Loading…
Loading…
Scammers impersonate organisations you trust. Learn how each impersonation works — and the things the real organisation will never ask.
How scammers impersonate banks — and the things a real bank will never ask you to do.
courierScammers send fake DHL delivery notifications to steal personal and payment details. The real DHL will never ask you to pay a surprise customs fee via a link in an unsolicited text.
courierFraudsters impersonate FedEx with fake delivery alerts and fee demands designed to harvest payment or personal details. Real FedEx never asks for surprise fees via unsolicited links.
courierScammers send fake USPS delivery texts and emails to steal personal information and payment details. The real USPS will never ask you to pay a fee through a link in an unsolicited message.
courierFraudsters send fake Royal Mail texts and emails to harvest card details under the guise of a missed delivery or unpaid customs charge. The real Royal Mail will not ask you to pay fees through links in unsolicited messages.
techScammers impersonate Microsoft with fake security alerts, pop-up warnings, and tech-support calls designed to gain remote access to your device or charge you for unnecessary 'fixes'.
techFraudsters impersonate Apple through fake security alerts, phishing emails about Apple ID, and bogus support calls. The real Apple will never call you unsolicited or ask you to share a verification code.
techScammers impersonate Google through fake account-suspension warnings, phishing emails, and bogus Google support calls to steal credentials or payment details.
retailFraudsters impersonate Amazon with fake order confirmations, account-suspension warnings, and call-centre scams to steal payment details or gain remote access to devices.
retailScammers impersonate eBay to harvest account credentials, intercept payments, and trick buyers and sellers into transacting outside the platform's protections.
streamingFraudsters send fake Netflix billing and account-suspension emails to harvest payment details. The real Netflix will never threaten immediate suspension via an unsolicited message with a payment link.
paymentScammers impersonate PayPal with fake payment alerts, account-limitation emails, and invoice scams to steal credentials and money. The real PayPal will never ask you to call a number from an email to dispute a charge.
governmentScammers impersonate the IRS with threatening calls and emails claiming you owe back taxes, face arrest, or must act immediately to avoid penalties. The real IRS always contacts you by post first and will never demand gift-card payment.
governmentScammers impersonate HMRC with threatening calls, fake tax-refund texts, and phishing emails demanding payment or personal details. The real HMRC will never demand gift-card payment or threaten immediate arrest on a cold call.
governmentFraudsters impersonate the Social Security Administration with calls threatening to suspend your Social Security number or benefits unless you pay or provide personal information immediately.
telecomScammers impersonate mobile carriers to steal account credentials, perform SIM-swap fraud, and harvest personal details under the guise of account alerts or prize offers.
techFraudsters impersonate Instagram with fake account-verification alerts, copyright violation warnings, and blue-badge offers to steal account credentials and personal information.
crypto-exchangeScammers impersonate Coinbase with fake account-suspension alerts and spoofed support calls. The real Coinbase will never call you unsolicited or ask you to send crypto to verify your identity.
crypto-exchangeFraudsters impersonate Binance through fake KYC verification emails and phishing sites. Binance will never ask you to confirm your identity by sending cryptocurrency to an external address.
crypto-exchangeScammers impersonate Kraken with fake account-verification emails and phishing pages. Kraken will never ask for your password or request a crypto transfer to verify your identity.
crypto-walletScammers impersonate MetaMask to steal seed phrases by claiming wallet sync or update is required. MetaMask will never ask for your 12-word Secret Recovery Phrase anywhere outside the app setup screen.
crypto-walletScammers impersonate Ledger — particularly after the 2020 data breach — to trick hardware wallet owners into revealing seed phrases. Ledger will never contact you to verify your recovery phrase.
crypto-walletScammers impersonate Trezor with fake firmware update emails and phishing versions of Trezor Suite. Trezor will never send an unsolicited email asking you to enter your recovery seed on a website.
crypto-exchangeScammers impersonate OpenSea with fake NFT offers and phishing emails that trigger malicious wallet approval transactions. OpenSea will never ask you to sign a transaction to 'verify' your account.
paymentScammers impersonate Cash App with fake 'Cash App Friday' giveaways and phishing messages claiming account verification is needed. Cash App will never ask you to send money to receive a prize.
paymentScammers impersonate Wise with fake international transfer alerts and phishing pages designed to steal login credentials and redirect payments. Wise will never ask you to confirm a transfer by clicking a link in an unsolicited email.
paymentScammers impersonate Stripe to target business owners with fake payout-hold notices and phishing pages. Stripe will never ask for your API keys via email or threaten to close your account unless you verify through a link.
paymentScammers impersonate Revolut with fake suspicious-activity alerts and spoofed support calls. The real Revolut will never ask you to move money to a 'safe account' or share a one-time passcode.
paymentScammers impersonate Zelle — and the banks that offer it — to trick users into authorising transfers under the guise of fraud prevention. Because Zelle transfers are instant and typically irreversible, victims rarely recover their money.
retailScammers impersonate Walmart with fake order confirmation emails and gift card payment demands. Walmart will never ask you to pay a fee in Walmart gift cards to claim a prize or resolve an order issue.
retailScammers impersonate Target with fake order cancellation calls and gift card payment demands. Target will never instruct you to buy Target gift cards over the phone to resolve any account or order issue.
retailScammers impersonate Best Buy's Geek Squad support service with fake subscription renewal emails. Best Buy and Geek Squad will never call you to process a refund that requires installing remote-access software.
retailScammers impersonate Home Depot with fake sweepstakes, fraudulent order emails, and gift card demands. Home Depot will never require gift card payments to collect a prize or resolve an order dispute.
travelScammers impersonate Airbnb with fake booking confirmation emails and off-platform payment requests. Airbnb will never ask guests to pay a host directly outside the platform to secure a listing.
travelScammers impersonate Booking.com — and sometimes compromise real hotel accounts on the platform — to redirect guest payments. Booking.com will never ask you to pay again for a booking already confirmed through the platform.
travelScammers impersonate Marriott with fake loyalty point expiry notices and phishing reservation emails. Marriott Bonvoy will never ask you to verify account points by clicking a link and entering your password.
travelScammers impersonate Hilton Honors with fake point expiry emails and fraudulent booking confirmations. Hilton will never ask you to pay an additional fee via email to confirm an existing reservation.
travelScammers impersonate Delta Air Lines with fake flight cancellation alerts and SkyMiles phishing emails. Delta will never ask you to re-enter payment details via an unsolicited email link to keep a confirmed booking.
travelScammers impersonate United Airlines with fake itinerary-change emails and MileagePlus phishing. United will never ask you to pay a rebooking fee via gift card or re-verify account details through an email link.
rideshareScammers impersonate Uber with fake account-suspension emails and spoofed driver income alerts. Uber will never ask you to re-verify your account by sending crypto or gift cards.
rideshareScammers impersonate Lyft with fake account deactivation notices and fraudulent driver income messages. Lyft will never ask you to pay a reactivation fee or submit bank details via an unsolicited email link.
datingScammers impersonate Tinder with fake safety verification links and phishing emails claiming account violations. Tinder will never ask you to verify your identity through an off-platform website to continue matching.
datingScammers impersonate Bumble with fake account suspension emails and fraudulent match profiles that push external verification links. Bumble does not direct users to third-party verification sites outside the app.
telecomScammers impersonate AT&T with fake billing alerts and SIM swap attempts. AT&T will never ask you to confirm a SIM change or bill payment via a link in an unsolicited text.
telecomScammers impersonate T-Mobile with smishing texts and fake prize notifications. T-Mobile will never ask you to click a text link to claim a reward or re-verify your account details.
telecomScammers impersonate Verizon with fake smishing texts and fraudulent account verification emails. Verizon will never ask you to confirm account changes or pay outstanding balances via a link in an unsolicited text.
telecomScammers impersonate Vodafone with fake account suspension texts and fraudulent prize notifications. Vodafone will never ask you to verify your account or claim a reward by clicking a link in an unsolicited text.
governmentScammers impersonate the DWP to steal personal and banking details from benefits claimants. The real DWP will never ask you to confirm bank details or National Insurance number via a text message link.
governmentScammers impersonate the DVLA with fake vehicle tax or driving licence renewal texts. The DVLA will never ask you to update payment details or renew a licence via a link in an unsolicited text.
governmentScammers impersonate Centrelink with fake payment delay texts and myGov phishing pages. Centrelink will never ask you to provide bank details or confirm a tax file number via a link in an unsolicited text.
governmentScammers impersonate Service Canada with fraudulent SIN theft calls and fake EI payment text alerts. Service Canada will never call to say your Social Insurance Number has been suspended.
streamingScammers impersonate Disney+ with fake subscription renewal emails and account verification pages. Disney+ will never ask you to re-enter payment details via a link in an unsolicited email.
streamingScammers impersonate Spotify with fake Premium renewal emails and account-suspended texts. Spotify will never ask you to update payment details or verify your account via a link in an unsolicited email or text.
investmentScammers impersonate Robinhood with fake account restriction emails and fraudulent customer service calls. Robinhood will never call you to resolve a restriction and ask you to move funds to an external account.
techScammers impersonate WhatsApp with fake account verification code requests and hijacking attacks. WhatsApp will never contact you to ask you to forward a six-digit code to another person.
techScammers impersonate Meta and Facebook with fake copyright violation warnings and account suspension threats. Meta will never demand payment to restore a disabled account or ask you to click a Messenger link to avoid a policy strike.
techScammers impersonate TikTok with fake creator fund payment emails and account verification warnings. TikTok will never ask you to verify your account or claim earnings by clicking an unsolicited email link.
techScammers impersonate Telegram with fake account verification messages and fraudulent premium subscription offers. Telegram will never message you from an official account asking for your phone number or verification code.
datingScammers impersonate Hinge with fake account verification links and off-platform investment pitches. Hinge will never ask you to verify your identity on a third-party website before connecting with a match.