Loading…
Loading…
Plain-English definitions of the scam and fraud terms you'll see across this site and in the news.
A UK shortcode number that connects callers directly to their bank's genuine fraud team if they suspect they are being targeted by an impersonation scam.
An additional authentication layer for online card payments that requires the cardholder to verify their identity with the issuing bank before a transaction is authorised.
A classic advance-fee fraud originating in mass-email campaigns, named after the section of the Nigerian Criminal Code that criminalises such schemes.
A free US resource from AARP that provides scam alerts, a fraud helpline, and peer support programmes targeted at older adults and their families.
Australia's official scam-reporting and awareness platform run by the Australian Competition and Consumer Commission.
A next-generation smart-contract wallet that replaces the standard private-key model with programmable security rules, introducing new user-experience and security trade-offs.
A technique that determines whether an account exists at a service by observing differences in the system's response to valid versus invalid usernames, used to build target lists for attacks.
Systematically creating or aging large numbers of fake platform accounts to later use for fraud, manipulation, or sale.
Unauthorised takeover of an online account — email, social media, banking, or e-commerce — typically as a stepping stone to financial theft, fraud, or further attacks.
An attack that exploits a service's account-recovery mechanisms — such as security questions, backup email, or customer-support calls — to gain access without the real credentials.
When a fraudster gains unauthorised access to someone's online account and uses it to steal money, data, or identity — or to conduct further fraud.
Social-engineering attacks targeting carrier customer-service agents to change account settings, SIM cards, or call-forwarding without proper identity verification.
A message claiming your account will be suspended unless you verify your details immediately — designed to harvest login credentials or personal information.
The use of false, stolen, or synthetic identity information to open a new financial account with fraudulent intent.
A request to reverse an ACH transaction that was sent in error or contained incorrect account information, subject to strict time limits.
An electronic funds transfer processed through the US Automated Clearing House network, used for direct deposits, bill payments, and business-to-business payments.
The bank or financial institution that processes card payments on behalf of a merchant and accepts the risk of those transactions.
The UK's national reporting centre for fraud and cybercrime, operated by the City of London Police.
The UK's national reporting centre for fraud and cybercrime, operated by the City of London Police, where victims can report incidents online or by phone.
The systematic deception of digital advertisers through fake impressions, clicks, conversions, or audiences to misappropriate advertising spend.
A 24-hour Hong Kong Police Force unit that intercepts fraud in progress, freezes scam-linked accounts, and operates the 18222 anti-scam helpline.
A crypto scam that sends tiny transactions from a wallet address visually similar to one in the victim's transaction history, hoping the victim accidentally copies the wrong address.
Any fraud where the victim is promised a large benefit — money, goods, a loan, a prize — but must first pay a series of escalating fees before the promised benefit, which never materialises, is delivered.
A scam that promises a large reward — inheritance, lottery win, business deal — in exchange for an upfront payment or series of fees that grow until the victim stops paying.
A fraudulent job offer that requires the applicant to pay an upfront fee — for training, equipment, visas, or certification — before they can begin work that does not actually exist.
A loan scam that demands an upfront fee — framed as insurance, a deposit, or processing charges — before any funds are released, which never materialise.
A seller or broker demands upfront fees, taxes, or deposits before releasing goods or services that do not exist.
Any scam that promises a large reward contingent on the victim first paying a series of escalating fees — regardless of the specific cover story used.
The use of artificial intelligence tools by fraudsters to automate, scale, and personalise attacks — including generating convincing phishing text, deepfakes, and synthetic voices.
An attack in which a malicious proxy sits between the victim and a legitimate service, capturing credentials and session tokens in real time.
Australia's free external dispute resolution scheme for financial services complaints, including disputes about banks' decisions on fraud reimbursement.
Manipulation of an online affiliate marketing programme to generate fake referrals, leads, or sales in order to earn illegitimate commissions.
Investment fraud targeting members of a close-knit community — religious groups, ethnic communities, professional associations — by exploiting the trust that exists within the group.
A variant in which scammers target members of a specific community, religious group, or demographic by presenting as a fellow member.
A deceptive scheme where scammers promise free token distributions to lure users into connecting their wallets or paying fees, resulting in theft or financial loss.
A fake free cryptocurrency distribution that requires victims to connect their wallet or pay a small fee, enabling theft of wallet contents or funds.
Laws, regulations, and procedures designed to detect and prevent the disguising of illegally obtained funds as legitimate income.
Laws and compliance programmes that require financial institutions to detect, report, and prevent the processing of funds derived from criminal activity.
A social-media attack where scammers impersonate customer-support accounts to steal credentials or redirect victims to fake websites.
The legal framework and institutional procedures designed to detect, prevent, and report the processing of criminally derived funds through the financial system.
A scam in which you are tricked into voluntarily sending money by bank transfer to an account controlled by a fraudster, making recovery difficult because the payment was technically authorised.
The obligation on UK payment service providers to reimburse customers who are victims of authorised push payment scams under mandatory rules effective October 2024.
The mandatory UK scheme, effective October 2024, requiring payment service providers to reimburse most victims of authorised push payment fraud up to GBP 85,000.
A scam where a victim is tricked into granting a malicious smart contract unlimited permission to spend their tokens.
A crypto scam that tricks victims into signing a token-approval transaction granting unlimited access to their wallet's assets, allowing the scammer to drain funds at will.
A local-network attack that sends falsified ARP messages to link the attacker's MAC address to a legitimate device's IP, enabling traffic interception.
Australia's corporate, financial markets, and financial services regulator, which takes action against investment scams, unlicensed financial advisers, and misleading financial promotions.
The legal and investigative process of tracing, freezing, and reclaiming funds or property that have been stolen or fraudulently obtained.
A physical device secretly attached to an ATM that captures magnetic stripe data and sometimes PIN entry from victims' bank cards.
The total set of points in a system, network, or organisation that an attacker could exploit to gain unauthorised access or cause harm.
Fraud occurring on online auction platforms where sellers misrepresent items, fail to deliver goods after payment, or use fake bidding to inflate prices.
Australia's financial intelligence agency and anti-money laundering regulator, which analyses financial transaction data to identify money laundering, terrorism financing, and fraud proceeds.
Australia's free, independent external dispute-resolution scheme for complaints about financial firms, replacing the FOS and two other schemes in 2018.
A mobile app that generates time-limited login codes (TOTP) tied to your account, offering stronger MFA than SMS because codes never travel over the phone network.
Fraud where the victim is deceived into voluntarily instructing their bank to transfer money to a criminal's account, making recovery difficult as the payment was technically authorised.
A scam where a victim is manipulated into voluntarily sending money to a fraudster's account, making the payment appear legitimate to the bank.
Software or hardware that automatically dials large volumes of telephone numbers, used legitimately for reminders but extensively abused for scam campaigns.
Software that dials phone numbers sequentially or from a list to find live lines, often used by scammers to build call lists or probe systems for vulnerabilities.
A mandatory monthly product purchase that MLM distributors must maintain to remain commission-eligible, functioning as a recurring fee that often exceeds typical earnings.
Germany's Federal Financial Supervisory Authority, which publishes a public warning database of unauthorised financial service providers and clone firms targeting German consumers.
A deceptive sales tactic in which a seller advertises a product at an attractive price or terms, then substitutes an inferior or more expensive option when the customer attempts to purchase.
A social engineering attack that lures victims into compromising themselves by offering something enticing — such as a free USB drive, download, or prize — that contains or leads to malware or data theft.
Fraudsters posing as a victim's bank — by phone, email, or text — to steal credentials, authorisation codes, or money under the guise of protecting the account from fraud.
Better Business Bureau's free public database of consumer-reported scams in North America, searchable by type, location, and dollar amount.
A sophisticated scam targeting organisations where criminals impersonate executives, suppliers, or partners via email to authorise fraudulent payments or data transfers.
A scam in which a wealthy stranger offers to share their fortune with the victim, often framed as an act of romantic generosity or philanthropic connection.
The natural person who ultimately owns or controls a legal entity, even if their name does not appear on public documents.
Fraud that targets the designated recipient of insurance policies, pension funds, estates, or other financial arrangements — typically by impersonating or diverting payments away from the true beneficiary.
The first six to eight digits of a payment card number that identify the issuing bank and card type.
A large-scale automated attack in which criminals systematically generate and test card numbers based on a known Bank Identification Number to find valid cards.
An MLM pay structure in which each distributor has exactly two 'legs' in their downline, with earnings calculated on the weaker leg's volume, creating structural incentives to recruit rather than sell.
Using physical or behavioural characteristics — such as fingerprints, face geometry, iris patterns, or voice — to verify identity instead of or in addition to passwords.
Approving a blockchain transaction without being able to read or fully understand its contents, exposing the signer to wallet-draining smart contracts or unexpected fund transfers.
A publicly accessible tool that lets anyone read every transaction, wallet balance, and smart contract on a blockchain. An essential consumer-protection resource.
The practice of sending unsolicited messages to nearby Bluetooth-enabled devices, typically used for spam or social engineering rather than data theft.
An attack that exploits Bluetooth vulnerabilities to steal data — contacts, messages, photos, or calendar entries — from a device without the owner's knowledge.
An operation in which high-pressure sales people cold-call victims to sell worthless, non-existent, or wildly overpriced investments — often shares, bonds, or commodities.
A network of malware-infected computers ('bots') controlled remotely by a criminal to carry out coordinated attacks such as spam campaigns, DDoS attacks, or credential stuffing.
Using a counterfeit or stolen cheque to obtain goods, services, or cash, knowing the cheque will be returned unpaid by the bank.
The unauthorised use of a company's name, logo, and visual identity in fraudulent communications to lend them credibility.
A manipulation technique in which a scammer gives just enough attention and affection to sustain the victim's hope and engagement without ever fully committing.
A scheme in which sellers send unrequested packages to real people using their address, then post fake five-star reviews in those people's names to boost product rankings.
A sophisticated email-based fraud targeting businesses, usually to divert large payments by impersonating executives or trusted suppliers.
A fraudulent offer presenting a fake or grossly exaggerated business venture — often promising high returns for minimal effort — that exists primarily to extract upfront fees or sell worthless materials.
A scheme in which a fraudster builds credit over time by behaving as a legitimate borrower, then suddenly maxes out all available credit and disappears.
Canada's national tip-line for reporting fraud, scams, and cybercrime, operated jointly by the RCMP, OPP, and Competition Bureau.
A telecom fraud where a local carrier generates artificially high call volumes to its own numbers to earn inflated access fees from long-distance carriers.
A scam where attackers enable unconditional call forwarding on a victim's line — often by tricking carrier staff — to intercept incoming calls including one-time authentication codes.
A scheme where fraudsters trick victims into calling a premium-rate or international number by creating a false reason to call back, generating revenue for the attacker.
A phishing technique where a fraudulent message instructs the recipient to call a phone number, directing them to scammers rather than a legitimate organisation.
A fraud where the victim is induced to call back a premium-rate or fraudster-controlled number, racking up charges or being subjected to a social-engineering attack.
Manipulating the telephone number displayed on a recipient's caller-ID so that a call appears to come from a trusted or official source.
Deliberate obstacles placed in the cancellation process to deter customers from ending a subscription or service, trapping them in unwanted ongoing charges.
A fraud scheme in which a criminal recruits account holders to share their debit card details in exchange for a promised share of fraudulently deposited funds.
Stolen payment card data copied from a card's magnetic stripe, sold and used to produce counterfeit physical cards.
A physical device illegally attached to an ATM, fuel pump, or payment terminal that secretly reads and records card magnetic stripe data as the card is swiped or inserted.
The installation of a covert device on an ATM, payment terminal, or fuel pump to capture the magnetic stripe data and PIN from victims' payment cards.
Fraudsters run small test transactions on stolen card numbers to verify which are still active before using them for larger purchases.
A physical ATM fraud where a device retains the victim's bank card inside the machine, allowing the criminal to retrieve it after the customer leaves.
Fraudulent use of stolen card details to make purchases online or by phone, where the physical card doesn't need to be presented.
The fraudulent use of stolen payment card details to make unauthorised purchases or test card validity, typically conducted online.
Scams exploiting peer-to-peer payment apps to extract irreversible payments through fake offers, impersonation, and social engineering.
A physical ATM fraud where a device is fitted over the cash dispenser to trap banknotes inside the machine, allowing the fraudster to collect them after the victim leaves.
The final step in many fraud schemes where criminals convert stolen funds or compromised payment credentials into physical cash or untraceable value before disappearing.
A fabricated online identity using stolen photographs and invented life details to deceive targets into a false relationship.
Creating a fake online persona — typically using stolen photos and a fabricated backstory — to deceive someone into an emotional or romantic relationship, usually for money, information, or emotional manipulation.
A BEC variant in which attackers impersonate a company's CEO or senior executive in emails to pressure employees — typically in finance — into making urgent, unauthorised wire transfers.
A UK National Crime Agency command that handles online child exploitation, including cases where children are targeted by sextortion scams and financially motivated online grooming.
A message — physical or digital — instructing recipients to send money or items to a list of names, add their own name, and forward the letter to others, promising large returns if the chain is maintained.
A fraud in which criminals redirect a victim's mail or official correspondence to an address they control, intercepting financial documents, cards, and communications.
A forced reversal of a credit or debit card payment, initiated by the cardholder through their bank, when a transaction is disputed as fraudulent or a seller has not fulfilled their obligations.
Abusing the bank chargeback process to reclaim payment for goods or services that were genuinely received, effectively stealing from merchants.
Fake charitable appeals — especially following disasters, conflicts, or high-profile causes — that collect donations for fraudsters rather than genuine beneficiaries.
A method of cheque fraud in which criminals chemically remove the ink from a written cheque and rewrite it with a different payee name or higher amount.
The use of a child's personal information — often their Social Security or National Insurance number — to fraudulently open credit accounts, obtain loans, or commit other financial crimes.
The UK's leading fraud-prevention membership organisation, which operates a shared database of confirmed fraud cases to help member organisations protect customers from identity fraud and account takeover.
A UK fraud-prevention service that flags a consumer's address on shared databases, prompting extra identity checks before credit is granted at that address.
The US federal agency that leads national cybersecurity defence, publishes advisories on active cyber threats, and provides resources for critical infrastructure protection and individual cyber hygiene.
A free UK service from Citizens Advice that provides one-to-one guidance for scam victims and operates the 0808 250 5050 scams helpline funded by Trading Standards.
A lawsuit in which a large group of plaintiffs with similar claims sues a defendant collectively, sharing legal costs and any recovery.
The fraudulent generation of clicks on pay-per-click online advertisements with the intent to drain an advertiser's budget or inflate revenue on a publisher's site.
A web attack that tricks users into clicking something different from what they see, by overlaying a hidden malicious element on top of a legitimate page.
Malware that monitors the system clipboard and silently replaces any copied cryptocurrency address with the attacker's address at the moment of pasting.
A fraudulent firm that copies the identity, registration details, and branding of a legitimate authorised company to appear credible to investors.
An attack where a legitimate email previously delivered to the victim is duplicated with malicious links or attachments substituted for the originals.
A scam in which criminals impersonate a legitimate, regulated financial firm to sell fake investments or collect fraudulent payments, using the real firm's name and registration details.
A cryptocurrency wallet that stores private keys entirely offline, away from internet-connected devices.
Registering domains that combine a legitimate brand name with an extra word to create convincing but fraudulent web addresses.
A money mule who knowingly assists fraudsters in laundering funds, often for a cut of the proceeds and with full awareness that the activity is illegal.
A name-checking service that verifies whether the account holder name entered by a sender matches the bank's records before a payment is processed.
The UK FCA principle requiring authorised firms to deliver good outcomes for retail customers, including clear communications and products designed to meet genuine needs.
A US federal agency that supervises financial institutions and takes consumer complaints about banks, lenders, and financial products.
The FTC's secure, multi-contributor fraud report database, shared with law enforcement agencies in the US and partner countries to identify fraud patterns and investigations.
Reading contactless payment card data wirelessly without the cardholder's knowledge, using a concealed RFID or NFC reader in close proximity.
The voluntary UK bank code under which subscribing firms agreed to reimburse APP fraud victims who were not negligent — superseded by mandatory PSR rules in October 2024.
A fraud technique where attackers infiltrate existing legitimate communications — online or by phone — to steer victims toward a fraudulent outcome.
Stealing browser cookies that contain session tokens or saved credentials, enabling attackers to access accounts or track browsing without needing passwords.
A legally mandated window — usually 14 days — during which a consumer can cancel a contract and receive a full refund without giving a reason.
Selling fake products that copy the branding, packaging, or appearance of legitimate items, often misrepresenting them as genuine.
A scam where a fraudster posing as a bank or police officer sends a courier to collect cash, bank cards, or jewellery from a victim under a false pretence.
A sophisticated fraud in which a caller impersonating a bank or police officer sends a 'courier' to physically collect cash, cards, or valuables from the victim at their home.
The combination of identifying information — typically a username and password — used to authenticate access to an account or system.
The systematic collection of usernames, passwords, and authentication data through phishing, fake login pages, malware, or data breaches for later use in account takeovers.
A phishing attack specifically designed to steal usernames and passwords by directing victims to fake login pages.
Automatically trying username-and-password combinations leaked from one data breach across many other websites, exploiting people's habit of reusing passwords.
A free consumer right to lock your credit report so no new creditor can access it, preventing fraudsters from opening accounts in your name even if they have your personal data.
A protocol that moves cryptocurrency between different blockchains. Bridges have been among the most heavily exploited targets in DeFi history.
A web vulnerability in which attackers inject malicious scripts into trusted websites, which then execute in visitors' browsers to steal data or perform actions on their behalf.
The use of crowdfunding platforms to solicit donations or investment under false or exaggerated pretences, with funds misappropriated rather than applied to the stated purpose.
Malicious smart-contract code or a deceptive wallet-connection prompt that sweeps all tokens from a victim's cryptocurrency wallet in a single transaction.
A fraud claiming that a celebrity or company is doubling cryptocurrency sent to an address, when in reality any funds sent are stolen with nothing returned.
Paid promotion of a cryptocurrency or NFT project by an influencer who does not disclose their financial relationship with the project.
A fake remote job that pays in cryptocurrency, uses a crypto platform as a work tool, or requires a crypto deposit to 'start' — frequently a vehicle for task scams or pig-butchering lures.
A person, often recruited under false pretences, who moves stolen cryptocurrency on behalf of criminals, typically through their own wallet, and bears legal risk.
A fraudulent investment scheme that uses funds from new crypto investors to pay 'returns' to earlier ones, collapsing when recruitment slows.
A secondary fraud targeting people who have already lost cryptocurrency, offering to recover their funds in exchange for upfront fees, then stealing those too.
A long-running fraud where scammers build fake romantic relationships to manipulate victims into sending large amounts of cryptocurrency.
A fraudulent scheme claiming that a victim owes taxes on crypto gains that must be paid in cryptocurrency before they can access their funds.
The final stage in which a scammer converts all collected funds to cryptocurrency and disappears, making recovery virtually impossible.
Scams that demand or manipulate victims into sending cryptocurrency, exploiting the irreversibility and pseudonymity of blockchain transactions.
A large-scale fraud combining dating-app romance with fake cryptocurrency trading apps, typically distributed outside official app stores.
Scams involving fake or unregistered currency exchange services that offer unrealistically good rates or simply steal deposited funds.
Custodial wallets are held by a third party (like an exchange) while non-custodial wallets give the user direct control of their private keys.
Insurance policies that cover financial losses arising from cyber incidents — including data breaches, ransomware payments, fraud, and notification costs — for businesses and increasingly for consumers.
An organisation governed by token-holder votes through smart contracts rather than a traditional board or management structure.
Deceptive user-interface designs that trick people into sharing more data, accepting wider terms, or agreeing to tracking they did not intend to consent to.
Parts of the internet accessible only through specialised software like Tor, commonly associated with the trade of stolen data, fraud tools, and criminal services.
A service that scans dark-web forums, markets, and dumps for your personal information or credentials, alerting you when your data appears in criminal environments.
An illicit online market accessible only via anonymising software such as Tor, where stolen data, fraud tools, drugs, and cybercrime services are bought and sold.
An incident in which unauthorised parties gain access to confidential data — typically including email addresses, passwords, payment details, or personal information — held by a company or organisation.
The legal obligation to inform individuals and regulators when their personal data has been exposed through a security incident.
A company that collects, aggregates, and sells personal data — including home addresses, phone numbers, financial history, and social media activity — often without the subject's knowledge.
A fake remote work posting advertising simple typing or data-entry tasks that requires an upfront software fee or training purchase before work can begin, which never materialises.
Fraudsters posing as debt collectors demand payment for debts that are fake, already paid, legally unenforceable, or belong to someone else, using threats and intimidation.
A fraudulent service that promises to negotiate down a consumer's debts in exchange for fees, often leaving the victim in worse financial position.
The fraudulent creation or alteration of a property deed to transfer ownership or secure loans without the knowledge of the legitimate owner.
AI-generated video, audio, or images that convincingly depict real people saying or doing things they never said or did, increasingly used to enable fraud and disinformation.
The use of AI-generated synthetic video or audio that realistically imitates a real person, deployed to deceive victims into authorising payments, sharing secrets, or trusting fake content.
The use of AI-generated or manipulated video to simulate the appearance of a romantic persona during video calls, bypassing visual verification.
The use of AI-generated video to impersonate real people in real-time video calls or pre-recorded clips to authorise transactions, extract information, or spread disinformation.
AI-generated audio that mimics a specific person's voice, used to impersonate them in fraud calls or authorise fraudulent transactions.
A fraud that uses AI-generated voice audio to impersonate a known person — such as a family member, executive, or public official — in a phone call to extract money or data.
An AI-generated audio impersonation of a real person's voice, used in fraud to authorise transactions, deceive employees, or manipulate family members into sending money.
A smart-contract platform that allows crypto holders to earn interest by lending assets or to borrow against crypto collateral, with specific fraud and exploit risks.
A decentralised financial application built on a blockchain that offers services like lending, trading, or yield generation without a central company controlling it.
A technique that identifies a specific device by collecting a unique combination of browser, hardware, and network attributes, used in both fraud detection and privacy-invasive tracking.
An electronic document issued by a Certificate Authority that binds a cryptographic key to a domain name, enabling browsers to verify a website's identity and establish an encrypted connection.
A secure app or device that stores government-issued digital credentials — such as a mobile driving licence or digital ID — and presents them selectively without revealing more data than necessary.
A fraud conducted entirely through letters or messages with a person met through a pen pal service or prison correspondence programme.
Unauthorised or misleading use of direct debit instructions to take recurring payments from a bank account without the account holder's genuine informed consent.
Exploitation of Direct Inward System Access features in business phone systems to place external calls through the company's lines at its expense.
Fraudulent charities or individuals exploiting a major disaster, emergency, or crisis to solicit donations that never reach victims.
The legal or regulatory obligation to provide complete and accurate information to a counterparty or regulator before or during a transaction.
A technique where an attacker sets a legitimate-looking name in the email 'From' field while using a completely different, often fraudulent, email address.
The formal process by which a consumer challenges a transaction with their bank or card issuer, seeking a reversal or refund.
An attack that corrupts a DNS resolver's cache to redirect users to a malicious IP address even when they type the correct website address.
A US database maintained by the FTC that lets consumers opt out of most commercial telemarketing calls.
Techniques used by fraudulent callers to continue reaching consumers on national Do Not Call registries, exploiting legal loopholes or simply ignoring enforcement.
The creation or alteration of official documents — passports, driving licences, bank statements — to facilitate identity fraud or meet verification requirements under false pretences.
MLM terminology for the network below a distributor (downline) whose purchases generate commission, and those above them (upline) who earn commission from the distributor's activity.
Tactics used by MLM upline members to psychologically pressure, mislead, or financially coerce their recruits into spending more money or recruiting harder to benefit the upline's commissions.
A pricing tactic in which a low headline price is advertised but mandatory fees are progressively revealed during the checkout process, inflating the final cost.
Malware automatically downloaded and executed on a visitor's device simply by loading a malicious or compromised web page, requiring no clicks or deliberate action.
A sacrificial bank or payment account set up or acquired by fraudsters specifically to receive illicit funds for a short period before the account is abandoned.
A practice—sometimes deceptive—of dynamically switching suppliers for the same product listing to exploit price fluctuations, often without informing customers of changes in quality or origin.
A fraud model that exploits legitimate dropshipping arrangements — selling items the seller never stocks — to deceive customers, misuse supplier credit, or launder funds.
A fraudulent storefront that takes consumer payments but either never ships the product or ships a low-quality counterfeit while hiding the true supplier identity.
The reasonable investigation a prudent person conducts before entering a financial transaction or business relationship, to verify claims and identify risks.
Searching through discarded rubbish or recycling to find documents, devices, or information that can be used to commit identity theft or fraud.
Sending tiny amounts of cryptocurrency ('dust') to many wallet addresses to de-anonymise the owners by tracking how the dust is subsequently spent.
Electronically stored monetary value held by a regulated institution, used to make payments without needing a traditional bank account.
An international fraud reporting portal operated by ICPEN that allows consumers worldwide to report cross-border scams, with data shared among consumer protection agencies in over 35 countries.
A structured off-chain signing standard that lets users authorise complex on-chain actions with a single readable signature request.
The illegal or improper use of an older person's money, assets, or property by someone in a position of trust or by an external fraudster.
The illegal or improper use of an older person's finances or assets, by strangers, carers, or family members, through theft, fraud, or undue influence.
Financial exploitation of older adults through scams, abuse of trust, or manipulation — a priority enforcement area for the FTC, FBI, and equivalent bodies in the UK and Australia.
A social engineering technique that extracts sensitive information through seemingly innocent conversation, without the target realising they are being pumped for intelligence.
The takeover of a legitimate email account — often a personal or vendor account — to conduct fraud by sending convincing requests for payment or information to the account's contacts.
Forging the 'From' field in an email header to make a message appear to come from a trusted sender it did not actually originate from.
The forging of an email's sender address to impersonate a trusted organisation, and the three DNS-based standards designed to detect and block such forgeries.
A set of psychological techniques used by romance scammers to override rational judgement and keep victims compliant and giving.
A communication method where only the sender and intended recipient can read the message content — the service provider, network operators, and interceptors cannot decrypt it.
An automated attack that systematically tests large numbers of possible values — such as card numbers, usernames, or account IDs — to discover valid ones.
A real estate fraud in which a criminal takes over a property, collects rent, but fails to make mortgage payments — eventually leaving the original owner facing foreclosure.
A neutral third party holds funds or assets on behalf of two parties and releases them only when agreed conditions are met.
A scam in which a fake or hijacked escrow service is used to steal funds from a buyer or seller during a high-value transaction.
A fraud where a scammer creates a fake escrow service or impersonates a legitimate one to intercept funds during a high-value transaction.
A variant of SIM swapping that exploits the eSIM provisioning process to transfer a victim's number to an attacker-controlled device without a physical SIM card.
Europol's specialised unit for combating cybercrime and online fraud in the EU, providing operational support and intelligence to member states' police forces.
A physical security attack where an adversary gains brief unsupervised access to a target's unattended device and tampers with it to enable later compromise.
A rogue wireless access point that mimics a legitimate public Wi-Fi network to intercept traffic from unsuspecting users who connect to it.
A rogue Wi-Fi access point that mimics a legitimate network, tricking users into connecting so their traffic can be intercepted.
A security breach in which attackers exploit vulnerabilities in a centralised cryptocurrency exchange to steal customer funds.
When a cryptocurrency project, exchange, or marketplace abruptly shuts down and disappears with investors' or customers' funds after building sufficient trust to attract deposits.
A US federal law that gives consumers the right to dispute billing errors and fraudulent charges on credit card accounts.
A US federal law governing credit bureaus and consumers' rights to access, dispute, and correct their credit reports.
A fraudulent raffle or lottery that falsely claims proceeds benefit a charity, using charitable branding to increase participation while keeping all funds.
A fraud where a victim receives a counterfeit cheque for more than an agreed amount, is asked to wire back the difference, and is left liable when the fake cheque bounces.
A fraudulent website designed to look like a legitimate cryptocurrency exchange that steals deposited funds and personal data.
A scammer who impersonates a legitimate debt collection agency to pressure victims into paying debts they do not owe, have already paid, or that are legally unenforceable.
A fraud in which a scammer directs a transaction through a counterfeit escrow website they control, causing the victim to deposit funds that are immediately stolen.
A fraudulent business investment sold as a turnkey franchise that takes an upfront fee but delivers no viable business system, territory, or ongoing support.
A fraudulent billing document sent to a business or individual claiming payment is owed for goods or services that were never ordered or delivered.
Sending businesses or individuals a fraudulent invoice for goods or services never ordered or delivered, hoping it will be paid without thorough checking.
A scammer who poses as a property owner to collect deposits and rent payments for properties they do not own or have no right to let.
Advertising a rental property the fraudster does not own or control to collect deposits and advance rent from multiple victims who never gain access to the property.
Observable inconsistencies in a scammer's online persona that betray its fabricated nature, such as mismatched details, timeline gaps, or conflicting information.
Paying for or posting fabricated positive reviews to deceive consumers about a product or service's true quality.
Fraudulent delivery alerts impersonate couriers or retailers to harvest personal and payment information or deliver malware.
A fraudulent scheme promising high yields for locking up cryptocurrency, when in reality the platform steals the deposited funds.
A fraudulent website or marketplace profile designed to look like a legitimate retailer, built solely to collect payments without delivering goods.
A malicious mobile or desktop app disguised as a legitimate crypto wallet that steals seed phrases or private keys when a user enters or imports them.
The practice of generating, purchasing, or incentivising fabricated product or service reviews to mislead consumers and manipulate platform rankings.
A recruiting tactic in which an MLM, job scam, or investment promoter represents specific earnings as typical or achievable when evidence shows most participants earn far less.
The UK near-instant payment system that allows bank transfers to arrive within seconds, 24 hours a day, 365 days a year.
The FBI's online portal for reporting internet-facilitated crime in the United States, producing an annual Internet Crime Report.
The UK Financial Conduct Authority's overarching conduct standard requiring firms to deliver good outcomes for retail customers, including protecting them from foreseeable harms such as fraud facilitation.
The primary US consumer-protection and antitrust regulator, which also operates the national fraud reporting database at ReportFraud.ftc.gov.
The UK's regulator for financial services firms and markets, responsible for authorising firms and investigating financial misconduct and fraud.
An FBI-coordinated rapid-response process to intercept fraudulent domestic wire transfers before funds are withdrawn or moved offshore.
A gradual process by which a fraudster builds trust and emotional dependency with a target before introducing financial requests or manipulation.
The UK's free, independent dispute-resolution service for complaints about FCA-authorised financial businesses.
The UK's free independent service for resolving disputes between consumers and financial firms, including complaints about banks' handling of fraud and scam reimbursement claims.
The UK's statutory fund of last resort that compensates consumers when authorised financial firms fail, covering deposits up to £85,000 and investment claims up to £85,000.
Canada's financial intelligence unit that collects and analyses financial transaction reports from banks and businesses to identify money laundering and terrorist financing, including fraud proceeds.
Fraud committed by a real customer using their own identity to deceive a financial institution or merchant for financial gain.
An exploit where an attacker borrows a huge amount of cryptocurrency without collateral in one transaction and uses it to manipulate prices or drain a protocol before repaying.
Mobile apps that offer a brief free trial and then charge exorbitant recurring subscription fees that persist even after the app is deleted.
A powerful Android banking trojan that spread via smishing, hijacked contacts to self-propagate, and stole banking credentials and payment card data.
New Zealand's financial markets regulator, which takes enforcement action against unlicensed investment schemes, Ponzi frauds, and false-return investment advertising.
A matrix pyramid in which the system automatically places new recruits into available slots in the tree rather than under the sponsor who recruited them, designed to accelerate matrix completion and disguise the pyramid structure.
A predatory scheme targeting homeowners facing foreclosure with false promises of saving their home in exchange for fees or property transfer.
A cyberattack in which malicious JavaScript is injected into a website's payment or checkout form to silently copy card details as they are entered.
A notice placed on a consumer credit file that tells lenders to take additional steps to verify identity before opening new credit — free and legally required to be spread to all three bureaus.
A notice placed on your credit file that instructs lenders to take extra verification steps before extending credit, signalling that you may be at risk of identity theft.
Finland's National Bureau of Investigation Cybercrime Unit (KRP) that handles complex online fraud, cybercrime, and international financial crime targeting Finnish residents.
A paid package sold on the premise that it contains everything needed to make money from home, which turns out to be generic information freely available online or instructions for selling the same kit to others.
A marketing scheme offering a free trial that automatically converts to a paid subscription, often without adequate disclosure of the conversion terms.
A chargeback or dispute filed by a legitimate cardholder who did authorise the transaction but later claims they did not, often to obtain a refund without returning goods.
A buyer makes a legitimate purchase, receives the goods, then falsely disputes the charge claiming non-delivery or unauthorized use to obtain a refund while keeping the item.
Placing a transaction ahead of a known pending trade to profit from the price impact that trade will cause, at the expense of the original trader.
The US Federal Trade Commission's primary consumer fraud reporting portal at ReportFraud.ftc.gov, which feeds the Consumer Sentinel Network used by law enforcement.
Dark-web slang for a complete package of a victim's personal and financial information sufficient to commit identity theft or open fraudulent accounts.
A manipulation tactic in which a scammer makes elaborate, convincing promises about a shared future to keep the victim emotionally invested.
A task-scam variant that wraps fake work inside an app or dashboard with progress bars, levels, and rewards to make the fraud feel more legitimate.
Ireland's specialised police unit investigating major economic crime, fraud, cybercrime, and money laundering, operating as part of An Garda Siochana.
A cryptocurrency fraud where victims are asked to pay 'gas fees' upfront to release or receive funds that do not exist, or where manipulated fees drain wallets unexpectedly.
Small amounts of cryptocurrency paid to blockchain validators to process transactions. Scammers exploit gas mechanics to create confusing traps.
Selling fraudulent motor insurance policies — either entirely fake or taken out using false details — to victims who believe they have valid cover but are unknowingly uninsured.
A worthless token sent unsolicited to many wallets to create the illusion of value and entice victims to interact with a malicious contract to 'sell' it.
A retail fraud in which criminals access gift cards in stores, record the card numbers and PINs, replace them, and drain the balance once a consumer activates and loads them.
A pressure tactic in which a romance scammer insists on gift cards as the payment method, using them because they are difficult to trace and non-refundable.
A fraud method in which criminals copy gift-card codes in-store before activation, then drain the balance after an unsuspecting customer loads funds.
Any scam in which the victim is instructed to pay using retail gift cards — iTunes, Google Play, Amazon, Steam — a payment method favoured by fraudsters because it's effectively untraceable and non-reversible.
A cash-transfer scheme framed as mutual gifting among community members, typically displayed as a mandala or loom diagram, where only early participants receive money at the expense of those who join later.
Any scheme in which participants are invited to 'gift' cash to current members under the pretence of a community support network, when in fact the structure is a pyramid that benefits only early entrants.
A fraud targeting older adults with an urgent call claiming a grandchild or family member is in legal or medical trouble and needs immediate financial help, often asking for cash, gift cards, or wire transfers.
Genuine branded products sold through unauthorized distribution channels, often voiding warranties and consumer protections.
SMS messages sent through unofficial, unmonitored carrier connections that bypass standard routing agreements, used by fraudsters to avoid spam filters and regulatory oversight.
A sustained process in which a scammer builds trust, emotional closeness, and a sense of obligation over time to make a target compliant with future requests.
A fraudulent bulk-buying scheme where organizers collect pooled payments from multiple participants and then disappear without purchasing or delivering the promised goods.
A fraud where a victim is persuaded to act as a loan or rental guarantor for someone who does not intend to repay, leaving the guarantor liable for the full debt.
The misuse of legal guardianship or conservatorship over a vulnerable adult to control and exploit their assets, often by limiting the person's contact with family and friends.
A physical USB or NFC device that provides the strongest form of two-factor authentication, cryptographically bound to each website so it cannot be phished.
A physical USB-like device that stores private keys offline and requires physical confirmation to sign transactions.
An informal value-transfer system used across South Asia, the Middle East, and Africa, based on trust and a network of brokers rather than physical movement of money.
Manipulation of an organisation's IT helpdesk or customer service staff into resetting credentials or granting access on behalf of an attacker posing as a legitimate user.
An online investment scheme promising abnormally high daily or weekly returns — commonly 1-10% per day — that is almost always a Ponzi scheme paying early investors from later deposits until it collapses.
Hong Kong's central banking institution, which mandates anti-fraud controls for banks including the Faster Payment System kill switch and real-name account verification.
Fraud in which criminals pose as tax authorities — HMRC, IRS, or equivalent — to threaten victims with arrest or fines unless they pay an invented debt immediately.
A fake work-at-home job offering payment to assemble crafts or products at home, which requires an upfront kit purchase and never pays out for completed work.
A character that looks visually identical or nearly identical to another character from a different script or encoding, used in domain names and text to deceive users.
An attack that uses Unicode characters visually identical to standard Latin letters to register domain names that look exactly like legitimate ones.
A spoofing technique that uses visually identical or near-identical Unicode characters to create deceptive domain names that appear legitimate.
A social-engineering lure that exploits romantic or sexual attraction to extract sensitive information, money, or compromising material from a target.
A fraudulent cryptocurrency token designed with smart contract code that allows buyers to purchase but prevents them from ever selling, trapping their funds.
A variant in which the scammer claims to be imprisoned, kidnapped, or held against their will and urgently needs ransom or bail money from the victim.
A cryptocurrency wallet that is connected to the internet. Convenient for frequent use but permanently exposed to online attacks.
A standardised international format for identifying a bank account, used across Europe and many other countries to route international payments.
The FBI's online portal for reporting internet-facilitated crimes including wire fraud, ransomware, romance scams, and business email compromise.
A crypto attack where the victim is tricked into signing a transaction that transfers asset ownership to an attacker without any malware being involved.
Using forged, altered, or fraudulently obtained identity documents — passports, driving licences, utility bills — to pass verification checks for financial services, tenancy, or employment.
The process by which an organisation verifies that a person is who they claim to be before granting access or opening an account, typically involving document verification and liveness checks.
Using another person's personal information — name, date of birth, address, ID numbers — without their consent, typically to open accounts, take out loans, or commit fraud.
A formal declaration filed with the FTC (or equivalent authority) that a consumer's personal information has been used fraudulently, unlocking extended legal protections.
Identity theft is the unauthorised acquisition of someone's personal data; identity fraud is the criminal use of that stolen data. The two often occur together but are legally distinct.
A real DeFi concept misused by scammers to explain away stolen funds or to justify additional deposits to 'recover losses' that do not actually exist.
A fraud tactic in which criminals pose as police officers, government officials, regulators, or court officers to intimidate victims into paying money or surrendering assets.
Any fraud in which an attacker poses as a trusted person or institution — a bank, government body, family member, or celebrity — to extract money or information.
A device that impersonates a mobile cell tower, forcing nearby phones to connect to it so the operator can intercept calls, texts, and location data.
A statement made by a recruiter or MLM company asserting specific earnings potential, which may be misleading if not accompanied by accurate statistics about typical participant outcomes.
A piece of forensic evidence — such as a suspicious IP address, file hash, or domain — that suggests a system has been breached or is under attack.
A fraud combining a manufactured romantic relationship with a fake unclaimed inheritance, pressuring victims to pay fees to access non-existent funds.
A security risk posed by current or former employees, contractors, or partners who misuse their legitimate access to cause financial harm or data theft.
Trading financial securities based on material non-public information obtained from a position of trust or access, giving an unfair advantage over other market participants.
The final stage of money laundering, where cleaned funds re-enter the legitimate economy appearing to be from a lawful source.
A fee paid by a merchant's bank to the cardholder's bank each time a card payment is processed, which ultimately affects consumer pricing.
INTERPOL's operational unit that coordinates cross-border financial crime investigations and runs global operations against money laundering, BEC, and investment fraud networks.
The practice of pressuring MLM distributors to purchase more product than they can realistically sell, typically to meet volume targets or qualify for bonuses, resulting in garages full of unsold goods.
Any scheme that deceives victims into putting money into fake, worthless, or manipulated investment opportunities, resulting in financial loss.
A scam in which fraudsters impersonate a genuine supplier and trick a business or individual into paying an invoice into a fraudulent bank account.
A fraud where criminals intercept or impersonate a supplier's communications to substitute fraudulent bank details on invoices, diverting payment to a criminal account.
A scam in which fraudsters impersonate a supplier or business contact to change payment details on an invoice, diverting funds to the attacker's account.
A fraud in which criminals intercept legitimate invoice communications and alter payment details so money is sent to a fraudster's account instead of the real supplier.
An international resource maintained by IOSCO where securities regulators from around the world post warnings about entities offering unregistered or fraudulent investment products.
A telecom fraud where criminals generate artificially inflated call traffic to premium international numbers they control, earning a cut of the termination fees.
A deliberate strategy used by romance scammers to separate victims from friends and family who might challenge the relationship or identify warning signs.
Buyers falsely claim a received item does not match its description to obtain a full refund while keeping or returning a different item.
A term describing the emergence of geographically concentrated organised fraud operations, named after a district in Jharkhand, India, that became notorious as a training ground for OTP and impersonation phone fraudsters.
A fraudulent job offer designed to extract money, personal data, or labour from applicants — including fake listings, reshipping schemes, and task-based crypto scams.
A cyberattack using public USB charging ports to transfer malware to, or steal data from, devices while they charge.
Software (or hardware) that secretly records every keystroke you make, capturing passwords, messages, and card numbers without your knowledge.
The use of software or hardware that records every keystroke on a device to harvest passwords, credit card numbers, and other sensitive input.
The mandatory process by which financial institutions verify the identity of their customers to prevent money laundering, fraud, and terrorist financing.
Regulatory requirements that oblige financial institutions and exchanges to verify their customers' identity before providing services, to prevent fraud and money laundering.
Regulatory requirements obliging financial institutions to verify the real identity of customers before opening accounts or processing transactions.
Regulatory requirements for financial institutions to verify customer identities and monitor transactions to detect and prevent money laundering and fraud.
The second stage of money laundering in which illicit funds are moved through multiple transactions and accounts to disguise their criminal origin.
A card-network rule that transfers financial responsibility for fraudulent transactions from the card issuer to the merchant when the merchant has not adopted EMV chip or 3-D Secure authentication.
The filing of false or fraudulent liens against a property or individual's assets, typically to obstruct sale, extort payment, or cloud title.
A mechanism where a token project's liquidity pool funds are locked in a smart contract for a set period so developers cannot drain them.
A smart-contract vault of token pairs that powers decentralised exchange trading. Understanding it is essential to recognising DeFi rug pulls.
Unauthorized sellers attach themselves to an established marketplace listing to piggyback on its reviews and ranking, then ship counterfeit or inferior products.
A biometric security technique that verifies whether a submitted face or fingerprint is from a live person rather than a photo, video replay, or mask, used in identity verification and login.
Techniques used to fool biometric identity verification systems into accepting a fraudulent submission — such as a photo, video, or mask — as a live person.
An attack technique where adversaries use legitimate, pre-installed system tools rather than custom malware to carry out malicious activities, making detection harder.
A scam where criminals offer guaranteed loans and demand upfront fees before the loan is disbursed, then disappear without providing any funds.
A predatory lending practice in which a lender repeatedly refinances a borrower's loan, generating fees each time while providing minimal financial benefit to the borrower.
A predatory lending practice in which unnecessary or undisclosed products are bundled into a loan, inflating the total cost without the borrower's informed consent.
A fraudulent mobile application that imitates a legitimate app's name, icon, and interface to steal credentials, inject malware, or subscribe victims to unwanted paid services.
A domain crafted to closely resemble a trusted brand's real domain, used to deceive recipients into trusting fraudulent emails or websites.
A scam informing victims they have won a lottery or prize draw they never entered, then requesting upfront fees to release the winnings — which do not exist.
A fraud claiming the victim has won a lottery or prize they never entered, requiring fees or personal details to 'claim' the winnings — which do not exist.
An overwhelming flood of affection, attention, and flattery used early in a relationship to fast-track emotional dependency, often as a precursor to fraud or coercive control.
The theft of physical mail to steal cheques, cards, financial statements, or identity documents for use in fraud.
Malicious advertising — legitimate-looking online ads that, when clicked, redirect users to malware downloads or phishing pages.
Software specifically designed to damage, disrupt, or gain unauthorised access to a computer system — an umbrella term covering viruses, ransomware, spyware, trojans, and more.
The methods and techniques criminals use to install malicious software on a victim's device — including phishing attachments, drive-by downloads, and trojanised software.
An attack in which a fraudster secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.
An attack in which the attacker secretly intercepts and potentially alters communications between two parties who each believe they are talking directly to the other.
Convincing an organisation to change a supplier's or employee's bank account details so that future payments are redirected to the fraudster's account.
A scam initiation technique in which the fraudster contacts a target under the pretence of a misdirected message or wrong number.
Fraudulent operators charge sellers illegitimate listing, processing, or success fees, often through fake platforms or impersonation of real ones.
Fraudsters create fake listings or accounts that mimic legitimate, well-reviewed marketplace sellers to intercept buyers and payments.
Singapore's central bank and financial regulator, which sets anti-scam rules for financial institutions and coordinates consumer protection measures against payment fraud.
Singapore's independent financial dispute resolution scheme, where consumers can bring unresolved complaints against banks and financial institutions including fraud reimbursement disputes.
A type of pyramid scheme where participants must recruit others to advance up a waiting list to receive a prize or payout, with the scheme collapsing when recruitment slows.
A fraud in which a criminal uses a victim's identity to obtain medical services, prescriptions, or insurance benefits, potentially corrupting the victim's medical records.
A scam where fraudsters impersonate MetaMask or other wallet support staff, ultimately requesting seed phrases or remote access under the guise of resolving a wallet issue.
Profit that validators or searchers can extract by reordering, inserting, or censoring transactions within a block, often at the expense of ordinary users.
An attack that floods a victim with repeated MFA push notification requests until they approve one out of frustration or confusion.
An attack where criminals flood a victim's phone with push-notification approval requests, hoping frustration causes the victim to accidentally approve one.
A fraud in which the scammer poses as an active-duty military service member to exploit respect for the military and explain their inability to meet in person.
A broad category of telephone fraud that uses a missed call as the hook to entice the victim to make a costly or fraudulent return call.
A service that pools and redistributes cryptocurrency to obscure the transaction trail, making it difficult to trace the origin of funds.
A sales structure in which participants earn from their own sales and a portion of sales made by people they recruit — legitimate when product-driven, potentially fraudulent when recruitment-driven.
A document required by regulators in many jurisdictions that shows the actual distribution of earnings across all active MLM participants, revealing what typical distributors earn.
The point at which an MLM downline territory has been so thoroughly recruited that existing distributors cannot find new participants, making further income growth impossible for most members.
Malicious Android apps that overlay fake login screens on top of legitimate banking apps to steal credentials and one-time codes in real time.
The automated collection of active mobile phone numbers from websites, data breaches, or dialing probes for use in smishing and robocall campaigns.
A scam in which fraudsters promise to multiply a victim's cash by exploiting a fake system hack, glitch, or insider trick, then disappear with the funds.
The process of disguising the criminal origin of illegally obtained funds by passing them through a series of transactions to make them appear legitimate.
Someone who receives and transfers money on behalf of criminals — sometimes wittingly, often unknowingly — helping fraudsters launder the proceeds of crime.
A criminal intermediary who recruits, manages, and directs a network of money mules, coordinating the movement of illicit funds through their accounts.
The process by which scammers recruit individuals to transfer or launder criminal proceeds through their bank accounts in exchange for a commission.
The process by which criminal networks enlist individuals — often unwitting — to receive and forward stolen funds through their bank accounts.
A fraud where a rogue removals firm gives a low quote, then holds a customer's belongings hostage until inflated charges are paid.
A bank or payment account used to receive and forward stolen funds on behalf of criminals, often controlled by an unwitting victim recruited as a money mule.
The criminal practice of recruiting and managing a network of money mules to layer and move stolen funds through multiple bank accounts.
A security method requiring two or more independent forms of verification before granting account access, making stolen passwords alone insufficient for attackers.
A fraud that offers a fake secret-shopper job, sends a counterfeit cheque for 'expenses', and instructs the victim to wire back most of the funds before the cheque bounces.
Australia's dedicated scam disruption unit housed within the ACCC, launched in 2023 to coordinate multi-agency scam prevention and take-down actions.
The UK government body that provides cyber security guidance, incident response, and threat intelligence, operating the Suspicious Email Reporting Service (SERS).
A UK unit within National Trading Standards that coordinates local authority trading standards services to disrupt mass-marketing fraud targeting consumers.
The UK's technical authority for cybersecurity, which provides consumer guidance on cyber threats and operates services including Suspicious Email Reporting and Active Cyber Defence.
A billing practice where consumers are automatically charged on a recurring basis unless they actively cancel, often used in subscription traps.
A billing model in which a customer's silence or inaction is treated as consent to be charged, rather than requiring affirmative agreement.
A caller-ID manipulation technique where scammers display a number with the same area code and prefix as the victim to increase call answer rates.
New Zealand's independent non-profit online safety organisation, which provides free advice for online scam victims and operates the Netsafe helpline for digital harm.
Emerging security concerns around 5G network slicing, where misconfiguration or exploitation could allow attackers to cross slice boundaries and access other users' traffic.
An attack that extends the range of a near-field communication transaction by relaying signals between a victim's contactless card and a payment terminal, enabling fraudulent transactions.
A scheme where NFT sellers mint and sell tokens based on art, music, or other content they do not own, deceiving buyers about what rights they are actually purchasing.
A fraudulent NFT project that collects mint fees from buyers but delivers worthless, non-existent, or stolen artwork before developers vanish.
A technique used by marketplaces or traders to circumvent the on-chain royalty fees that NFT creators expect to receive on secondary sales.
Artificially inflating the apparent trading volume and price history of an NFT by buying and selling it between wallets the same person controls.
A public-private partnership led by Europol and the Dutch National Police that provides free ransomware decryption tools and helps victims recover files without paying criminals.
An online seller collects payment for goods or services that are never shipped or delivered.
Fraud that exploits the practice of reassigning disconnected phone numbers to new subscribers, allowing the new holder to receive calls, texts, and account-reset codes intended for the previous owner.
Deliberately falsifying the telephone number displayed to a call or SMS recipient to impersonate a trusted contact, bank, or government body.
Fraudulent ads or online listings that display a spoofed business phone number to divert customers to scammers posing as the legitimate company.
An attack that tricks users into granting a malicious third-party application access to their accounts via a legitimate OAuth authorisation flow.
A fraud in which the scammer poses as a successful entrepreneur or executive with international operations to add credibility and justify financial requests.
An independent official or body that investigates complaints against organisations on behalf of consumers, typically at no cost to the complainant.
A technique scammers use to steal the temporary login code sent to your phone before you can use it yourself, often via social engineering or SS7 network exploitation.
A vulnerability in a legitimate website that allows an attacker to craft a link pointing to that site which then silently redirects the visitor to a malicious destination.
The collection and analysis of publicly available information — from social media, websites, public records, and data brokers — used by both security researchers and criminals to build target profiles.
An attack that corrupts the external price data a smart contract relies on, tricking it into executing transactions at false valuations.
The collection of publicly available information about a target — from social media, company records, and other open sources — to plan and personalise an attack.
A single-use numeric or alphanumeric code, usually sent by SMS or generated by an authenticator app, used to verify your identity during login or transactions.
Automated software that calls or texts victims in real time to trick them into reading out their one-time passcodes, which are then relayed to attackers logging into the victim's account.
The theft or real-time capture of a one-time password sent to a victim by SMS or authenticator app, used by fraudsters to bypass two-factor authentication.
Fraud conducted through over-the-top messaging apps such as WhatsApp, Telegram, or Signal where attackers impersonate known contacts or official accounts.
A fraudster sends an overpayment (often via a fake or reversible instrument) and asks the seller to refund the difference, leaving the seller out of pocket when the original payment is reversed.
A scam where a victim receives a fraudulent payment larger than expected and is asked to refund the difference, before the original payment bounces.
A fraud where a buyer sends more than the agreed amount and asks the seller to refund the difference, before the original payment is reversed or revealed as fraudulent.
A fraud in which the scammer claims a valuable package, gift, or inheritance is held at customs and requires fees to be released.
A seller ships only part of a multi-item order or a lower-value substitute, making it harder to dispute the full charge.
A password replacement that uses cryptographic key pairs stored on your device, making sign-in both phishing-proof and password-breach-proof.
Software that generates, stores, and autofills unique passwords for every account, enabling you to use strong credentials without the cognitive burden of memorising them.
An attack that tries a small number of commonly used passwords against a large number of accounts to avoid triggering account-lockout controls.
Any 'employment' arrangement requiring the worker to pay upfront to access the job, equipment, training, or earning platform — a red flag that often signals a scam or predatory scheme.
A fraudulent operation that impersonates or mimics a payday loan provider to steal personal and banking information or collect advance fees from financially vulnerable applicants.
A company that handles the technical transmission of card and payment data between a merchant, card networks, and banks during a transaction.
A request to cancel or return a payment after it has been sent, either because of an error or fraud, subject to the cooperation of the receiving bank.
The UK regulator for payment systems — including Faster Payments, CHAPS, and Bacs — that introduced mandatory APP fraud reimbursement rules in October 2024.
A fraud in which criminals hijack or impersonate an employee's identity to redirect salary payments to an account they control.
Unauthorised access to a business phone system (Private Branch Exchange) to make large volumes of fraudulent calls at the company's expense, often generating IRSF revenue.
A fraud that promises early access to pension savings before retirement age in exchange for fees, resulting in large tax penalties and the loss of pension funds.
Any data that can identify a specific individual — such as name, address, Social Security number, or biometrics — whose exposure enables identity theft and targeted scams.
A debt that does not legally exist — either entirely fabricated by a fraudster or based on a claim the consumer has never incurred — used to extract payments through intimidation.
Redirecting your browser to a fake website even when you type the correct web address, by poisoning DNS records or manipulating router settings.
A fraudulent message — usually email — designed to trick you into handing over passwords, card numbers, or other sensitive data by impersonating a trusted organisation.
A fake payment page injected into or mimicking a legitimate checkout flow to steal payment card details at the moment of purchase.
A pre-packaged set of files and scripts that lets criminals quickly deploy convincing fake websites to harvest credentials, often bundled with harvested brand assets and admin panels.
A category of multi-factor authentication that cannot be stolen or relayed by a fake website, because verification is cryptographically bound to the real domain.
Scam websites that charge fees or harvest personal data under the guise of providing reverse-phone-number or people-search lookups.
A long-con scam that blends romance or friendship with a fake investment platform, 'fattening up' the victim with attention before taking everything.
The initial fake job offer used to recruit victims into a pig-butchering (sha zhu pan) investment scam, typically framed as a remote data-entry, translation, or social-media assistant role.
The initial long-term social engineering phase of a pig-butchering investment scam, in which criminals build a deep, trusting relationship with the victim before introducing the fraudulent investment platform.
The fraudulent trading platform or crypto wallet used in pig-butchering scams to display fake profits and process victims' deposits before a final exit theft.
A fraudulent investment website or app operated entirely by scammers to display fabricated returns and prevent victim withdrawals.
Industrial-scale fraud facilities — often operating in South-East Asia — that employ coerced or trafficked workers to run pig-butchering, romance, and investment scams at volume.
A long-con investment fraud in which fraudsters build a relationship over weeks or months before introducing a fake investment platform and ultimately stealing all deposited funds.
The first stage of money laundering, where illegally obtained cash is introduced into the legitimate financial system.
A fraudulent investment operation that pays returns to earlier investors using money from newer investors, rather than genuine profits — collapsing when new money stops arriving.
The critical distinction between a Ponzi scheme (one central operator fakes returns for passive investors) and a pyramid scheme (participants must recruit to earn, with no central fabricated return).
Fraudulently transferring a victim's mobile phone number to a different network without their consent, redirecting calls and texts to the attacker.
The fraudulent transfer of a victim's mobile number to a different carrier under the attacker's control, a variant of SIM swapping that exploits number-porting procedures.
Fraud in which an attacker obtains the Porting Authorisation Code needed to move a victim's phone number to a new carrier without the victim's consent.
Misuse of a legal power of attorney document to steal, transfer, or mismanage a vulnerable person's finances or property for personal gain.
Deceptive use of high-charge phone numbers — typically 09xx or international equivalents — to extract money from callers who are unaware of the elevated cost.
A fraud that tricks victims into calling or staying connected to phone numbers that charge significantly above standard rates, generating profit for the scammer.
A payment card loaded with a fixed amount of money in advance, not linked to a bank account, and often used by fraudsters to receive payments anonymously.
A fraudulent phone call in which the caller uses a fabricated scenario (pretext) to manipulate the recipient into divulging information or taking an action.
Creating a fabricated scenario or false identity to manipulate a target into revealing sensitive information or performing an action they otherwise would not.
Artificially inflating a 'regular' price so that a discount appears larger than it actually is, deceiving consumers about the true saving.
A security principle holding that any user, system, or process should have only the minimum permissions necessary to perform its function, limiting the blast radius of any compromise.
A cryptographic secret that proves ownership of a cryptocurrency address and authorises transactions — analogous to the password and signature on your wallet combined.
A pyramid scheme disguised as a legitimate direct-sales company by attaching a real or nominal product to the recruitment fee, making the structure superficially resemble lawful multi-level marketing.
The use of forged, borrowed, or temporarily inflated account statements to deceive a counterparty into believing the fraudster has greater financial resources than they actually possess.
Fraudulent attempts to steal equity from a property or prevent the legitimate owner selling or remortgaging, including identity fraud, forged deeds, and conveyancing scams.
European legislation that requires banks to share customer account data with authorised third parties and mandates strong customer authentication for online payments.
The UK regulator for payment systems, which sets binding rules on banks and payment firms to reimburse victims of authorised push payment fraud.
The shareable identifier that others use to send cryptocurrency to you. It does not grant any ability to move funds.
A payment where the recipient requests and collects funds from the payer's account, such as a direct debit or card charge.
A scheme in which coordinated buyers artificially inflate an asset's price through hype and false statements, then sell their holdings at the peak — leaving latecomers with worthless assets.
A coordinated scheme where organisers accumulate a low-cap token, artificially inflate the price through hype, then sell while latecomers buy, crashing the price.
A coordinated private group — typically on Telegram or Discord — that secretly accumulates a low-value cryptocurrency then simultaneously promotes it to inflate the price before selling at a profit, leaving later buyers at a loss.
An encoding standard that converts Unicode domain names into ASCII-compatible form, which fraudsters exploit to create domain names that visually impersonate legitimate sites when displayed in browsers.
A phishing technique that uses internationalised domain names encoded in Punycode to display a convincing lookalike URL in a browser's address bar.
A scheme where a fraudster creates or manipulates purchase orders to authorise the delivery of goods or payment for services that benefit the attacker.
The mass delivery of unsolicited browser or app push notifications to trick users into clicking malicious links or approving fraudulent actions.
A payment initiated by the sender, who actively instructs their bank to transfer funds to a recipient.
Fraud where criminals use stolen card details to add a victim's payment card to a digital wallet on a device they control, enabling contactless or online purchases without the physical card.
A business model that rewards participants primarily for recruiting new members rather than selling genuine products or services, making it mathematically unsustainable.
A phishing technique that embeds malicious URLs in QR codes to bypass email security filters, which typically scan text links but not image content.
Phishing attacks that use malicious QR codes in place of links, directing victims to fake websites when scanned.
Malware that encrypts your files and demands payment — usually in cryptocurrency — in exchange for the decryption key.
Malware that gives an attacker complete remote control of an infected device — allowing them to view the screen, operate the camera, steal files, and more.
The Royal Canadian Mounted Police's role in investigating large-scale financial fraud and cybercrime, often working through the CAFC to triage and investigate cross-border cases.
Misuse of Rich Communication Services — the next-generation SMS standard — to send highly convincing phishing messages with interactive buttons, images, and verified branding.
Payment systems that process and settle transactions within seconds, any time of day, including evenings, weekends, and bank holidays.
A secondary scam that targets people who have already lost money to fraud, falsely offering to recover their losses in exchange for upfront fees or personal information.
A secondary fraud in which criminals pose as investigators or recovery services and charge upfront fees to victims who have already lost money to a prior scam.
A secondary fraud targeting previous scam victims, promising to recover lost funds for an upfront fee — but taking the fee and disappearing.
A sequence of recruits where each person's primary financial incentive is to bring in the next recruit, creating a chain structure whose growth is mathematically unsustainable.
The impersonation of legitimate employers or recruiters to deceive job-seekers into paying fees, surrendering personal data, or becoming unwitting mules.
A smart contract exploit where a malicious contract calls back into the victim contract before it finishes executing, draining funds in a loop.
A fraud in which a scammer pretends to issue a refund but tricks the victim into sending money themselves — often by manipulating a banking screen or exploiting remote access.
The US federal rule implementing the Electronic Fund Transfer Act, which limits consumer liability for unauthorised electronic transactions.
An attack on contactless or keyless systems where two criminals use radio equipment to extend the effective range of the card or key fob, tricking the reader into authorising a transaction or entry without the owner's knowledge.
A transfer of money by a person working abroad to family or contacts in their home country, often via specialist money transfer services.
A fraud in which a scammer convinces the victim to install legitimate remote-desktop software, then uses that access to steal funds, data, or to set up further fraud.
The submission of falsified documents or information on a rental application to secure tenancy for which the applicant would not legitimately qualify.
A fraud in which a fake landlord or property agent advertises a property that doesn't exist or isn't available, collecting a deposit or advance rent before disappearing.
An attack where a valid authentication or transaction message is captured and retransmitted to trick a system into accepting it as a new legitimate request.
An attack in which criminals insert malicious content into an ongoing legitimate email thread to lend their message credibility.
The in-platform mechanisms available on dating and social apps for flagging suspected fraudulent profiles, and the limitations of those systems.
A person recruited — usually through a fake job ad — to receive stolen goods or fraudulently purchased merchandise at home and forward them to another address, often abroad.
Fraudsters recruit unwitting individuals to receive goods bought with stolen cards and reship them overseas, making the recruits complicit in receiving stolen property.
A fraud where recruited 'package handlers' unknowingly receive stolen goods and reship them overseas, laundering physical merchandise purchased with stolen payment cards.
A court-ordered payment by an offender to compensate victims for financial losses caused by criminal conduct.
Reselling goods purchased at retail under misleading descriptions that overstate value, authenticity, or provenance to extract higher prices from buyers.
Abusing a retailer's return policy to obtain refunds or exchanges for items not genuinely eligible, including used goods, stolen items, or empty boxes.
A free consumer tool that can reveal whether a romantic contact's profile photographs have been taken from another person's online presence.
A fraud in which the victim believes they are running a scam themselves but is actually the one being manipulated and defrauded.
A phishing technique that uses a server acting as a transparent proxy between victim and target site, enabling real-time credential and token interception.
A variant of brushing in which sellers ship packages to real people specifically to post verified-purchase reviews under those recipients' identities.
A data subject's right under GDPR and UK GDPR to request that an organisation delete their personal data in certain circumstances.
An automated telephone call that delivers a pre-recorded message, frequently used to conduct mass fraud campaigns at minimal cost.
Automated mass phone calls that deliver pre-recorded fraudulent messages impersonating government agencies, banks, or utilities to trick recipients into taking urgent action.
An unauthorised Wi-Fi access point set up to mimic a legitimate network, tricking users into connecting and exposing their traffic to interception.
An online fraud that uses a fabricated romantic or friendship persona to build emotional trust before manipulating the victim financially.
A scam in which a victim is given apparent access to a cryptocurrency account that can only be unlocked by depositing their own funds, which are then stolen.
A scam that combines a fabricated romantic relationship with encouragement to invest in a fraudulent platform — a broad category that includes pig-butchering.
A manipulation in which a scammer persuades a victim to take out loans or drain retirement savings to fund what turns out to be a fraudulent relationship.
The use of a romantic relationship to persuade a victim to receive and forward money on behalf of the scammer, making the victim an unwitting money mule.
A follow-up fraud targeting people who have already been victimised by a romance scam, posing as recovery agents who can retrieve lost funds for a fee.
A fraud in which a scammer builds a fake romantic relationship online to gain the victim's trust, then asks for money under fabricated pretexts.
The financial element of a romance scam in which the fraudster requests money transfers, gift cards, or cryptocurrency after establishing an emotional relationship online.
Organised criminal groups — sometimes using trafficked workers — that run romance fraud at scale, with operators assigned to manage dozens of simultaneous targets.
The complex emotional and psychological harm — shame, grief, self-blame, and trust damage — that victims experience after a romance fraud is revealed.
The psychological, social, and practical obstacles that prevent romance fraud victims from reporting losses to authorities or seeking help.
A series of fabricated government, legal, or financial fees demanded before a promised sum from an online romantic contact can be released.
A fraud that combines romantic or friendship grooming with a fake job or investment opportunity, using manufactured emotional intimacy to lower the victim's financial guard.
A numeric code that identifies a specific bank or branch within a national payment network, used to direct domestic transfers to the correct institution.
A crypto scam in which developers build apparent momentum behind a new token or project, then suddenly withdraw all liquidity and disappear with investors' funds.
A vishing fraud in which callers impersonating your bank or police convince you to move your savings to a 'safe account' they control — the account is the scammer's.
Techniques used by malware to detect when it is being analysed in a controlled security environment and to alter or suspend its behaviour to avoid detection.
A form of MEV where a bot places one trade just before and one just after a victim's pending swap, profiting from the price impact the victim causes.
The practice of engaging with scammers — typically by an informed volunteer — to waste their time, gather intelligence, and reduce their capacity to victimise others.
Hong Kong's free public tool for checking whether a phone number, email, URL, or bank account has been linked to fraud reports in police records.
Singapore's government-developed mobile app that automatically filters scam calls and SMSes using AI and a centralised scam database maintained by the Singapore Police Force.
Australia's national scam reporting and consumer education service, operated by the Australian Competition and Consumer Commission (ACCC).
Fake security alerts — pop-ups, browser warnings, or audio alarms — designed to panic users into calling a fraudulent number or buying bogus software.
Fraud in which an attacker gains remote access to a victim's screen — often by tricking them into installing remote-access software — to view and control their device in real time.
The manipulation of search engine rankings to place fraudulent or malware-hosting sites prominently in search results for terms victims are likely to search.
Fraudsters impersonate auction sellers to contact losing bidders with a private 'second chance' deal, collecting payment without delivering anything.
A UK statutory right that makes credit card providers jointly and severally liable alongside a merchant for misrepresentation or breach of contract on purchases between £100 and £30,000.
A hardware-isolated chip inside modern smartphones and computers that stores cryptographic keys and biometric data, isolated from the main processor so malware cannot extract them.
A sequence of 12 or 24 common words that is the master key to a cryptocurrency wallet — anyone who has it can access and drain every asset in that wallet.
Stealing a crypto wallet's seed phrase (recovery phrase) by deception, malware, or physical means, giving the thief complete and irreversible control of all assets in the wallet.
Criminals gain unauthorized access to a legitimate marketplace seller account to divert payments, list fraudulent products, or conduct fraud under an established identity.
Artificially inflating or sabotaging marketplace seller ratings through coordinated fake reviews, threats, or incentivized feedback.
A standardised euro payment scheme allowing individuals and businesses across 36 European countries to make low-cost, consistent bank transfers.
The UK's specialist agency for investigating and prosecuting serious or complex fraud, bribery, and corruption cases, using combined investigation and prosecution powers.
Stealing an active authenticated session token to gain unauthorised access to a victim's account without needing their password.
The process by which funds from card or bank transactions are actually transferred between financial institutions and credited to the merchant or recipient.
A fraud in which a scammer persuades a victim to exchange explicit messages or images and then immediately uses the material as leverage for payment.
Blackmail using intimate images or recordings — real, staged, or fabricated — to extort money or further material from the victim under threat of exposure.
A long-con scam originating from Chinese criminal networks in which a victim is 'fattened' with emotional investment before being slaughtered financially.
Inserting a thin fraudulent device inside a card reader's chip slot to intercept and copy EMV chip data during a legitimate transaction.
A fraud where attackers mimic messages from legitimate five- or six-digit short codes used by businesses and governments, embedding malicious links or requests.
Observing a person's screen, keypad, or document over their shoulder to steal PINs, passwords, account numbers, or other sensitive information.
An invisible text message that produces no notification on the recipient's phone but forces the device to register with a cell tower, revealing its approximate location.
A device loaded with many local SIM cards that intercepts international calls and re-terminates them as local calls, defrauding carriers of international termination fees.
Creating a duplicate SIM card that shares a legitimate subscriber's identity, allowing the cloner to make calls and receive messages billed to the victim's account.
A bank of SIM cards and mobile devices used to send mass fraudulent SMS messages at scale before numbers are blocked by carriers.
A broad term for attacks that seize control of a victim's mobile phone number, including SIM swap fraud and port-out fraud, to intercept SMS codes and calls.
A carrier security feature that prevents your phone number from being ported to another carrier or SIM card without additional in-person verification, protecting against SIM-swap fraud.
Fraudulently transferring your mobile number to a SIM card the attacker controls, so they can intercept your calls, texts, and one-time passcodes.
An attack where a fraudster convinces a mobile carrier to transfer a victim's phone number to a SIM they control, enabling bypass of SMS two-factor authentication to access crypto accounts.
A scam where criminals convince your mobile carrier to transfer your phone number to a SIM card they control, then use it to bypass SMS-based two-factor authentication.
A fraud in which an attacker convinces a mobile carrier to transfer the victim's phone number to a SIM card the attacker controls, enabling them to intercept SMS messages and calls including authentication codes.
A specialised unit of the Singapore Police Force that works with banks to freeze scam-linked accounts and recover funds transferred by fraud victims.
The Singapore Police Force's dedicated 24-hour hotline (1800-722-6688) for reporting scams and getting immediate advice when you suspect you are being defrauded.
Covertly copying card data from the magnetic stripe or chip using a concealed device attached to ATMs, payment terminals, or fuel pumps.
An independent security review of a blockchain smart contract's code to identify vulnerabilities before deployment or investment.
A phishing attack delivered by SMS text message, often impersonating delivery companies, banks, or government services.
A packaged toolkit sold on criminal markets that enables low-skill fraudsters to launch SMS phishing campaigns, including message templates, fake landing pages, and victim data collection tools.
The specific pretexts used in SMS-based phishing attacks — including fake parcel notifications, bank fraud alerts, toll notices, and government messages.
A technique that uses SMS phishing to direct victims to install a malicious app outside of the official app store, bypassing standard security reviews.
A technique that replaces the numeric originator of an SMS with a fake name or number, making messages appear to come from a trusted brand or government body.
A money laundering technique that breaks large sums of illicit cash into many smaller deposits made by multiple individuals to avoid triggering bank reporting thresholds.
Breaking large amounts of cash into smaller transactions to avoid triggering mandatory bank reporting thresholds.
A pattern in which a scammer introduces increasingly dramatic personal crises to justify repeated and growing requests for money.
Manipulating people psychologically — rather than hacking systems technically — to make them reveal information, grant access, or take actions that benefit a fraudster.
The compromise of a victim's social media account to post scam content, impersonate the victim, or extract money from their followers.
The use of social media platforms to recruit money mules — typically through lifestyle posts, direct messages, or fake job ads — targeting young or financially stressed individuals.
The practice of mining social media platforms for potential romance scam targets based on profile indicators of loneliness, bereavement, or financial means.
Fraud conducted through social media platforms — including fake giveaways, investment adverts, impersonation accounts, and romance or friendship deceptions.
Criminal misuse of a Social Security number to steal identity, file fraudulent tax returns, obtain government benefits, or open credit accounts in the victim's name.
Fraudulent sellers use live-streaming platforms to create urgency and social proof for products that are fake, never shipped, or misrepresented.
Fraudulent investment opportunities promoted through social-media platforms using fake profiles, paid ads, or hijacked accounts to lure victims with promises of high returns.
The use of fabricated or misleading endorsements, follower counts, reviews, or testimonials to make a fraudulent offer appear credible and popular.
A slow, gradual crypto exit scam where project insiders quietly sell their holdings and reduce activity until the project dies, rather than making one dramatic exit.
The exploitation of the legitimate Caribbean/African rotating savings circle (sou-sou or susu) by scammers who mimic the format but have no intention of distributing funds fairly.
The free shortcode used in the UK (and US) to forward suspicious SMS messages to mobile operators for investigation.
A highly targeted phishing attack that uses personal details about the victim — name, employer, colleagues — to appear more credible.
A fraudulent website domain designed to closely mimic a legitimate organisation's domain in order to deceive users into thinking they are on the genuine site.
A technique where a fraudster falsifies the name or number that appears as the sender on an SMS or email, making a message appear to come from a trusted brand or individual.
Faking the display name, phone number, or email address on a message so it appears to come from a trusted source.
Software that covertly monitors device activity — browsing, keystrokes, messages, or location — and transmits the data to a third party without the user's knowledge.
Street or social-media slang for money-flipping scams where an operator claims to 'square' or double cash through insider access to payment platforms, targeting financially vulnerable individuals.
An exploitation of decades-old telephone network signalling protocols to redirect calls and SMS messages, enabling location tracking and two-factor code interception.
An attack that downgrades an encrypted HTTPS connection to unencrypted HTTP, allowing an attacker positioned between the user and server to intercept communications.
Older SSL and early TLS protocol versions have known vulnerabilities and should not be used; only TLS 1.2 and 1.3 are considered secure for protecting sensitive connections today.
A breakdown in the mechanism maintaining a stablecoin's price peg to a fiat currency, resulting in sudden and potentially permanent loss of value.
Software secretly installed on a victim's device — typically by an intimate partner or abuser — that covertly monitors calls, messages, location, and other activity.
The legal deadline by which a civil claim or criminal prosecution must be filed, after which the right to legal action may be permanently lost.
A debt that is too old to be legally enforced through the courts because the statutory limitation period has expired, though the debt itself still technically exists.
A US and Canadian framework that cryptographically signs outgoing calls so receiving carriers can verify whether the displayed caller-ID number is legitimate.
The deliberate division of financial transactions into smaller amounts specifically to evade mandatory currency reporting requirements, regardless of whether the funds are from illegal sources.
A formal request by an individual for a copy of all personal data held about them by an organisation, as a right under UK GDPR and EU GDPR.
A deceptive user interface design that tricks users into subscribing, continuing, or upgrading against their interests or without their informed consent.
A deceptive sign-up flow that hides ongoing recurring charges in fine print, making it easy to start a subscription and very difficult to cancel it.
A fraud in which the scammer poses as a wealthy sponsor offering financial support in exchange for companionship, but extracts money from the victim before any payment arrives.
An attack that targets a less-secure element in a software or hardware supply chain to compromise the many organisations that rely on that supplier.
A confidential report filed by a financial institution or other regulated business when it suspects a customer or transaction involves money laundering or fraud proceeds.
A fraud in which criminals build a false romantic relationship online to manipulate victims into sending money, gifts, or personal financial access.
The global messaging network used by banks to securely send payment instructions for international wire transfers.
Creating a fictitious identity by combining real stolen data (such as a Social Security Number) with invented personal details, to open accounts and accumulate credit with no intention of repaying.
A fraud in which criminals create fictitious identities by combining real and fabricated personal data — often a real Social Security or National Insurance number with invented other details.
A fraud where criminals create a fictitious identity by combining real and fabricated personal data to open accounts and obtain credit.
A physical security breach where an unauthorised person gains access to a restricted area by following closely behind an authorised person as they use their access credential.
A UK national campaign led by UK Finance that urges consumers to pause and question unexpected financial requests before acting, using the slogan Stop. Challenge. Protect.
A fraud where victims are recruited for a fake remote job that involves completing simple online tasks, then lured into paying fees to unlock earnings they never receive.
A fraud in which a criminal uses a victim's personal information to file a false tax return or claim a refund, typically before the legitimate taxpayer does so.
A fraud where scammers impersonate tech companies offering refunds for discontinued services, then trick victims into 'accidentally' sending more than the refund amount using banking manipulation.
A fake subscription renewal notice — commonly impersonating well-known tech or security brands — that tricks victims into calling a number and giving remote access to their device.
A fraud in which criminals pose as Microsoft, Apple, or another tech company to convince victims their device has a serious problem, then extract money or install malware under the guise of fixing it.
Fraudulent or corrupt conduct by carrier employees who misuse privileged system access to facilitate SIM swaps, sell customer data, or enable surveillance.
Fraudulent sales or solicitation conducted by phone, typically involving false representations, high-pressure tactics, and no intention to deliver the promised product or prize.
A small, low-stakes first financial request used by scammers to gauge a victim's willingness to send money before escalating to larger demands.
Fraud committed against a financial institution or business by an external criminal using a victim's identity or account details, without the account holder's knowledge or consent.
An attack where a fraudster inserts themselves into an existing legitimate email conversation to lend credibility to a fraudulent request.
Any individual, group, or organisation that carries out or orchestrates a cyberattack, scam, or fraud campaign against a target.
Curated, contextualised information about current and emerging cyber threats — including attack methods, malicious infrastructure, and threat-actor behaviour — used to anticipate and prevent incidents.
A fraud that targets existing timeshare owners, promising to cancel or sell their timeshare in exchange for large upfront fees that are never earned.
A crime where a fraudster forges ownership documents to falsely transfer or mortgage a property, stealing equity from the real owner.
A schedule that restricts when project insiders can sell their token allocations, used to signal commitment but often manipulated to deceive investors.
A fraudulent fundraise where scammers collect cryptocurrency in exchange for tokens at a discounted rate, then disappear before any product or token is delivered.
The theft of authentication or session tokens to gain unauthorised access to accounts without needing the victim's password or MFA code.
Misuse of 0800 or 1-800-style numbers to add false legitimacy to scam operations, or deliberate confusion between genuine and fake toll-free numbers.
UK local authority departments that enforce consumer protection law — including weights and measures, product safety, counterfeit goods, and doorstep-selling fraud.
An e-commerce fraud where a criminal acts as a middleman — taking real orders with stolen card details, then purchasing the goods legitimately and shipping them to the buyer.
A fraud scheme in which a criminal storefront accepts genuine customer orders and payments, then buys the goods with stolen card details from a legitimate retailer and ships directly to the customer.
The deliberate early stage of a romance scam in which the fraudster establishes credibility and emotional closeness before any financial request is made.
A security method requiring two separate proofs of identity — typically a password plus a code from your phone — before granting access to an account.
Techniques that circumvent two-factor or multi-factor authentication to gain unauthorised account access, most commonly real-time phishing and SIM-swap attacks.
A scam where a domain with a common misspelling of a popular website automatically redirects visitors to a phishing page, malware download, or fraudulent storefront.
Registering domain names that are common misspellings of popular websites to intercept mistyped traffic and serve phishing pages or malware.
A domain name deliberately registered with a common misspelling of a well-known brand to intercept mistyped web traffic.
Contract clauses that create a significant imbalance between the parties' rights and obligations to the detriment of the consumer — often unenforceable under UK and EU consumer law.
A money mule who genuinely believes they are doing legitimate work and has no knowledge that the funds they are handling are stolen or fraudulent.
A fake job or business opportunity that requires payment for mandatory training, certification, or onboarding before work begins — training that is worthless or that the legitimate employer would never charge for.
Deceptive sales practices in which customers are pressured or misled into purchasing more expensive or unnecessary products or services under false pretences.
The misuse of legitimate URL-shortening services to disguise malicious links, bypassing security filters that check destination URLs.
A behavioural pattern in which a fraudster consistently refuses or finds excuses to avoid live video contact, protecting the false identity they have constructed.
A fraudulent overseas job offer that requires the victim to pay visa-sponsorship or work-permit fees which are pocketed by the scammer, with no genuine job existing.
Voice-call phishing where fraudsters phone you pretending to be banks, police, tech companies, or government agencies to extract money or sensitive information.
Phone-based social engineering where scammers impersonate banks, government agencies, or tech companies to verbally extract credentials, money, or personal information.
A two-stage attack combining a phishing email with a fraudulent phone number, prompting the victim to call the attacker rather than the attacker calling them.
The specific personas used in voice phishing calls — including bank fraud teams, government agencies, tech support, police officers, and utility companies — each designed to trigger compliance through authority or fear.
A pre-packaged toolkit that enables fraudsters to run voice phishing operations, including scripts, spoofed caller ID tools, and automated dialling infrastructure.
Using AI to replicate someone's voice from a small audio sample, enabling fraudsters to impersonate family members, executives, or public figures in phone calls or audio messages.
AI-synthesised audio that convincingly replicates a target person's voice characteristics, used for impersonation in fraud, disinformation, and identity-based attacks.
Unauthorised access to a voicemail inbox, often by exploiting default or weak PINs, used to retrieve two-factor codes, private messages, and personal information.
A fraud technique that leaves a pre-recorded urgent message in a victim's voicemail, prompting them to call back a fraudulent number or visit a phishing site.
Automated attacks that test vast lists of stolen username-password combinations against VoIP service portals to gain access for fraud or free call abuse.
A service that encrypts your internet traffic and routes it through a server in a chosen location, masking your real IP address from websites and your ISP.
A malicious smart contract or script that tricks cryptocurrency users into approving transactions that empty their wallet in one action.
A fraud where your phone rings once from an international number; calling back connects you to a premium-rate line that racks up charges.
A scam where a fraudster calls your phone and hangs up after one ring, hoping curiosity will prompt you to call back an expensive international number.
A form of market manipulation where the same asset is bought and sold simultaneously by coordinated parties to create the illusion of trading volume and price activity.
Artificially inflating an asset's trading volume by repeatedly buying and selling it between controlled accounts to create a false impression of market activity.
A targeted attack where criminals compromise a website frequented by the intended victims, infecting them when they visit the site during normal activity.
Spear phishing that specifically targets senior executives — CEOs, CFOs, or board members — to authorise large fraudulent payments or expose company secrets.
A tactic in which a scammer moves a target from a dating or social platform to WhatsApp or another encrypted messaging app to avoid platform moderation.
A US federal crime involving any scheme to defraud using electronic communications — including email, phone, and internet — with a maximum penalty of 20 years imprisonment.
Fraud that tricks an individual or business into sending an irrevocable bank wire to a criminal-controlled account, typically through impersonation or fake payment instructions.
The use of international wire transfers as a payment method in romance scams, chosen for their speed, irreversibility, and difficulty in tracing funds.
A money mule who suspects or has reason to believe that the funds they are handling are illegitimate but proceeds anyway, often rationalising the activity or ignoring clear warning signs.
A tokenised version of a cryptocurrency issued on a different blockchain, backed by the original asset held in custody by a bridge or issuer.
A security model that requires every user, device, and connection to be continuously verified, regardless of whether they are inside or outside the corporate network.
A security model that eliminates implicit trust based on network location, requiring continuous verification of every user, device, and access request regardless of where it originates.
A software flaw unknown to the vendor — and therefore unpatched — that attackers can exploit before any fix is available.
A cryptographic method that lets one party prove they know something — such as a password — without revealing the information itself, used in privacy-preserving authentication.
Old, often statute-barred debt that has been purchased and reactivated by collectors attempting to collect payment, sometimes using aggressive tactics on legally unenforceable claims.