targeted, act within minutes: call your bank, report to Action Fraud, and document everything. Since October 2024, most APP fraud victims are entitled to mandatory reimbursement of up to £85,000 — but acting fast improves your chances significantly.
For more on protecting your banking, return to the Bank Security hub.