Need a hand?

Just pop your question below to get an answer.

Topics
Personal · Security and fraud · How do I protect myself from fraudsters

Received an unexpected link?

"I was expecting a birthday gift from a friend abroad, so when I got a text about a EUR 2 shipping fee, it seemed totally normal. I clicked the link, it looked just like a courier site, and I entered my card details."

"2 hours later, someone impersonating Revolut called me. They had my login details from the link and just needed my one-time passcode to 'secure' my account. I gave it to them, and they cleared my savings in minutes. The link was the first step, the call was the second."

Summary

This situation typically begins with an unsolicited communication, either an email or a text message, that appears to be from a trusted organisation such as a courier service, a government department, a utility provider, or even a popular subscription service like Netflix or Amazon.

The message is designed to trigger an immediate emotional response, usually by claiming there is an urgent problem that requires your attention. Common hooks include an 'Unpaid shipping fee', a 'Tax rebate', or a 'Security breach' that requires you to verify your identity.

These messages contain a link leading to a 'Clone' website and request you enter personal details, card information, or account login details to resolve the problem. They can use this information to perform a complete account takeover, drain your savings, or sell your identity.

Common red flags

  • Never log in via a link: This is the most important rule. We will never send you a direct link to a login page in a text or email. If you receive a message about your account, always ignore the link and log in through our official app or by manually typing our web address into your browser
  • Analyse the sender’s address: Scammers often use URLs one letter off from the real thing (for example, support@revoIut.com using a capital 'I' instead of an 'L'). Check every character carefully. If the URL looks odd, it is likely a scam
  • Identify the small fee trap: Be wary of tiny payments like delivery fees. The scammer’s goal isn’t the small amount, it’s to trick you into entering your card details to attempt larger, unauthorised transactions

Safety best practices

  • Treat urgency as a threat: If a message threatens that your account will be suspended, frozen, or that you will face legal action if you don't click immediately, it is a scam. Real organisations follow formal, slower procedures and will never use high-pressure, threatening tactics
  • Protect your personal data: Be cautious about verification forms that ask for your personal data or common security question answers. Scammers can use the details gathered to impersonate you
  • Use a password manager: Utilising a password manager helps you identify phishing sites because the manager will not auto-fill your login details on a fake URL, even if the site looks identical to the real one