Stage 1 of the scam journey. The tools, checks and guides that help you identify a scam in seconds.
Last reviewed: 12 May 2026 · ScamSupport research
What this stage covers
If you have just received something suspicious — a text from "your bank", an unexpected email about a delivery, a Telegram DM about an investment opportunity, a too-good-to-be-true job offer — this is the stage you are at. The goal here is simple: identify whether what you have received is a scam, and avoid it before it costs you anything.
The tools and guides below are organised by the most common ways scams reach UK consumers in 2026.
The tools — paste a message, get an answer
Scam Message Scanner — the flagship tool. Paste any suspicious email, text, URL, phone number, voice message, image, QR code or .eml file. Runs entirely in your browser; nothing you paste leaves your device. Returns a verdict in under 5 seconds with the specific red flags found.
Investment Scam Platform Lookup — checks whether an investment platform, broker, crypto exchange or recovery firm appears on the FCA Warning List, OCCRP Scam Empire investigation, DFPI Crypto Scam Tracker, or industry blacklists. 52 platforms curated; growing weekly.
Investment Pitch Analyser — check any UK investment offer against the 8 strongest scam patterns before you commit funds (pig-butchering, recovery scams, fake-broker clones, boiler rooms, binary-options platforms). Returns a Critical/High/Medium/Low verdict, the specific red flags found, the likely scheme type, and a routing action checklist.
Family Safe-Word Setup — build a family safe-word system in 5 minutes that defeats AI voice-cloning, “hi mum”, and family-emergency scams. Generates printable cards for every family member plus a 6-monthly refresh reminder (.ics calendar invite).
FCA Warning List Quick-Check — type a firm or broker name and get an instant verdict (known fraud / lookalike / unauthorised / FCA-authorised / no warning found). Cross-references FCA Warning List, OCCRP Scam Empire, DFPI Crypto Scam Tracker, and the FCA Firm Checker. Supports fuzzy / partial / domain matching that the official exact-match FCA search misses.
Scam-Image Forensics — drag-drop a suspicious dating-app or romance-scam profile photo and run six forensic checks: stock-photo provider signatures (16 stock libraries), AI-generation metadata + C2PA detection (13 AI tools), AI-generation pixel heuristics, EXIF metadata extraction, face detection, and Error Level Analysis for edit detection. Plus opt-in buttons to launch Google Lens / TinEye / Yandex / Bing if you want a full-web reverse search. Image stays in your browser unless you choose otherwise.
Brand-impersonation guides — by who is being impersonated
Scams almost always impersonate someone you trust. These guides cover the most-impersonated UK brands with specific red flags, real example messages, and verification rules:
How to verify — three rules that work for any scam
Never call a number from a suspicious message. Call the organisation back on a number you already know (the back of your bank card, the official website typed into your browser directly, or in our Recover contacts directory).
Never click a link from a text claiming to be from a bank, courier, HMRC, the DWP, or any major brand. Real organisations communicate through their official app, posted letter, or known-domain website. Type the domain into your browser yourself.
Never read an OTP or security code to anyone on a phone call. The code's purpose is to prove YOU are authorising something. Sharing it with a caller authorises THEIR transaction.