How to Protect Yourself Against Fraud: A Practical UK Guide
Published 5th of March 2011·Updated 23 April 2026
Reviewed by: Reviewed for accuracy April 2026
Fraud costs UK consumers and businesses over £2,300 per minute, according to UK Finance. Fraudsters use email, fake websites, phone calls and doorstep visits to steal your money and personal details. Knowing the most common tactics and how to counter them is the most effective defence you have.
Short Summary
Phishing emails are one of the most common fraud methods. Your bank will never ask you to click a link in an email or confirm your security details online. If in doubt, go directly to your bank's website by typing the address yourself.
When shopping online, check for a padlock icon and "https://" in the address bar before entering card details. Paying by credit card gives you extra protection under Section 75 of the Consumer Credit Act for purchases between £100 and £30,000.
Cold callers offering urgent home repairs or investment opportunities are frequently fraudsters. Never hand over cash at the door and never make a financial decision under pressure. Legitimate companies will always give you time to think.
Report fraud to Action Fraud (0300 123 2040) and check whether a financial company is authorised by the FCA before investing any money.
How do phishing emails work and how do I spot them?
Phishing emails impersonate your bank, HMRC, Royal Mail or other trusted organisations. They ask you to click a link, log in to a fake website and hand over your username, password or card details.
Your bank, credit card provider and HMRC will never ask you to confirm account details by clicking a link in an email. If you receive an email that claims to be from your bank, do not click anything. Open a new browser tab and type your bank's address directly. Contact your bank's fraud team if you are unsure.
Other red flags include poor spelling, urgent language ("your account will be closed in 24 hours"), requests for unusual personal information, and email addresses that do not match the organisation's real domain.
Is it safe to shop online and how do I check a website is genuine?
Online shopping fraud is one of the most common types reported to Action Fraud. Before entering your card details on any website, check the following:
- The web address starts with "https://" and shows a padlock icon in the browser bar
- The company displays a UK address and, if a limited company, its Companies House registration number
- You can verify the company at Companies House by searching its name or number
Pay by credit card where possible. Under Section 75 of the Consumer Credit Act 1974, your credit card provider is jointly liable with the retailer for purchases between £100 and £30,000. Debit cards carry weaker protection, though Visa and Mastercard both operate chargeback schemes.
How can I protect myself from postal and phone scams?
Prize draw letters requesting an administration fee to release your winnings are scams. There is no prize. Bin any letter that asks you to send money to claim a reward.
Vishing (voice phishing) calls impersonate banks, HMRC and utility companies. The caller may claim your account has been compromised or that you owe unpaid tax. Legitimate organisations will never demand immediate payment by bank transfer, gift card or cryptocurrency. If you receive such a call, hang up and call the organisation directly using a number from their official website.
Shred every document that contains your name, address, account numbers or card details before disposing of it. Fraudsters do piece together information from bin bags. A cross-cut shredder costs under £30 and is a worthwhile purchase.
How do I avoid being scammed at the door?
Doorstep fraud typically involves cold callers claiming your roof, driveway or gutters need urgent and expensive repairs. They use high-pressure tactics and demand cash on the spot.
Never agree to work from a cold caller. Always get at least three written quotes from businesses you have found independently. Use a vetted trader through TrustMark (trustmark.org.uk) or Checkatrade, both of which carry out background checks on registered tradespeople.
If a caller becomes aggressive or refuses to leave, call 999. Your local Trading Standards office can also advise on suspect traders.
How do I spot a fraudulent investment?
Investment fraud cost UK consumers £1.2 billion in 2023, according to Action Fraud. Common tactics include "guaranteed" high returns, pressure to invest quickly, and offers that are only available to a select few.
A genuine investment opportunity does not need to be rushed. Before investing any money, check that the firm is authorised by the Financial Conduct Authority (FCA) at register.fca.org.uk. If it is not on the register, do not invest. The FCA also publishes a warning list of known scam firms and cloned companies at fca.org.uk/scamsmart.
Never invest in something you do not fully understand, and always take independent financial advice before committing money to any scheme.
What to do if you have been a victim of fraud
If you think you have been defrauded, act immediately:
- Contact your bank or card provider right away using the number on the back of your card
- Report the fraud to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040
- Report the scam to the FCA if it involved an investment or financial product
- Contact the three main credit reference agencies (Experian, Equifax and TransUnion) to place a protective registration on your credit file
The sooner you act, the better your chances of recovering money and preventing further loss.
| Fraud type | How to protect yourself | Who to report to |
|---|---|---|
| Phishing email | Never click links; go directly to the website | Report to your bank; forward to [email protected] |
| Online shopping fraud | Check https and Companies House; pay by credit card | Action Fraud |
| Doorstep scam | Never pay cash to cold callers; use TrustMark | Trading Standards |
| Investment fraud | Check the FCA register before investing | Action Fraud and the FCA |
| Phone vishing | Hang up; call back on an official number | Action Fraud |
Can my bank refund me if I am scammed?
If you authorised a payment yourself (known as an authorised push payment fraud), your bank may still be able to refund you under the Payment Systems Regulator's rules introduced in October 2023, which require most banks to reimburse victims of APP fraud up to £85,000. Contact your bank immediately and ask them to raise a fraud claim.
What is a 'clone firm' scam?
A clone firm copies the name, address and FCA registration number of a legitimate, regulated company. Scammers use these fake identities to sell fraudulent investments. Always call the firm directly using a number you find on the FCA register, not one given to you by the caller.
How do fraudsters get my personal details?
Fraudsters obtain personal details through data breaches, phishing emails, social media oversharing and physical theft of post or bin contents. Minimise your risk by shredding documents, using strong unique passwords, enabling two-factor authentication on all financial accounts, and being cautious about what you share publicly online.
Is it safe to use public Wi-Fi for banking?
No. Public Wi-Fi networks are not secure. Never access online banking or enter card details on a public network. Use your mobile data connection or a VPN if you need to access financial accounts away from home.
What is the safest way to pay online?
Credit card is the safest option for purchases over £100 because of Section 75 protection. For smaller amounts, PayPal and digital wallets such as Apple Pay or Google Pay add a layer of security because the retailer never sees your actual card number. Avoid paying by bank transfer to retailers you do not know, as this offers the least protection.