5 most convincing scams of 2024 so far

You may like to think, ‘It would never happen to me’ when you hear of victims who lose their lifetime savings to a scam. But the truth is, we’re all vulnerable.

Even unskilled fraudsters can create sophisticated ads seen and shared by tens of thousands on social media platforms, or mimic the websites, phone numbers and email addresses of genuine businesses. 

It's essential to raise public awareness of both common and emerging threats, so we've lifted the lid on some of the most convincing scams we’ve come across so far this year. Plus you can read our top ten expert tips on how to protect yourself from scammers. 

(A version of this article was originally published in the June 2024 issue of Which? Tech Magazine.)

Get Which? Tech Support for £49 a year

Contact our experts for unlimited 1-to-1 support by phone, email or remote fix.

Find out more

1. Hijacked holiday bookings

Weak hotel email and booking systems are being targeted by hackers to send troublingly plausible messages to holidaymakers. 

Once they’ve gained access to the systems of hotels and B&Bs, they’re armed with guests’ contact and booking details, and can send fake messages, texts or emails. The most dangerous appear in the ‘secure’ internal messaging platforms of genuine sites.

We’re particularly concerned about Booking.com scams. We had 20 reports about these last year and 40 in the first three months of 2024. 

Typically, messages claim there’s a problem with your payment, before asking you to ‘verify’ or ‘update’ your card details on phishing sites designed to look like Booking.com.

A spokesperson for Booking.com told us that some of its accommodation partners have been targeted by phishing emails, which has led to malware on their machines, and in some cases, given unauthorised access to their Booking.com account. This enables fraudsters to pose as the accommodation and communicate with guests via email or messages.

Find out how to avoid holiday scams

2. Fake phone and broadband providers

Threatening calls and poorly written messages claiming to be from your phone or broadband provider are easily dismissed, but perfectly timed impersonation scams are more likely to slip through.

You may be told you’re owed a refund, offered new equipment to fix non-existent connection issues, or enticed with offers to upgrade your package, reduce bills or claim loyalty deals. A nasty trick is to ask you to share your screen, by downloading ‘remote access’ software.

Bad luck can play a part, as you may be having genuine issues when scammers contact you. They might even have got information through hacking your emails.

One victim told us a ‘Sky’ employee called to say they had booked an engineer due to a problem with their wi-fi, which had been playing up. 

He said: ‘He checked the speeds via my PC, said it was slow and that we were owed a refund as we’d been paying for a wi-fi boost for over a year. He said the refund would be processed via an external app. We had received a genuine call from Sky the day before so it seemed above board. They took £250 as gift cards from my credit card.'

See our expert tips on how to avoid phone scams

3. Fake ads and rip-off subscriptions

You might be bombarded by sneaky subscriptions hidden in misleading ads.

We’ve heard from hundreds of people in the past year who discovered unwanted and often extortionate recurring payments.

Some victims were paying as much as £50 a month to companies they had never heard of. Many have faced a battle to get a refund from their card provider, because payments appeared to be ‘authorised’.

One tactic is to place stickers of fake QR codes over genuine ones found in car parks, restaurants and posters. Malicious QR code scanner apps have also been blamed for directing users to scam advertising. 

Another ploy is to pay advertising platforms to target victims at scale, notably by impersonating parking apps such as JustPark, PayByPhone and RingGo. Which? has found repeat offenders on Google – despite it telling us that it had taken action.

A Google spokesperson said: ‘Protecting users is our top priority, and we have strict ads policies that govern the types of ads and advertisers we allow on our platforms. We enforce our policies vigorously, and if we find ads that are in violation, we remove them. We continue to invest significant resources to stop bad actors and we are constantly evaluating and updating our policies and improving our technology to keep our users safe.’

News, deals and stuff the manuals don't tell you. Sign up for our Tech newsletter, it's free monthly

4. Your bank account drained in minutes

Which? was the first to sound the alarm in March about e-money firm Revolut and account takeover fraud (when criminals hack into financial accounts to make unauthorised transfers).

All the victims who came to us are experienced business owners, including one who lost £165,000 in an hour and another who lost £40,000 in 10 minutes. None has been reimbursed. 

The scammers created a fake email address and copycat webpage to impersonate Revolut. They were even able to pass ‘selfie’ security checks (a photo of the account holder). 

Then they contacted victims, claiming to be from the Revolut fraud department to obtain security codes. Once unleashed, the speed at which they drained the accounts is truly shocking. 

A spokesperson for Revolut said: ‘We are aware of a recent increase in advanced account takeover scam attempts across the industry.’ 

They added: ‘We are continuously strengthening our fraud controls to stay one step ahead of this trend, introducing further direct interventions and sharing educational materials with our customers so they are able to spot the social engineering tactics of criminals.’

Find out more: how safe is online and mobile banking?

5. Investment fraud

Squeezed households are being drawn to bogus investments and ‘get-rich-quick’ schemes run by criminal gangs netting horrifyingly large amounts of money.

Investment scammers stole an average of nearly £13m per week from almost 100,000 victims in 2020-23, according to data from Action Fraud. More victims came forward in 2023 than any other year. 

Too many people blame victims, calling them greedy or sloppy, yet Which? regularly comes across cleverly cloned websites claiming to be regulated companies, sometimes using glossy, professional-looking brochures making false claims about enticing rates and how your money is protected.

Misleading profiles on LinkedIn and Companies House can also add an air of legitimacy.

Sickeningly, victims are often retargeted by recovery scammers – sometimes claiming to be from legal firms, auditors and regulators – falsely promising to help recover their losses, for an upfront fee.  

Discover how recovery scammers stalk victims on social media

10 ways you can protect yourself from scams

Use our expert tips to stop scammers from stealing your data and money.

1. Never share your password, Pin or security codes, even if a caller or message claims to be from your bank or another trusted company.
2. Have the most up-to-date security software on your phone and PC. See our expert pick of the best antivirus software.
3. Only download apps from official Apple, Google Play or Amazon App stores. 
4. Ads on search engines have been used by scammers in the past, so pay close attention to the web address if you click on one. 
5. QR codes can also be used by scammers – pay close attention to the web address if you use one, and never use a QR code scanner app as it increases the risk of downloading malware. Instead, use your phone camera. Find out more about QR codes.
6. Be suspicious of companies contacting you, even if they seem to know about you – this could be taken from your social media profiles or leaked data. Get in touch with the company using a trusted method to check it’s genuine. 
7. Never pay for a holiday outside a trusted booking system; ideally, pay with a card to ensure you benefit from chargeback (debit and credit cards) or Section 75 protection (credit card only). Use our free tool to make a section 75 or chargeback claim.
8. Ignore unexpected investment offers, whether that’s via cold calls, ads, emails or through the post. These are likely to be scams.
9. Avoid entering your details on social media sites and unknown sites, particularly those advertising on search engines. You risk being targeted with endless scams.
10. Sign up to the free Which? scam alert emails to outsmart the fraudsters.  

Get Which? Tech Support for £49 a year

Contact our experts for unlimited 1-to-1 support by phone, email or remote fix.

Find out more