Loading…
Loading…
Plain-English definitions of the scam and fraud terms you'll see across this site and in the news.
When a fraudster gains unauthorised access to someone's online account and uses it to steal money, data, or identity — or to conduct further fraud.
A message claiming your account will be suspended unless you verify your details immediately — designed to harvest login credentials or personal information.
A scam that promises a large reward — inheritance, lottery win, business deal — in exchange for an upfront payment or series of fees that grow until the victim stops paying.
A fake free cryptocurrency distribution that requires victims to connect their wallet or pay a small fee, enabling theft of wallet contents or funds.
Laws, regulations, and procedures designed to detect and prevent the disguising of illegally obtained funds as legitimate income.
A scam in which you are tricked into voluntarily sending money by bank transfer to an account controlled by a fraudster, making recovery difficult because the payment was technically authorised.
An operation in which high-pressure sales people cold-call victims to sell worthless, non-existent, or wildly overpriced investments — often shares, bonds, or commodities.
A network of malware-infected computers ('bots') controlled remotely by a criminal to carry out coordinated attacks such as spam campaigns, DDoS attacks, or credential stuffing.
A sophisticated email-based fraud targeting businesses, usually to divert large payments by impersonating executives or trusted suppliers.
Fraudulent use of stolen card details to make purchases online or by phone, where the physical card doesn't need to be presented.
Creating a fake online persona — typically using stolen photos and a fabricated backstory — to deceive someone into an emotional or romantic relationship, usually for money, information, or emotional manipulation.
A BEC variant in which attackers impersonate a company's CEO or senior executive in emails to pressure employees — typically in finance — into making urgent, unauthorised wire transfers.
A forced reversal of a credit or debit card payment, initiated by the cardholder through their bank, when a transaction is disputed as fraudulent or a seller has not fulfilled their obligations.
Fake charitable appeals — especially following disasters, conflicts, or high-profile causes — that collect donations for fraudsters rather than genuine beneficiaries.
A sophisticated fraud in which a caller impersonating a bank or police officer sends a 'courier' to physically collect cash, cards, or valuables from the victim at their home.
Automatically trying username-and-password combinations leaked from one data breach across many other websites, exploiting people's habit of reusing passwords.
Parts of the internet accessible only through specialised software like Tor, commonly associated with the trade of stolen data, fraud tools, and criminal services.
An incident in which unauthorised parties gain access to confidential data — typically including email addresses, passwords, payment details, or personal information — held by a company or organisation.
AI-generated video, audio, or images that convincingly depict real people saying or doing things they never said or did, increasingly used to enable fraud and disinformation.
Using another person's personal information — name, date of birth, address, ID numbers — without their consent, typically to open accounts, take out loans, or commit fraud.
Any fraud in which an attacker poses as a trusted person or institution — a bank, government body, family member, or celebrity — to extract money or information.
Any scheme that deceives victims into putting money into fake, worthless, or manipulated investment opportunities, resulting in financial loss.
A scam in which fraudsters impersonate a genuine supplier and trick a business or individual into paying an invoice into a fraudulent bank account.
Software (or hardware) that secretly records every keystroke you make, capturing passwords, messages, and card numbers without your knowledge.
Regulatory requirements that oblige financial institutions and exchanges to verify their customers' identity before providing services, to prevent fraud and money laundering.
Malicious advertising — legitimate-looking online ads that, when clicked, redirect users to malware downloads or phishing pages.
Software specifically designed to damage, disrupt, or gain unauthorised access to a computer system — an umbrella term covering viruses, ransomware, spyware, trojans, and more.
An attack in which a fraudster secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.
A sales structure in which participants earn from their own sales and a portion of sales made by people they recruit — legitimate when product-driven, potentially fraudulent when recruitment-driven.
Someone who receives and transfers money on behalf of criminals — sometimes wittingly, often unknowingly — helping fraudsters launder the proceeds of crime.
Redirecting your browser to a fake website even when you type the correct web address, by poisoning DNS records or manipulating router settings.
A fraudulent message — usually email — designed to trick you into handing over passwords, card numbers, or other sensitive data by impersonating a trusted organisation.
A long-con scam that blends romance or friendship with a fake investment platform, 'fattening up' the victim with attention before taking everything.
A fraudulent investment operation that pays returns to earlier investors using money from newer investors, rather than genuine profits — collapsing when new money stops arriving.
A cryptographic secret that proves ownership of a cryptocurrency address and authorises transactions — analogous to the password and signature on your wallet combined.
Fraudulent attempts to steal equity from a property or prevent the legitimate owner selling or remortgaging, including identity fraud, forged deeds, and conveyancing scams.
A scheme in which coordinated buyers artificially inflate an asset's price through hype and false statements, then sell their holdings at the peak — leaving latecomers with worthless assets.
A business model that rewards participants primarily for recruiting new members rather than selling genuine products or services, making it mathematically unsustainable.
Malware that encrypts your files and demands payment — usually in cryptocurrency — in exchange for the decryption key.
Malware that gives an attacker complete remote control of an infected device — allowing them to view the screen, operate the camera, steal files, and more.
A secondary fraud targeting previous scam victims, promising to recover lost funds for an upfront fee — but taking the fee and disappearing.
A fraud in which a fake landlord or property agent advertises a property that doesn't exist or isn't available, collecting a deposit or advance rent before disappearing.
A scam that combines a fabricated romantic relationship with encouragement to invest in a fraudulent platform — a broad category that includes pig-butchering.
A fraud in which a scammer builds a fake romantic relationship online to gain the victim's trust, then asks for money under fabricated pretexts.
A crypto scam in which developers build apparent momentum behind a new token or project, then suddenly withdraw all liquidity and disappear with investors' funds.
A vishing fraud in which callers impersonating your bank or police convince you to move your savings to a 'safe account' they control — the account is the scammer's.
Fake security alerts — pop-ups, browser warnings, or audio alarms — designed to panic users into calling a fraudulent number or buying bogus software.
A sequence of 12 or 24 common words that is the master key to a cryptocurrency wallet — anyone who has it can access and drain every asset in that wallet.
Blackmail using intimate images or recordings — real, staged, or fabricated — to extort money or further material from the victim under threat of exposure.
Fraudulently transferring your mobile number to a SIM card the attacker controls, so they can intercept your calls, texts, and one-time passcodes.
Covertly copying card data from the magnetic stripe or chip using a concealed device attached to ATMs, payment terminals, or fuel pumps.
A phishing attack delivered by SMS text message, often impersonating delivery companies, banks, or government services.
Manipulating people psychologically — rather than hacking systems technically — to make them reveal information, grant access, or take actions that benefit a fraudster.
Fraud conducted through social media platforms — including fake giveaways, investment adverts, impersonation accounts, and romance or friendship deceptions.
A highly targeted phishing attack that uses personal details about the victim — name, employer, colleagues — to appear more credible.
Faking the display name, phone number, or email address on a message so it appears to come from a trusted source.
Software that covertly monitors device activity — browsing, keystrokes, messages, or location — and transmits the data to a third party without the user's knowledge.
Creating a fictitious identity by combining real stolen data (such as a Social Security Number) with invented personal details, to open accounts and accumulate credit with no intention of repaying.
A fake subscription renewal notice — commonly impersonating well-known tech or security brands — that tricks victims into calling a number and giving remote access to their device.
A fraud in which criminals pose as Microsoft, Apple, or another tech company to convince victims their device has a serious problem, then extract money or install malware under the guise of fixing it.
A security method requiring two separate proofs of identity — typically a password plus a code from your phone — before granting access to an account.
Registering domain names that are common misspellings of popular websites to intercept mistyped traffic and serve phishing pages or malware.
Voice-call phishing where fraudsters phone you pretending to be banks, police, tech companies, or government agencies to extract money or sensitive information.
Using AI to replicate someone's voice from a small audio sample, enabling fraudsters to impersonate family members, executives, or public figures in phone calls or audio messages.
A malicious smart contract or script that tricks cryptocurrency users into approving transactions that empty their wallet in one action.
Spear phishing that specifically targets senior executives — CEOs, CFOs, or board members — to authorise large fraudulent payments or expose company secrets.