Scam and fraud awareness – guidance for clients

Financial fraud happens when someone illegally uses deception to gain money, assets, or access to sensitive financial information. This includes scams, phishing, identity theft, and unauthorised transactions.

• Cloning Scam: Fraudulent duplication of legitimate businesses emails, texts, websites or phone calls. These cloned identities are then used to deceive individuals into making financial transactions or revealing sensitive information.
• Phishing: Fraudulent emails, texts, or calls asking for personal information.
• Investment scams: Promises of high returns with little or no risk.
• Impersonation scams: Criminals pretending to be banks, financial advisers, or government officials.
• Romance scams: Scammers creating fake relationships to ask for money.
• Account takeover: Unauthorised access and use of your financial accounts.

Be suspicious if:

• You’re pressured to act immediately.
• The message contains urgent threats (e.g., account closure, legal action).
• The sender’s email or phone number looks unusual.
• They ask for sensitive information like passwords, PINs, or full account numbers.
• There are spelling errors or awkward language in the message.

• Do not respond or provide any personal information.
• Contact your bank or financial service provider directly using official contact details.
• Report the scam to your local fraud agency (e.g., Action Fraud in the UK, FTC in the US).

• Keep personal information private.
• Use strong, unique passwords and update them regularly.
• Enable two-factor authentication (2FA) where possible.
• Verify contact details independently if someone claims to represent your bank.
• Regularly review account activity and report suspicious transactions immediately.

No. Legitimate financial institutions will never ask you for your full password, PIN, or security codes via email, text, or phone call.

• Contact your bank immediately to secure your accounts.
• Change your passwords where applicable.
• Monitor any financial accounts closely for unauthorised activity.
• Report the incident to your financial adviser, financial provider and relevant authorities.

Yes, common red flags include:

• Promises of guaranteed or unusually high returns.
• High-pressure tactics to "act now."
• Requests for money to be sent overseas.
• Reluctance to meet face to face.

We recommend checking your financial accounts at least once a week — even daily if possible — especially if you notice unusual activity or after sharing personal information online.

• Visit any financial service provider's fraud awareness page.
• Check with official agencies like the Financial Conduct Authority (FCA), The National Cyber Security Centre or Action Fraud.
• Sign up for scam alerts from trusted sources.

Unexpected emails may be malicious; containing viruses or other tools criminals use to gain access to your information. Do not:

• reply to an email asking for sensitive information,
• open an unexpected attachment,
• or enter information into a website that you are directed to by a hyperlink.

Instead, use a search engine to look at the organisation’s home page. Do not give sensitive information such as plan numbers to a caller if you are unsure of who they are.

Investment and utility scams are usually difficult to spot because they’re designed to appear like genuine businesses offering great deals.

Keep an eye out for these red flags:

• A guaranteed promise of interest or energy rates that are at odds with the current market and seem too good to be true
•  A time-limited offer if you sign up before a set date. They may also ask you not to tell anyone else about the 'exclusive' deal.
• The person contacting you downplays the risks to your money using legal jargon to mislead you.
• You are pressurised to sign up and provide bank details or transfer money quickly and through unusual means.

Romance scams or ‘catfishing’ are designed to build a relationship and gain your trust.

Red Flags:

• Early declaration of strong feelings, or the suggestion to talk more privately by email, phone, or instant messaging.
• Their online profile is basic, contains spelling or grammar mistakes or is inconsistent with the stories they tell you.
• They appeal to your compassionate side with emotional requests for money, e.g. for emergency medical care, to support family, or flight costs to visit you from overseas.
• They ask for money through bank or money transfers, the purchase of gift cards or presents, or even access to your bank account or card.

Authorised Push Payment (APP) Fraud

Red Flags:

• You are told you’ve been a victim of fraud and you need to move your money to another account quickly. This is not a normal banking process, so question it at the highest level.
• Make sure you phone your bank directly, ideally on the number on your bank card or a letter and check any changes to payment details.
• Don’t rely on emails - they could be intercepted.
• Never rush payments - genuine organisations will wait.

Social Media is a good way to store and share personal information. Cyber criminals will also use social media to look for your date of birth, place of birth or middle name, for example, which they can use to take over your accounts or commit identity theft. Use the privacy settings on websites and be careful about what you make publicly available. Be aware of what your friends and family post about you.

Cloning fraud occurs when criminals impersonate a legitimate financial institution or adviser by copying key details such as adviser details, company names, registration numbers, email formats, logos, and even websites. These cloned identities are then used to deceive individuals into making financial transactions or revealing sensitive information.

Common signs of cloning fraud

• You are contacted by someone claiming to be from a reputable firm, urging you to act quickly.
• Communications come from email addresses or websites that appear authentic but contain subtle differences.
• You’re asked to transfer funds to new or unfamiliar accounts.
• The offer seems too good to be true or is accompanied by high-pressure tactics.
• You are informed of an incident and then asked for personal or financial information.

How to protect your clients

• Verify credentials independently. Inform your clients to independently verify the veracity of any unscheduled contact.
• Double-check contact details. Clients should never rely solely on email or website information and only use official established channels for communication.
• Pause before action. Fraudsters often push for urgency. Clients should take time to confirm it is genuine.
• Never disclose passwords or secure codes. Legitimate institutions will never ask for these via email or phone.

What to do if you suspect cloning fraud

• You should not proceed with any transactions.
• Report the incident to the Financial Conduct Authority (FCA) and Action Fraud.