How to Spot Banking Scams

Banking fraud is one of the fastest-growing crimes in the UK. Whether it's a fake charge on your statement, a phishing email pretending to be your bank, or a subscription trap you don't remember signing up for — scammers are becoming more sophisticated every year. The good news is that most scams follow identifiable patterns. Once you know what to look for, you can protect yourself and act quickly if something goes wrong. This guide walks you through the key red flags, how to verify a suspicious charge, and the exact steps to take if you've been targeted.

The Most Common Banking Scam Types

UK fraud falls into a handful of recurring categories. Fake merchant charges appear on your statement with names that look like real companies. Phishing emails impersonate your bank to steal login credentials. Subscription traps charge you after a "free trial" you forgot to cancel. SIM swap fraud redirects your phone number so scammers can intercept two-factor authentication codes. Overpayment scams convince you to return money that was never real. Understanding which type you're dealing with is the first step to responding correctly.

See all 8 scam types in detail

Red Flags on Your Bank Statement

The clearest early warning sign is a charge you genuinely don't recognise — but not all unrecognised charges are fraud. Many are simply merchants using abbreviated or unfamiliar descriptors. The key red flags that suggest something more sinister: the amount is unusual (very small — used to test a card — or very large); the timestamp doesn't match any recent activity; there are multiple small charges in quick succession; the descriptor contains random characters or odd spacing; or there is no corresponding confirmation email from the company.

A £1.00 charge from an unfamiliar name followed two days later by a £299.00 charge from the same descriptor is a classic card-testing pattern.

How to Verify a Suspicious Charge

Before reporting a charge as fraud, take a few minutes to verify it. First, search the descriptor text using a tool like Detect My Charge — many unfamiliar descriptors belong to legitimate merchants. Second, check your email for a confirmation or receipt from around the date of the charge. Third, check whether anyone else with access to your card (a partner or family member) made the purchase. Fourth, log into the merchant's website directly (never via an email link) and check your order or subscription history. If none of these steps account for the charge, it is safe to escalate.

Search a charge descriptor

Warning Signs in Emails, Texts & Calls

Fraudsters rarely attack your bank account directly — they first try to compromise your credentials or trick you into transferring money yourself. Watch for emails with urgent subject lines ("Your account will be suspended"), sender addresses that look almost right but contain typos or use free email domains, and links that hover to URLs different from what the text shows. Suspicious texts often contain shortened URLs (bit.ly, tinyurl.com) and reference packages you're not expecting. Phone calls from your "bank" that ask you to confirm card details, move money to a "safe account", or read out an SMS code are almost always fraudulent — your bank will never ask for any of these things.

Legitimate banks address you by your full name, never ask for your PIN or full password, and never ask you to transfer money to another account for security reasons.

Common Responses If You've Been Targeted

If you believe you've been targeted, many people find it helpful to act promptly. This is educational information about what others commonly do — it is not personalised advice for your situation. Common steps people consider include: (1) Contacting their bank's fraud team — the number is typically on the back of your card or on the bank's official website. (2) Updating their online banking password from a trusted device. (3) Reviewing two-factor authentication settings on important accounts. (4) Checking their credit report for any unfamiliar accounts or applications. (5) Reporting to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040 — they can issue a reference number that your bank may request.

How to dispute a bank charge

What Commonly Happens After a Scam

If money has already left your account, many people contact their bank as a first step. Under UK rules, banks are generally required to refund authorised push payment (APP) fraud in most cases — this is based on published regulations, though individual circumstances may vary. For card fraud where you did not authorise the payment, chargeback rights exist under the Consumer Credit Act and card scheme rules. Keeping records — screenshots, emails, transaction details — is commonly recommended as banks may request these during an investigation. If personal data was compromised, some people choose to add a fraud alert to their credit file with Experian, Equifax, or TransUnion.

Habits That Many People Use for Long-Term Protection

Many people find that fraud protection is most effective when built into regular habits. Reviewing bank statements regularly — some people do this weekly — means unusual activity is spotted sooner. Many banking apps offer real-time push notifications for each transaction, which some people find helpful. Using unique passwords for each account, often managed via a password manager, is a widely recommended practice. Authenticator-app two-factor authentication is generally considered more secure than SMS-based codes. Being selective about who you share personal details (date of birth, mother's maiden name, address) with is also a common approach, as these are frequently used in identity verification.

Scam prevention checklist

Frequently Asked Questions

How do I tell if a charge on my bank statement is fraud?

Search the descriptor on Detect My Charge — most unfamiliar charges are legitimate merchants using abbreviated names. Check your email for a receipt from around that date, and check whether anyone else with access to your card made the purchase. If none of these explain it, contact your bank to dispute the charge.

Will my bank refund me if I've been scammed?

For unauthorised card payments (where you didn't approve the transaction), UK banks are required to refund you under the Payment Services Regulations 2017. For authorised push payment fraud (where you were tricked into sending the money yourself), banks must also reimburse you in most cases under the Mandatory Reimbursement rules that came into force in 2024.

What is Action Fraud and can I report to them?

Action Fraud is the UK's national fraud reporting service, run by the City of London Police. Many people choose to report banking fraud or scams at actionfraud.police.uk or by calling 0300 123 2040. They can issue a crime reference number that your bank may request as part of their investigation.

How quickly is it worth reporting a fraudulent charge?

Many people find it helpful to report promptly. Banks have dispute time limits — typically 60 to 120 days from the transaction date for card disputes. Earlier reports may also increase the chance of recovering funds before they are moved further.

Can people reduce the risk of SIM swap fraud?

Many people ask their mobile provider to add a verbal security phrase or PIN to their account — this means no one can request a SIM swap without providing it. Switching from SMS-based two-factor authentication to an authenticator app is also a widely recommended practice, as authenticator apps are not affected by SIM swap.

What do people commonly do after clicking a phishing link?

Common steps people consider include: updating their password on the affected service from a different, trusted device; reviewing two-factor authentication settings; checking the account for any unfamiliar activity; and contacting their bank if card details were entered. Some people also run antivirus software if anything was downloaded, and monitor their accounts over the following weeks.

Use Detect My Charge to identify any unknown bank charge instantly.