Common threats from fraud

Phishing

Phishing attempts are fraudulent communications designed to trick you into revealing sensitive information or transferring money to what appears to be a legitimate account. These messages can come via:

• Emails, texts, or phone calls pretending to be from your bank, fund manager, HMRC, DVLA, or other trusted organisations.

• Letters or social media messages linking to fake websites or containing harmful attachments.

Warning signs:

• Pressure to act quickly. Urgent or alarming messages - "Your account will be locked!" or "Action required immediately!"

• Unfamiliar links or attachments - slightly misspelled domains or unfamiliar senders.

• Requests for sensitive personal or financial details - passwords, National Insurance numbers, payment details.

• Unexpected attachments that prompt you to download or open them.

• Generic greetings such as "Dear Customer" instead of your actual name.

Stay safe: Never click on suspicious links or attachments. Always check the validity of the sender’s email address or contact details, and don’t share confidential information unless you’re certain the request is genuine.

Clone firms

Clone firms use the names and details of Financial Conduct Authority (FCA) authorised companies - including Marlborough, IFS or our partners - to appear legitimate. They may impersonate real employees, use genuine registration numbers or addresses, but actually supply their own fake contact details.

Common tactics:

• Unsolicited contact: Unexpected ‘cold calls’, emails, or messages offering financial products or investments.

• Too-good-to-be-true offers: Promises of high returns with little or no risk.

• Use of official-sounding names and branding.

• Slightly altered contact details: Fake emails or websites that mimic legitimate firms (e.g., using ".net" instead of ".com").

• Pressure tactics: Urging you to act quickly or keep the offer secret.

• No trace on official registers: The contact details don’t match those listed on the FCA website.

What to do: Always verify contact details using the FCA Register https://register.fca.org.uk/s/ - don’t use the details provided in the suspicious communication. Go directly to official websites.

Be suspicious of ‘out of the blue’ contact. Legitimate firms rarely contact customers without a prior relationship.

Boiler room scams

These scams involve high-pressure sales tactics to push worthless, fake, or overpriced investments. You may be promised unusually high returns. Victims are often promised guaranteed returns or exclusive opportunities in emerging markets or pre-announced stocks - none of which actually exist.

Key signs:

• Unsolicited calls or emails promoting investment opportunities.

• High-pressure tactics urging you to “act now” or risk missing out.

• Promises of high returns with low risk.

• Claims of inside information or exclusive deals.

• Push for secrecy, they may ask you not to tell anyone about the offer.

• No ability to cash out easily - Excuses or delays when you try to withdraw money.

Protect yourself: Only deal with FCA-authorised firms, and always check them on the FCA Register https://register.fca.org.uk/s/ before investing. Be sceptical of promises that seem too good to be true - because they usually are.

Recovery Fraud

After falling victim to a scam, you may be contacted again by someone claiming they can recover your lost funds - for a fee. This is another scam. They often use information from the original scam to seem legitimate and convincing, preying on victims’ hope of getting their money back.

Tactics include:

• Posing as a law firm, regulator, or even the original scammer.

• Asking for an advance payment to recover your money and pay for ‘legal work’.

• Using fake documentation to appear credible.

• They pressure you to act quickly or keep it confidential.

• They may want remote access to your computer or bank accounts to "help recover funds."

Avoid further loss: Never pay to recover money from a previous scam. Genuine liquidators' details can be found via Companies House in the UK. https://find-and-update.company-information.service.gov.uk/

Social media and messaging apps scams

Scammers exploit social platforms like Facebook, Instagram, Twitter (X), and WhatsApp to spread false investment opportunities, giveaways, phishing links, or services.

They typically exploit the trust and familiarity of social media to trick users into revealing sensitive data or sending money. These scams often appear trustworthy because they come from familiar-looking profiles, shared in groups you trust, or endorsed by so-called influencers.

Scammers will try to promote fake investment opportunities with promises of high returns, often involving cryptocurrency. They may pretend to be from a reputable investment company, use official looking logos, email addresses, or phone numbers. They offer investment opportunities that appear to be too good to be true, with high returns. They may ask you to urgently transfer money or share sensitive details like passwords or banking information.

Watch out for:

• Unsolicited messages or group invites promoting investments, giveaways, or “limited-time” deals.

• Profiles that look real but aren't verified - scammers often clone real accounts or use fake identities.

• Screenshots of “proof” of payments or profits to create false trust.

• Requests for money, crypto, or personal details via private message.

• Pressure to act quickly or join a group chat to "learn more."

• Links to unfamiliar websites asking for login or payment details.

Stay alert: Don’t trust investment offers sent via social media and never send money or share personal details through Direct Messages (DMs) or messaging apps. Verify people’s identities, especially if they're asking for anything, and don’t trust screenshots, testimonials, or group chatter at face value - they’re easy to fake.

Report any suspicious messages directly to the social media platform or messaging group. If you’re not sure, ignore the messages and block the account from contacting you again.

Fake FCA communications

Fraudsters sometimes pretend to work for the Financial Conduct Authority (FCA), the conduct regulator for financial services firms and financial markets in the UK.

They will try anything to get you to hand over important personal information. They may say they work for the FCA.

You may get an email, letter, or phone call from someone claiming to be from the FCA. They may use the name of an employee, their logo, or other images from their website, to make you think the communication is genuine.

They may claim:

• You owe money.

• You’re entitled to money, and the FCA need your bank account details to make the payment.

• The FCA is investigating your bank or another provider, and they need you to move your money to another account for security reasons. 

Watch out for:

• Unexpected contact: Be cautious if you receive unsolicited phone calls, emails, or messages claiming to be from the FCA.

• Requests for personal information: The FCA will never ask for personal bank details, passwords, or Personal Identification Numbers (PINs).

• Pressuring tactics: Fraudsters often create urgency or use threatening language to push you into giving information or making payments.

• Unusual contact methods: Scammers may contact you via messaging apps, personal email addresses, or phone numbers that don’t match official FCA details.

• Impersonation of FCA Officials: They may use the names of real FCA employees or copy the FCA logo and branding to appear legitimate.

• Fake website or email addresses: Watch for lookalike email addresses (e.g., fca-uk.org instead of fca.org.uk).

What to do:

• Verify contact: If in doubt, contact the FCA directly using official contact details from their website: www.fca.org.uk.

• Do not share personal information: Never disclose sensitive information unless you are 100% sure who you’re speaking to.

• Report the incident: Report suspected scams to the FCA at www.fca.org.uk/scamsmart.

• Check the FCA Warning List: Use the FCA Warning List to verify if a firm is known to be a scam. https://www.fca.org.uk/consumers/warning-list-unauthorised-firms

Viruses and malware

Malware and virus scams involve deceptive software or web content designed to infiltrate and harm computer systems. Fraudsters can install malicious software on your device to steal information or gain access to your accounts. Malware is a broad term encompassing various malicious software like viruses, worms, ransomware, and Trojans.

Protect yourself by:

• Installing and updating anti-virus software. Antivirus software scans your computer for malware, quarantines threats, and helps prevent infections.

• Avoiding suspicious emails and attachments. Don’t click on links or opening attachments from unknown senders, and be wary of emails asking for personal information.

• Monitoring your devices for unusual activity. Firewalls monitor network traffic and can block unauthorised access attempts and the spread of malware.

• Use strong, unique passwords. Avoid using the same password for multiple accounts, and use a combination of uppercase and lowercase letters, numbers, and symbols.

Identity theft

Identity theft is a serious and growing crime where fraudsters steal and use someone else's personal information - such as names, addresses, bank details, or identification numbers—to impersonate them and commit fraud, often for financial gain.

Many victims only discover they've been targeted when:

• They receive unexpected bills or debt collection notices.

• They are refused credit or loans without explanation.

• They find their bank account has been accessed or emptied.

How to stay safe and protect your identity

You can reduce your risk of becoming a victim by taking the following steps:

Safeguard your information

• Use strong, unique passwords for all your online accounts. Avoid using easily guessed details and update them regularly.

• Enable two-factor authentication (2FA) wherever possible for extra security.

• Keep sensitive documents secure at home and avoid carrying unnecessary personal information.

• Be cautious sharing information. Never share personal or financial details in response to unexpected emails, texts, or calls - even if they appear to come from legitimate organisations.

• Be careful on social media: avoid posting personal details such as your full date of birth, address, or employment information.

• Dispose of documents securely. Shred or securely destroy personal documents you no longer need - especially anything with your name, address, or financial details.

What to do if you suspect identity theft

If you think your personal information has been stolen or misused:

• Report it immediately to your bank, credit card company, or service provider.

• Contact a credit reference agency to place a fraud alert on your file.

• Report the incident to relevant authorities or fraud-reporting services (e.g., Action Fraud in the UK).

Using public Wi-Fi

Public Wi-Fi – in places like cafés, restaurants, airports, or hotels – is convenient and widely used across the UK. But what many people don’t realise is just how vulnerable these networks can be. Cybercriminals often take advantage of unsecured public Wi-Fi to steal personal and financial information from unsuspecting users.

One of the most common methods used by fraudsters is known as a ‘Man-in-the-Middle’ attack. Imagine you're sitting in a restaurant, connected to the free Wi-Fi. A cybercriminal nearby could also be connected to that same network. With the right tools, they can silently intercept the data flowing between your device and the internet – including emails, passwords, credit card details, and even sensitive business information.

Tips for staying safe

• Avoid logging into sensitive accounts (like online banking) on public Wi-Fi.

• Use a Virtual Private Network (VPN) to encrypt your internet connection.

• Turn off automatic Wi-Fi connections on your device.

• Stick to websites with HTTPS in the address – the “S” stands for secure.

• Don’t share personal or financial information when using public networks.

What to do if you think you have been targeted

If you believe your data has been compromised:

• Report it to Action Fraud at actionfraud.police.uk or call 0300 123 2040.

• Contact your bank or any affected service providers immediately.

• Change any passwords that may have been exposed.