Common Scam Types

Learn to recognize the most common fraud schemes

Phishing
Fraudulent emails posing as legitimate organisations to steal login credentials or personal information.
Red flags: Urgent requests, account verification demands, suspicious links, generic greetings
Learn more →
PayPal/eBay Scam
Fake PayPal or eBay emails claiming suspicious activity to trick you into confirming payment details.
Red flags: "Confirm your account", "Unusual activity detected", "Update payment method"
Learn more →
Amazon Scam
Fake Amazon notifications about billing problems, unrecognised orders, or account suspension.
Red flags: "Billing problem", "Verify account", "Click link", "Update card"
Learn more →
Apple Phishing
Fake Apple ID or iCloud security alerts demanding immediate verification of account details.
Red flags: "Security alert", "Verify Apple ID", "Update payment", "iCloud issue"
Learn more →
Microsoft Scam
Fake Microsoft notifications about account security, Windows updates, or Office issues.
Red flags: "Windows alert", "Password expiry", "Security update", "Confirm account"
Learn more →
HMRC Tax Scam
Fraudulent emails or texts claiming you're owed a tax refund or have unpaid taxes.
Red flags: "Tax refund", "Claim payment", "Verify details", "Inland Revenue"
Learn more →
Lottery Scam
Messages claiming you've won a lottery or prize you never entered.
Red flags: "Congratulations", "You've won", "Claim prize", "Too good to be true"
Learn more →
Inheritance Scam
Claims that you're the beneficiary of an estate from a person you've never met.
Red flags: "Unclaimed inheritance", "Fund transfer", "Request personal details"
Learn more →
Romance Scam
Scammers build relationships online to eventually ask for money or personal information.
Red flags: Quick professions of love, avoidance of video calls, eventual money requests
Learn more →
Investment Scam
Promises of guaranteed returns or exclusive investment opportunities with unrealistic profits.
Red flags: "Guaranteed returns", "Limited spots", "Act fast", "Safe investment"
Learn more →
Malware/Tech Support
Fake virus warnings or tech support offers to install malicious software on your device.
Red flags: "Download now", "Install update", "Fix your computer", "Security warning"
Learn more →
Bank Impersonation
Fake emails from your bank requesting account verification or card details.
Red flags: "Verify account", "Update banking details", "Confirm identity"
Learn more →
Business Email Compromise
Fraudulent emails impersonating business executives requesting urgent wire transfers.
Red flags: "Urgent", "Wire transfer", "Confidential", "CEO/CFO request"
Learn more →
Pension Scam
Fraudulent offers to access your pension early with promises of tax advantages.
Red flags: "Early access", "Pension release", "No tax penalty", "Urgent deadline"
Learn more →
Rental Scam
Fake rental listings or landlords requesting deposits before you can view the property.
Red flags: "Too cheap", "Deposit required", "Can't view", "Payment upfront"
Learn more →

How These Categories Overlap

The categories above are descriptive rather than mutually exclusive. A single message often combines patterns from several at once: a "tax refund" lure (HMRC scam) delivered by SMS (smishing) impersonating a government brand (impersonation) and pointing to a fake login page (phishing) is one campaign, not four. The detection model treats the categories as overlapping signals rather than strict labels — what matters for the risk score is whether the message uses the techniques, not which heading we file it under.

If you've received something that doesn't fit any single category neatly, that's normal. Run it through the main ScamSupport tool, which scores the underlying patterns regardless of the cover story.

The Universal Tells

Across all 15 categories, four signals appear in roughly 90% of scam messages we see:

  • Manufactured urgency. "Within 24 hours", "immediately", "final notice". Real organisations don't pressure you in their first contactemail — they have escalation procedures that take weeks.
  • Sender / display-name mismatch. The friendly name says "PayPal" but the actual address is a Gmail account or a misspelt lookalike domain. Always check the right-hand side of the @ sign.
  • Off-platform action requested. "Click here to verify", "follow this link to log in". Genuine companies tell you to log in through their app or by typing the URL yourself, never through an embedded link.
  • A request that doesn't match the relationship. Your bank already has your address, your name, and your account number. If a "bank" email asks you to confirm them, the only thing it can be doing is collecting that data for the first time.

If a message clears all four of those, it's probably real. If it fails any one of them, treat it as suspect until you've verified through the company's normal channel.