The most common online scams Think you could never fall for one of the most common online scams? Think again. It’s easy to get caught up in the excitement of an incredible vacation deal, or panic that you owe back taxes to the IRS. Scammers can be incredibly convincing, and every day there are more and more of them to contend with, so it’s important to learn how to avoid online scams. According to the Federal Trade Commission (FTC), consumers reported losing more than $12.5 billion to fraud in 2024. A huge amount to be sure, but more shocking is the fact that fraud losses increased 25% over the prior year. “Whenever there’s an enormous leap like this, you’ve got to address it, because cybercriminals are experts at exploiting vulnerabilities,” says Monica Eaton, CEO of Chargebacks911, a cybersecurity company specializing in online fraud. “If a scam is successful, they’re absolutely going to escalate its usage.” What to do? The first step is educating yourself on how to avoid online scams. “If you’re online, you’re a target—period, end of story,” Eaton says. Reader’s Digest spoke to Eaton and six other cybersecurity experts to help you understand the threats and learn how to protect yourself. Keep reading for details on the top 14 online scams and what you need to know to stay safe. Get Reader’s Digest’s Read Up newsletter for more tech, travel, cleaning, humor and fun facts all week long.

Reader’s Digest, Getty Images Free trial scam How it works: You see an internet offer for a free one-month trial of some amazing product—a weight-loss program, teeth whitener or some other thing offering incredible results in record time. All you pay is $5.95 for shipping and handling … or so you think. What’s really going on: Buried in the fine print, often in a color that washes into the background, are terms obligating you to pay a monthly fee—forever. Canceling these subscriptions can be a beast, and take months. The big picture: “These guys are really shrewd,” says Christine Durst, an internet fraud expert who has consulted for the FBI and the FTC. “They know that most people don’t read all the fine print before clicking on ‘I agree,’ and even people who glance at it just look for numbers.” So, companies might write numbers in words, with no dollar signs. “Anything that has to do with money or a time frame gets washed into the text,” she says. Avoidance maneuver: To avoid this subscription scam, read the fine print on offers, and don’t believe every testimonial. Check images by doing a reverse image search, or by going to websites that scour the internet for identical images, such as TinEye.com. If that woman with perfect teeth shows up everywhere promoting different products, her testimonial is probably fictitious. If you do get sucked in, reputable companies will allow you to cancel your mistake. If you can’t get out of a contract, cancel your card and negotiate a refund with the company. If that doesn’t work, appeal to your credit card company.

Reader’s Digest, Getty Images Fake Wi-Fi hotspot scam How it works: You’re sitting in an airport or a coffee shop, and you log into the local Wi-Fi. It could be free, or it could resemble a pay service like Boingo Wireless. You connect, and everything seems fine. What’s really going on: The site looks legitimate, but it’s actually an online scam run by a criminal from a laptop. He’s likely sitting very close to you, and you have no idea he’s mining your computer for banking, credit card and password information. If it’s a fake pay site, he also gets your credit card info, which he’ll then sell to other crooks. The big picture: Fake Wi-Fi hot spots are cropping up everywhere, and it can be difficult to tell them from the real thing. “Sometimes cybercriminals are targeting your financial information, but not all crime schemes are limited to credit card numbers,” Eaton says. “Your personal identity can also be a tempting target.” Even your children can have their identity stolen, she adds, so “you always need to stay on your toes.” Avoidance maneuver: Make sure you’re not set up to connect automatically to non-preferred networks. This setting can be disabled under your device’s network settings or preferences. Before traveling, buy a $20 Visa or MasterCard gift card so you can purchase airport Wi-Fi access without broadcasting your credit or debit card information to everyone in the airport or train station. You can also set up an advance account with providers at airports you’ll be visiting. If your cellular plan allows it, set up your own personal hotspot. Also, don’t do any banking or online shopping from public hotspots unless you’re certain the network is secure. Look for “https” in the URL, or check to the left of the URL in your browser for a small padlock icon. Finally, always be on the lookout for red flags that someone has hacked your computer.

Reader’s Digest, Getty Images Bogus contest scam How it works: You get a direct message or see a comment on a social media post announcing a contest for a free iPad, a trip to Hawaii or some other expensive prize. The message prompts you to click on a link to learn more, and all you have to do to claim your winnings is pay a small fee for taxes, shipping and handling or processing fees. What’s really going on: “Once you click on the link, you become vulnerable to phishing,” says Jason Glassberg, co-founder of cybersecurity company Casaba Security. When you enter your credit card info to pay for this great deal, the scammer steals your information and downloads a bot, or automated software program, that lets the hacker send spam emails from your account to ensnare others in the scam. This online scam is common on social media, but you might also get a bogus contest message in an email or text. Sometimes, scammers even use the phone. In that case, they’ll ask for your email to send you a link for your “prize.” The big picture: Scammers are taking advantage of URL-shortening services that allow them to create links that look sort of legitimate. When users can’t see the actual URL, it’s easy for bad guys to post malicious links. Your spam filter may be no help: Quishing is a new form of phishing, designed to bypass spam filters. Avoidance maneuver: Don’t click links from strangers. If your curiosity gets the best of you, do a little research first. If you’re contacted through social media, check out their profile. You can also Google the person, company name or phone number to see what comes up. If you see the word scam in any of the search results, that’s all you need to know.

Reader’s Digest, Getty Images Scareware scam How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2025” or “SecurityTool” and says that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the scan finds a virus—and for a fee, the company promises to clean up your computer. What’s really going on: When you click on the link, the sham company installs malware on your computer. No surprise—there will be no cleanup. But the thieves have your credit card number, you’re out the money, your computer is left on life support and there’s no telling what other sensitive information the scammers might have stolen. The big picture: About a million people fall victim to scareware scams every single day, according to studies cited by Weber State University. Shocking? Yes, but even worse, that number hasn’t changed since 2015! Things aren’t getting better, either. In 2024, the Federal Trade Commission charged two overseas security firms with bilking people out of tens of millions of dollars. The companies settled for $26 million, giving you an idea of how lucrative these scams are. Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking on any links, then run a full-system scan using legitimate antivirus software like Norton or McAfee. Urgency is common in online scams, and is always a red flag, so if you see lots of exclamation points or windows that are hard to close, you know it’s scareware. Legitimate companies will use clear, calm language, while scam sites are always sounding five alarms.

Reader’s Digest, Getty Images Smishing scam How it works: You receive a text from your bank or credit card issuer saying there’s been a problem and you need to call right away with some account information. They might tell you your account has been compromised and you need to act fast so you don’t lose everything. What’s really going on: The “bank” is a scammer who hopes you’ll reveal your account information. If you do, you’re actually surrendering your credit card information to black-hat marketers who will ring up phony charges or sell your information to other scammers. The big picture: Welcome to smishing, which stands for SMS phishing, the text-message version of the email scam. “Cell phone numbers are easy to track down on the dark web, and smishing messages are much easier to craft and deliver than phishing emails,” Glassberg says. “They are significantly shorter, they don’t require any formatting and the attacker doesn’t have to worry about bypassing spam filters and antivirus protections.” Because many banks and businesses offer text-message notifications, this scam has the air of legitimacy. Avoidance maneuver: Do not click on the link. Contact your bank directly via a phone number you know (such as on the back of your card). “But be careful not to misdial the telephone number of your bank,” warns Steven J.J. Weisman, an attorney who specializes in scams, identity theft and cybersecurity. “Some scammers purchase phone numbers similar to those of legitimate banks and credit card companies, hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.”

Reader’s Digest, Getty Images Charity scam How it works: You get an email or social media DM with an image of a malnourished orphan from a developing nation. “Please give what you can today,” goes the charity’s plea, followed by a request for cash. To speed relief efforts, the email recommends sending a Western Union wire transfer as well as detailed personal information, such as your address, Social Security number and checking account info. “They may use catfishing tactics, fake deals and special offers, spoof businesses or hijack real accounts through which they spread malicious links,” Glassberg says. It’s for the children! What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes toward helping those in need—every penny you send goes to the scammer. Even worse, the scammer now has access to all your personal information, and if you don’t act quickly, they’ll drain your bank accounts, rack up charges on your credit cards and possibly steal your identity. The big picture: Hackers often create fake personal, business and charity accounts on social media to lure their victims. “Phishing attacks are very common on these platforms, because people are less vigilant” with social media messaging, Glassberg says. “Plus, the platforms aren’t filtering spam or monitoring for malicious links.” Avoidance maneuver: Donate to real charities on their own websites instead of clicking on links in email solicitations. Also be aware that genuine aid organizations will accept donations by credit card or check, and they won’t ask for wire transfers, bank account information or Social Security numbers. Donations via text message are OK, as long as you confirm the number with the organization.

Reader’s Digest, Getty Images Romance scam How it works: You meet someone on a dating site, on Facebook or while online gaming. You exchange pictures, talk on the phone and get close quickly. It soon becomes obvious that you were meant for each other, but the love of your life lives in a foreign country and needs money to get away from a cruel father, get medical care or buy a plane ticket so you can finally be together. What’s really going on: Your new love is a scam artist. There will be no tearful hug at the airport, no happily ever after. You will lose your money and possibly your faith in humankind. It may be hard to admit it happened to you, but if these details sound familiar, you’ve been the victim of a romance scam. The big picture: Online social networking has opened up new avenues for scammers who specialize in luring lonely people into phony friendships and love affairs, only to steal their money. According to the FBI, consumers reported losing more than $1.14 billion to romance scams in 2024, more than triple the losses just four years ago. Avoidance maneuver: “On the internet, it is almost impossible to be too paranoid,” says Durst. “But don’t be paralyzed—be smart.” Dating and social-networking sites can be a great way to meet people, even from foreign countries, but if someone you know only from the internet asks for money, you should sign off quickly and block them.

Reader’s Digest, Getty Images Business email compromise scam How it works: You sent your client an invoice, but they didn’t pay after 30 days, so you send a reminder that their payment is past due. The client replies and tells you they paid via wire transfer. The only problem? You don’t accept payments via wire transfer. What’s really going on: Someone hacked into your business account and sent an email to your client with directions on how to wire money to pay their balance. The client wired the money—but not to you—and now the scammer has the money, and the account is closed or untraceable. The big picture: Business email compromise (BEC) scams and email account compromise (EAC) scams are currently the biggest online scams, according to the FBI. Though not new, BEC/EAC are evolving and getting more sophisticated. “These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts more difficult,” the FBI explains in its internet crime report. The FBI’s Internet Crime Complaint Center (IC3) says that between October 2013 and December 2023, the BEC scam was reported in all 50 states and 186 countries, with losses totaling $55 billion in more than 300,000 incidents. In the U.S. alone, there were more than 158,000 incidents resulting in almost $21 billion in losses. Avoidance maneuver: Set up two-factor authentication codes for everything, especially your work email. When invoicing clients, be explicit about accepted methods of payment. Wire transfers are less common now that we have so many digital options, but it’s important to be aware of Zelle scams and similar money transfer options because once the money has been sent it’s as good as gone. As long as we have digital wallets there will be digital fraud. Of course, even with the best practices in place, you may still get scammed if someone hacks into your business or personal email. If this happens, report it immediately to the IC3. If you think reporting a scam won’t help, consider that in 2023, the latest data available, the IC3’s recovery asset team (RAT) received more than 3,000 fraud reports totaling $758 million and was able to recover $538 million, a 71% success rate.

Reader’s Digest, Getty Images Counterfeit goods scam How it works: You’re doing some online shopping, as one does. You see what looks like a great deal on Amazon or eBay and place an order. Everything seems fine … until you get the item. You look closely at the box, and it looks like someone printed it in their basement. Or, the box is fine but the product is shoddy and clearly not legit. You may not receive the item at all. Learn about these eBay scams, too What’s really going on: The seller’s a scammer, and they’re going to send you a counterfeit product (or nothing at all)—and they’ll still get your money. These scammers often post delivery dates that are three or four weeks from the date of purchase, so they typically receive payment long before you discover that it was a scam. The big picture: The sale of counterfeit items is a major problem, and it hurts not just buyers but other sellers as well. “There’s been rampant theft of intellectual property—Marvel, Disney, Star Wars, NFL teams, sports jerseys,” Eaton says. “Facebook Marketplace, OfferUp, Craigslist and other sites are rife with rip-offs.” Some people don’t care about counterfeit or knockoff goods—a fake Louis Vuitton looks close enough to the real deal for many—but that’s for them to decide, with full knowledge of what they’re buying. Avoidance maneuver: Watch out for new sellers, and take a careful look at sellers’ reviews before you buy. Read the one- and two-star reviews as well as the glowing ones. Take a close look at photos reviewers have attached to the post, and read the wording on the reviews. If you find a string of clichés, or a bunch of reviews written in the same tone, they’re probably fake testimonials. Positive reviews are generally a good thing, but if a new seller has 20 five-star reviews for a brand-new product that’s a fraction of the regular retail price, it’s a red flag. As a general rule, stick with sellers who have products with hundreds of reviews and an average rating of four stars or higher. Eaton says that a good way to circumvent counterfeit sites is to use the company’s official app as much as you can. “If you shop a lot at Walmart, don’t keep logging in through the website,” she advises. “Go through the app, because it helps eliminate certain fraud risks.”

Reader’s Digest, Getty Images Hitman scam How it works: You get an email or text from someone saying he’s been hired to kill you or kidnap a family member. He tells you to send a large amount of money via Cash App or another irreversible method in exchange for your safety. Usually, the email will also warn you against contacting the authorities, saying that will only make things worse. What’s really going on: There is no assassin. Somebody found your email address (along with hundreds of others) and just wants your money. “The scam is simply a means to an end,” Eaton says. “The scammer’s only objective is to get you to give him what he wants as quickly as possible. It’s not personal—but it is a crime—and it can ruin your life and devastate your finances.” The big picture: How could anyone possibly fall for this? Keep in mind that the first response of anyone who’s just been threatened with murder online is most likely to panic. Even scarier, many of these scams include the victim’s personal information—such as where they (or loved ones) work or go to school, or even what street they live on—which can be easy to access through social media. Avoidance maneuver: If you get one of these messages, block the number. Responding to the scammer clues them in that they have reached a live account, and they’ll probably respond with more aggressive threats. Next, contact local law enforcement. It’s not likely that the scammer is in your town—they’re probably halfway across the world—but the authorities need to know in case there’s a real threat. Your cyber awareness will protect you, and reporting the crime will help protect others. Also, be careful of what you post about your family online. You might think it’s harmless to show casual photos of your home and vehicle, but these details can be used to coerce you or your loved ones into believing the scammers know who you are, where you are and that they intend to harm you if you don’t pay up.

Reader’s Digest, Getty Images Travel scam How it works: You see a social media post or get an email advertising an amazing deal on airline tickets, or an all-inclusive vacation to an exciting destination like Paris or Fiji. And it is truly amazing: We’re talking a $10,000 vacation for just $999. How could you say no? What’s really going on: Like the free trial scam, travel scams have extra costs hidden in the fine print. The initial fee won’t cover much, and you’ll have to pay thousands in resort fees. Or that confirmation code may never land in your inbox. Either way, the scammer will now also have your credit card info—or ask you to pay through a third-party app—opening you up to additional theft. The big picture: The peak time for these kinds of online scams is the summer, when people have vacation on the brain, but they’re also common right before Christmas and New Year’s Day. Scammers intentionally choose exotic, remote places that would be difficult to get to without their “amazing offer.” Finally, they throw in an expiration date, saying you only have a few days, or even hours, to take advantage of this deal, hoping that a sense of urgency will rope you in. Avoidance maneuver: Scour the details of the offer before clicking any sort of confirmation button, and Google the site and the offer to see if anyone warns of fraud. The email or website will hold plenty of clues that it’s not legit. “Are the images low-resolution? Does the verbiage include spelling errors and grammatical mistakes?” Eaton asks. “These are the telltale signs of a fake online store, site or organization. Delete the email, and don’t submit your personal information.” Keep in mind that fake websites can look like legitimate sites, but reputable e-commerce sites and major airlines, banks and hotel chains use website addresses that begin with https. “The ‘s’ indicates a higher level of security,” Eaton says. “Most scam sites, however, are http, because http sites are cheaper than https sites.”

Reader’s Digest, Getty Images Empty house scam How it works: You’re on vacation having the time of your life, and you want to share the joy with your friends and Instagram followers. You post a few photos from Lisbon, announcing, “Next stop, Amalfi Coast!” You don’t think twice about it, but when you get home, your house has been ransacked and burgled. What’s really going on: Criminals scour social media sites for people posting pictures of themselves out of town, so they can find empty residences to burglarize. Some even pay attention to obituaries. This is a scam that exists mostly offline, but it’s your online activity that makes you a potential victim. The big picture: Criminals search for keywords that indicate you’ll be out of town. For example, it’s pretty common for people to share photos from a bridal shower with the caption, “This time next month, we’ll all be celebrating in Vermont!” But scammers take note and check back when they think you’ll be away. While there aren’t official stats on how many burglaries result from this type of online scam, Eaton points out that 60% of burglary victims were active on social media. Avoidance maneuver: Wait to post photos until you’re back, and don’t post information about future events. Otherwise, you’re putting others at risk as well as yourself. For example, if you’re attending a family wedding, a scammer could identify dozens of people, often in one community, who are out for the night—or out of town for a long weekend—and now they’re potential victims as well. If you really, really want to share, Eaton suggests changing your privacy settings so only close friends or a specific group can see those photos. As an additional safety measure to avoid an Instagram scam, it’s always a good idea to leave a few lights on and have neighbors collect mail and packages so it looks like you’re home.

Reader’s Digest, Getty Images Elder financial scam How it works: A loved one becomes a widow. Another widow finds them on Facebook and says, “I know what you’re going through.” They become fast friends, and then the friend has an emergency—perhaps a sick grandchild or an unexpected car repair—and needs to borrow money immediately. What’s really going on: This new “friend” isn’t a friend at all—they’re a scammer, of course. They may vanish after the first payment is made, or they may stick around to see how much more they can squeeze out of the unsuspecting senior. In elder fraud, the scammer might also eventually attempt to take over their bank accounts—and even steal their identity. The big picture: Increased concentrated wealth from retirement accounts, pensions and other income streams make seniors an attractive target to scammers, says Jason Zirkle, training director at the Association of Certified Fraud Examiners. “Plus, scammers assume that Baby Boomers are more respectful to authority, that widows are lonely and that elders are reluctant to ask for help because they don’t want to be a burden to caregivers.” Avoidance maneuver: The best way to protect yourself and your loved ones is to educate yourself on the red flags so you and your loved ones know how to avoid online scams, according to Darius Kingsley, head of consumer business practices at JPMorgan Chase. If you suspect this is happening to someone you know, look for the following signs: a new friend they’re secretive about, changed spending habits, bounced checks after a lifetime of fiscal responsibility or a desire to cash out IRAs and/or change their will. “Even though online fraud schemes come in zillions of varieties, they often follow a specific pattern,” Zirkle says, and knowing how to recognize online scam techniques will keep you and your family safe. Make sure the elders in your life know how to stop spam calls, and while it’s not foolproof, encourage them to get on the National Do Not Call Registry.

Medicaid is the primary program providing comprehensive coverage of health and long-term care to 83 million low-income people in the United States and accounts for one-fifth of health care spending. Medicaid is jointly financed by states and the federal government but administered by states within federal rules. The recently passed House budget resolution targets cuts to Medicaid of up to $880 billion or more over a decade. While several options appear to be under consideration to significantly reduce Medicaid spending, President Trump publicly said recently about Medicaid, “We are not going to touch it. Now, we are going to look for fraud.” Speaker Johnson has said, “Medicaid is hugely problematic because it has a lot of fraud, waste, and abuse.” Although fraud, waste, and abuse can be related concepts (and all fall under a broader “program integrity” umbrella), they are also distinct in important ways (Box 1). These terms apply to other government health care programs, private health insurance, and other government programs more broadly. On March 11, 2025, the White House released a statement saying most federal spending lost to fraud is from entitlement programs such as Medicaid and Medicare, citing “improper payment” estimates, without clarifying (as GAO does) that “improper payments” are not a measure of fraud or abuse and most improper payments are the result of missing documentation or missing administrative steps, and are not necessarily payments made for ineligible enrollees, providers, or services.

Speaker Johnson has referenced $50 billion in annual fraudulent payments (a figure that may reflect improper payments rather than fraud). In debates about broader Medicaid spending reductions, Republicans may try to recast policy changes such as adding work requirements to Medicaid and restricting the use of provider taxes as addressing fraud, waste, and abuse. Despite talk about eliminating fraud, the President’s recent order to remove Inspectors General (IGs), who are responsible for providing independent oversight of federal programs, from at least 17 government agencies—including HHS—appears to run counter to the stated focus on fraud, waste, and abuse. Recent KFF polling shows, while the public thinks that reducing fraud and waste in government health programs could lead to reductions in overall federal spending, many (60% of Republicans, 55% of Democrats, and 51% of independents) also think reducing fraud and waste in government programs could result in a reduction of benefits. Overall, most Americans (77%) hold favorable views of Medicaid, including six in ten Republicans (63%), and at least eight in ten independents (81%) and Democrats (87%).

This brief explains what is known about improper payments and fraud and abuse in Medicaid and describes ongoing state and federal actions to address program integrity.

Box 1: Definition of Terms Fraud is the intentional act of deception and misrepresentation by a person with the knowledge that the deception could result in some unauthorized benefit to that person or another person (e.g., billing for services never provided). Medicaid fraud is generally considered a criminal act (42 CFR 433.304 and 455.2). Abuse refers to provider practices that are inconsistent with acceptable business and medical practices (e.g., reimbursement for services that are not medically necessary or that don’t meet professionally recognized health care standards) that result in unnecessary cost to the program (42 CFR 455.2). It also includes beneficiary practices that result in unnecessary cost to the Medicaid program. Waste is the inappropriate utilization of services and misuse of resources that result in unnecessary cost to the program (e.g., duplication of tests). Waste is not an intentional or criminal act. Errors are mistakes made without intent or knowledge of the error. Improper payments are any payments that should not have been made or that were made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other requirements. It includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received, and any payment that does not account for credit for applicable discounts (31 U.S.C. § 3351(4)). Office of Management and Budget (OMB) guidance instructs agencies to report as improper payments any payments for which insufficient or no documentation was found (31 U.S.C. § 3352(c)(2)).

1. Both the federal government and states are responsible for ensuring program integrity.

Program integrity refers to the proper management and functioning of the Medicaid program to ensure it is providing quality and efficient care while using funds–taxpayer dollars–appropriately with minimal waste. Medicaid is a very complex program that involves millions of beneficiaries, hundreds of thousands of providers, and significant federal and state expenditures. Program integrity efforts work to prevent and detect waste, fraud, and abuse, to increase program transparency and accountability, and to recover improperly used funds. Program integrity activities help ensure that eligibility decisions are made correctly; prospective and enrolled providers meet federal and state participation requirements; services provided to enrollees are medically necessary and appropriate; and provider payments are made in the correct amount and for appropriate services. Program integrity also includes routine oversight to ensure compliance with state and federal law.

State Medicaid agencies administer Medicaid on a day-to-day basis and have the primary responsibility for program integrity. Program integrity includes specific, dedicated activities, as well as activities that are built into program functions (e.g., beneficiary and provider enrollment, service delivery, payment). Federal laws and regulations include requirements for states to reduce fraud, waste, and abuse. Each state must have a Medicaid Fraud Control Unit (MFCU) to investigate fraud and prosecute or refer to prosecution individuals or entities defrauding Medicaid. Other state agencies and fiscal officers may be involved, including state auditors. Comprehensive managed care is the primary Medicaid delivery system (accounting for 75% of beneficiaries and over 50% of total Medicaid spending) which creates different risks, as the state is delegating provider contracting, utilization management, and claims processing to a managed care organization (MCO). States with managed care programs have additional program integrity responsibilities.

The federal government’s responsibility is to provide “effective support and assistance to states to combat provider fraud and abuse.” CMS supports states through funding, training, and defining in regulation how states must comply with Medicaid program integrity requirements. Three federal agencies – the HHS Office of Inspector General (OIG), U.S. Department of Justice (DOJ), and Government Accountability Office (GAO) – are also involved in this work, each with different roles and responsibilities. Federal agencies regularly report on Medicaid program integrity performance, including:

2. There is no comprehensive or reliable measure of fraud in Medicaid.

Fraud is not unique to Medicaid. Fraud occurs in Medicaid, Medicare, and private health insurance. Most monetary loss from fraud is by providers. Fraud includes obtaining a thing of value through willful misrepresentation. Measuring fraud is difficult, in part, because it can only be determined with certainty after the fact and if it is identified. There are no reliable measures of fraud against Medicaid. DOJ and HHS-OIG operate a Health Care Fraud and Abuse Control (HCFAC) program, designed to coordinate federal, state, and local health care fraud and abuse law enforcement activities. A HCFAC report is published annually, describing health care fraud enforcement actions. Recent analysis of the FY 2023 HCFAC report found no beneficiary fraud in the listing. Providers convicted (of different kinds of fraud against Medicaid and Medicare) included ambulance service providers, durable medical equipment suppliers, diagnostic labs, nursing homes, pain clinics, pharmacies, physical therapists, physicians, and substance use treatment providers. Examples of successful criminal and civil investigations highlighted in the report include:

Sentencing of an EMT supervisor for an ambulance company who wrote and signed hundreds of false ambulance run sheets that were used to send fraudulent bills to the Texas Medicaid program;

Sentencing of a pharmacy owner in a scheme to bill Kentucky Medicaid (and other health benefit programs) for drug prescriptions that were never filled; and

Sentencing of a Michigan physician for his role in a health care fraud scheme that exploited patients suffering from addiction by administering unnecessary back injections and illegally distributing millions of medically unnecessary opioids.

In FY 2023, total HCFAC recoveries reached $3.4 billion (across Medicaid and Medicare). The reported return on investment for the HCFAC program (2021-2023) was $2.80 for every $1 spent. HHS-OIG also publishes an annual summary of the cases brought by state Medicaid Fraud Control Units (MFCUs). The report identifies criminal convictions and civil settlements and judgments by provider type. In FY 2024, MFCUs reported 1,151 convictions and $1.4 billion in recoveries (or $3.46 for every $1 spent).

3. Improper payments are not a measure of fraud.

The Improper Payments Information Act (IPIA) of 2002 (replaced by the Payment Integrity Information Act (PIIA) of 2019) requires the heads of federal agencies to annually review programs they administer and identify those that may be susceptible to significant improper payments, to estimate the amount of improper payments, to submit those estimates to Congress, and to submit a report on actions the agency is taking to reduce the improper payments. The Office of Management and Budget (OMB) has identified Medicaid and CHIP as programs at risk for significant improper payments. As a result, CMS developed the Payment Error Rate Measurement (PERM) program to comply with the IPIA / PIIA and related guidance issued by OMB.

The PERM program measures improper payments in Medicaid and produces a national improper payment rate, which is not a fraud rate. Improper payments, which are often cited when discussing program integrity, are payments that do not meet CMS program requirements. PERM is based on reviews of fee-for-service (FFS), managed care, and eligibility components of a state’s Medicaid program in the year under review. The error rate is not a “fraud rate” (or a waste or abuse rate) but a measurement of payments made that did not meet statutory, regulatory, or administrative requirements or are made in an incorrect amount (including overpayments and underpayments). While fraud and abuse may be one cause of improper payments, not all improper payments represent fraud or abuse. PERM is not designed to detect or measure fraud. States are audited on a rolling three-year basis, meaning each PERM cycle measurement includes one-third of states. Annually, the most recent three cycles are combined to produce a national improper payment rate (weighted by state size). (CMS also produces improper payment rates for CHIP, Medicare, and advanced premium tax credits (APTCs) for the federally facilitated exchange.) As with variation in all aspects of Medicaid operations, PERM rates vary across states ranging from under 1% in Alabama, South Dakota, and Washington to over 20% in South Carolina and Wyoming.

In 2024, Medicaid paid an estimated 94.9% of total outlays properly, representing $579.73 billion in proper federal payments (Figure 1). The overall Medicaid improper payment rate was 5.1% (or $31.10 billion in federal payments). However, 79.1% of the improper Medicaid payments were the result of insufficient documentation or missing administrative steps (Figure 1). These payments were not necessarily for ineligible enrollees, providers, or services (i.e., since they may have been payable if the missing information had been on the claim and/or the state had complied with requirements). Examples include state failure to document beneficiary eligibility or to appropriately screen enrolled providers, or medical records not submitted or missing required documentation to support the medical necessity of a claim. Other improper payments include payments for beneficiaries who were ineligible or were eligible but received a service that was not covered (15.6%), for providers not enrolled in the program (2.0%), and other monetary losses (3.3%) (Figure 1). States are often required to develop and implement corrective action plans for errors and deficiencies.

The 2024 improper payment rate was the lowest rate since the COVID-19 pandemic began due, in part, to flexibilities granted during the public health emergency (e.g., suspended eligibility renewal determinations and reduced requirements for provider enrollment and revalidations) and to improved state compliance with program rules. Prior to the pandemic, the improper payment rate increased following the reintegration of the PERM eligibility component in 2019, which was suspended from 2015 – 2018 to provide states with time to adjust to eligibility process changes in the Affordable Care Act. (In its place, CMS required states to implement pilots to assess the accuracy of their eligibility determinations.) While the national improper payment rate increased notably in 2019, 2020, and 2021 (to 21.7%), more than three quarters of improper payments (in each year) were due to insufficient documentation or missing administrative steps (data not shown). In 2024, CMS finalized rules related to eligibility and enrollment that included guidance for states on eligibility documentation procedures to reduce “paperwork” errors that lead to the majority of eligibility-related improper payments. Specifically, the rule requires records to be kept in electronic format for the entire period the case is active and for at least three years after and identifies the information that must be included in all case records; however, Congress may repeal these rules.

4. HHS and CMS identify key areas of program integrity focus, informed in part by recommendations made by other federal agencies.

HHS works with all states to develop strategies to address the root causes of improper payments. States are responsible for implementing, overseeing, and assessing the impact of these strategies and actions. Efforts include systems and process improvements (e.g., adding new claims processing checks, upgrading claims processing systems, and enhancing procedures for provider and beneficiary enrollment).

Every five years, HHS and CMS must issue a comprehensive Medicaid program integrity plan that outlines the agency’s strategy for working with states on program integrity. Historically, program integrity efforts focused on the recovery of misspent funds, but more recent initiatives move beyond “pay and chase” models to focus more heavily on prevention and early detection of fraud and abuse and other improper payments. The FY 2024-2028 CMS plan highlights key areas of focus including Medicaid managed care oversight, eligibility determination processes, systems improvements, data analytics and data sharing, and federal training and technical assistance. To help target oversight activities, CMS will continue to use a risk-based approach to focus efforts on high-risk states, providers, managed care plans, and program areas to maximize return on investment. CMS identified Medicaid managed care, non-emergency medical transport (NEMT), dental benefits, nursing facilities, and home- and community- based services as areas where there may be high-risk program integrity vulnerabilities.

Independent agencies like MACPAC and GAO regularly make recommendations to reduce fraud, waste, and abuse in Medicaid. In 2024, GAO indicated CMS had taken steps to address improper Medicaid payments (consistent with their recommendations) including improving managed care oversight (e.g., increasing audits), assessing fraud risks (including documenting vulnerabilities and identifying mitigation strategies), and improving state compliance with provider screening and enrollment requirements. GAO notes, however, actions on recommendations that remain unimplemented could further enhance program integrity—including additional CMS oversight/action to improve state compliance with provider enrollment and screening requirements, ensure timely state eligibility determinations, and improve collaboration with state auditors. Additionally, GAO made recommendations to CMS about other areas where program oversight and transparency could be improved including managed care, demonstration waivers, and other financing. MACPAC recommendations include simplifying and streamlining program integrity regulatory requirements, improving state-federal coordination, and identifying the most effective program integrity activities.

5. “Fraud, waste, and abuse” are at the forefront of current debates as a basis for making changes in Medicaid and more broadly.

Medicaid is a very complex program that involves millions of beneficiaries, hundreds of thousands of providers, 51 state agencies (including DC), different delivery systems, complicated eligibility rules, and significant federal and state expenditures—all of which together create vulnerabilities and opportunities for error. Since the enactment of Medicaid in 1965, the statute has evolved to promote program integrity. The focus of program integrity efforts has also evolved at CMS in response to changing legislation, policy developments, and priorities. Each administration may approach program integrity differently, with different goals and a willingness to accept different tradeoffs. Republicans in Congress and the Trump Administration state they are not aiming to cut Social Security, Medicare, or Medicaid benefits but aiming to root out fraud, waste and abuse—often citing improper payment estimates as evidence of extensive fraud in Medicaid and Medicare, despite GAO stating improper payments are not designed to identify fraud and are not a measure of fraud or abuse. While policy makers and the public support efforts to root out fraud and make government more efficient, there is little support for broad reductions in federal spending on Medicaid that could affect coverage, benefits, or access to care.

What is known about fraud in Medicaid is that it’s not unique to Medicaid (fraud also occurs in Medicare and private health insurance) and is mostly committed by providers. There are checks on fraud, waste, and abuse at both the federal and the state levels, as described in the sections above. GAO and MACPAC recommendations to reduce fraud and abuse may involve additional investments in oversight and transparency but not reductions in federal funding. As the budget debate continues, there may be efforts to recast certain Medicaid policy changes such as adding work requirements to Medicaid and restricting the use of provider taxes as addressing fraud, waste, and abuse. There are proponents and opponents of such policies, and these policies may come with tradeoffs (e.g., decreasing federal funding while shifting costs to the states and reducing coverage), but they are not about rooting out fraud in Medicaid.

To meet House budget resolution requirements, Congress will need to make major cuts to federal spending on Medicaid. An option under consideration is to limit the use of state taxes on providers, which could save hundreds of billions of dollars according to the Congressional Budget Office (CBO). Medicaid is jointly financed by the federal government and the states, with the federal government paying close to 70% of total costs in fiscal year (FY) 2023. States are permitted to finance the non-federal share of Medicaid spending through multiple sources, including state general funds, health-care related taxes (referred to as “provider taxes” throughout this brief), and local government funds. All states except for Alaska finance some of the state costs with taxes on health care providers, which may be imposed as a percentage of provider revenues or using an alternative formula such as a flat tax on the number of facility beds or inpatient days. The most common provider taxes are levied on nursing facilities (46 states) and hospitals (45 states).

Proponents of restricting provider tax authority say that providers and states receive federal matching funds without expending their own money, which can “inflate a state’s Medicaid match.” As the debate about broader Medicaid spending reductions continues, Republicans may try to recast restrictions on provider taxes as addressing fraud, waste, and abuse. Opponents of such restrictions note that provider taxes are permissible under current law and help fund Medicaid; and restricting provider taxes will create financing gaps for states that could result in higher state taxes, reductions in Medicaid eligibility, lower provider payment rates, and fewer covered benefits. Both proponents and opponents of new restrictions agree that the limited data about provider taxes makes it difficult to assess states’ reliance on them as a funding source and to understand how they affect net payments to providers. The Medicaid and CHIP Payment and Access Commission has submitted recommendations to Congress that states start reporting new data on Medicaid taxes and that those data be publicly available for analysis.

In light of the current debate, this issue brief uses data from KFF’s 2024-2025 survey of Medicaid directors, to describe states’ current provider taxes and the federal rules governing them.

1. All states except for Alaska use provider taxes to help finance the state share of Medicaid spending.

The federal government and states share responsibility for financing Medicaid, with the federal government guaranteeing states federal matching payments with no pre-set limit. States have considerable flexibility in determining how to finance the non-federal share of state Medicaid payments. In state FY 2024, states reported that about 68% of state Medicaid spending came from general funds, most of which come from income and sales taxes. The remaining 32% was funded by other sources including local government funds and provider taxes.

Medicaid provider taxes are defined as those for which at least 85% of the tax burden falls on health care items or services or entities that provide or pay for health care items or services (see Social Security Act, Section 1903(w)(3)(A)). States use provider tax revenues to fund Medicaid “base” rates and supplemental payments, to avoid Medicaid benefit cuts, and to expand Medicaid benefits. Some states have used revenue from provider taxes to finance the ACA Medicaid expansion. Beyond helping finance the state share of Medicaid, permissible tax arrangements may have potential financial benefits for providers who are subject to the tax and serve a high volume of Medicaid patients.

All states but Alaska finance part of the state share of Medicaid funding through at least one provider tax and 39 states have three or more provider taxes in place (Figure 1). While data are limited, the Government Accountability Office (GAO) estimated that provider taxes as a percent of the non-federal share of Medicaid spending in SFY 2018 ranged from less than 0.5% in New Mexico, South Dakota, Texas, and Virginia to more than 30% in Michigan, New Hampshire, and Ohio. Over time, states have increased their reliance on provider taxes, with expansions often driven by economic downturns. GAO reported that reliance on provider taxes had grown significantly over the preceding decade, increasing from 7% in 2008 to 17% in 2018. There are no more current estimates that are publicly available of provider taxes as a share of Medicaid spending.

2. Federal rules set limits on how states can use provider taxes.

States first began using provider taxes to finance the state share of Medicaid in the 1980s, when Medicaid providers would donate funds or agree to be taxed and the revenues from those donations and taxes would be used to finance a portion of the state’s share of Medicaid. According to the Congressional Research Service, states were essentially “borrowing funds from Medicaid providers in order to draw down federal funds and increase Medicaid payment rates to the providers that had paid taxes or donated funds.” The particularly aggressive use of those taxes by some states spurred statutory and regulatory limitations on provider taxes starting in the 1990s. Federal rules now specify that provider taxes must be:

Broad-based, which means the tax is imposed on all providers within a specified class of providers (e.g., the tax cannot be imposed only on providers that see primarily Medicaid patients);

Uniform, which means the tax must apply equally to all providers within the specified class (e.g., the tax rate cannot be higher on Medicaid revenue than non-Medicaid revenue); and

Not hold taxpayers (providers) “harmless,” which means states are prohibited from directly or indirectly guaranteeing that providers will receive their tax revenues back (i.e., be “held harmless”).

There are 19 classes of providers that the Centers for Medicare and Medicaid Services (CMS) uses to ensure that the tax programs are broad-based and uniform (see 42 CFR Section 433.56). In assessing whether provider taxes comply with federal laws, current regulations specify that the hold harmless requirement does not apply when the tax revenues comprise 6% or less of net patient revenues from treating patients (see 42 CFR Section 433.68), a level sometimes referred to as a “safe harbor” limit. States may also receive waivers of the requirement that taxes be broad-based and uniform if the state can prove the net effect of the tax is “generally redistributive,” and that the amount of tax is not directly related to Medicaid payments.

Policy proposals that would reduce the “safe harbor” limit below 6% could affect most significantly the 38 states that have one or more provider taxes that exceed 5.5% of provider net patient revenues (Figure 2). However, if the limit were reduced significantly enough, all states with provider taxes could be affected. There are 10 states with at least one provider tax that is between 3.5% and 5.5% of net patient revenues. One state (Georgia) reports that all provider taxes are below 3.5% of net patient revenues.

3. Provider taxes are most common for institutional providers.

Provider taxes fall on a wide range of provider types but are most common for institutional providers including nursing facilities (46 states), hospitals (45 states), and intermediate care facilities for people with intellectual or developmental disabilities (32 states, Figure 3). States often use provider tax revenues to support payment rates for providers, often by financing supplemental payments like disproportionate share hospital (DSH) payments, upper payment limit (UPL) payments, and managed care state directed payments (uniform payment increases through managed care that are similar to supplemental payments). Hospitals’ base fee-for-service rates vary considerably across states and, on average, are below hospitals’ costs of providing services to Medicaid enrollees and below Medicare payment rates for comparable services, causing some states to rely more heavily on supplemental payments than others to help cover hospitals’ costs. It is unknown from available data how much states are paying hospitals after accounting for base payments, supplemental payments, and the costs of provider taxes (e.g., the net payment rate), which is one reason why the Medicaid and CHIP Payment and Access Commission has called for greater transparency around provider taxes.

Although data on the use of revenues from provider taxes are limited, GAO found that in 2018, states financed a higher percentage of the state share of supplemental payments (e.g., DSH and non-DSH supplemental payments) using provider taxes than they did for other types of Medicaid payments (i.e., base payments). The use of provider taxes to fund supplemental payments to providers has raised some questions regarding compliance with hold harmless requirements for provider taxes. In April 2024, CMS released guidance to states about this issue, noting they will work with states to identify impermissible hold-harmless arrangements but will not take enforcement action until January 2028, allowing states time to come into compliance.

Beyond institutional providers, 20 states have provider taxes on managed care organizations (MCOs), 17 on ambulance providers, and 11 on “other” provider types such as ambulatory care facilities and home care providers (Appendix Table 1). The Deficit Reduction Act of 2005 required states that tax Medicaid MCOs to tax all MCOs uniformly, thus limiting the ability of states to only tax Medicaid MCOs. However, CMS has the authority to waive the uniformity requirement, and other federal requirements if the tax is determined to be “generally redistributive.” The formula for determining whether a waiver request is “redistributive” has allowed states to impose Medicaid taxes primarily on Medicaid enrollees, raising CMS concerns. For example, in California the tax is set at a much higher rate for Medicaid enrollees relative to privately-insured enrollees, which means that 99% of the tax burden falls on Medicaid member months. As a result, there may be issues with the hold harmless requirements because the MCOs paying for nearly all the tax payments also receive premium payments from the state to provide Medicaid coverage, and those premium payments reflect the tax expense. In its approval letter of California’s recent provider tax waiver in January 2025, CMS included a companion letter informing the state that CMS was contemplating proposed regulatory changes that could affect the legality of California’s MCO tax in future years.

4. Provider tax revenues are most likely to be near the safe harbor limit for long-term care providers.

Tax revenues are nearest to the safe harbor limit most often for nursing facilities and intermediate care facilities for people with intellectual or developmental disabilities (Figure 4). If provider tax revenues are 6% or less of patient net revenues, they are not subject to hold harmless requirements, meaning the revenues may fund payments back to the providers being taxed. Proposals to reduce the 6% “safe harbor” limit would likely most significantly affect states with taxes already near the upper limit. Provider taxes that exceed 5.5% of net patient revenue are most common for nursing facilities (22 states) and intermediate care facilities (17 states), both of which provide long-term care for people who need help with the activities of daily living. There are also 13 states that have provider taxes exceeding 5.5% of net patient revenues for hospitals.

5. Further limits on provider taxes are likely to reduce Medicaid spending, coverage, and payment rates.

The recently passed House budget resolution targets cuts to federal Medicaid spending of up to $880 billion or more over a decade. To put the size of the spending cuts in perspective, $880 billion represents 6% of state taxes per resident and 19% of states’ spending on education per pupil, so offsetting the loss of federal revenues would be challenging for states, particularly considering that states generally must balance their budgets. Assuming states will be unable to replace cuts of that magnitude, they will face difficult choices about whether to reduce Medicaid spending by covering fewer people, eliminating optional benefits, or reducing provider payment rates.

There are not yet detailed proposals under consideration by Congress to achieve federal Medicaid spending reductions, but the Congressional Budget Office (CBO) estimated that reducing the safe harbor limit for provider taxes could save tens or hundreds of billions of dollars depending on the size of the reduction (Figure 5). If the hold-harmless threshold were reduced to 5%, CBO estimates the federal government would save $48 billion over 10 years. If the hold-harmless threshold were eliminated, savings would be $612 billion.

CBO’s estimates of federal spending reductions are based on the agency’s assessment that states will reduce Medicaid spending, resulting in people losing Medicaid coverage. While CBO provides national estimates, the effects would vary significantly across the states. States with provider taxes near the safe harbor limit would be affected by even modest changes whereas states with lower provider taxes would only be affected by more significant reductions. Effects on total Medicaid spending and enrollment would also vary based on how much states offset lost provider tax revenues with other sources of funding. Because provider taxes often support Medicaid payment rates, there will almost undoubtedly be downward pressure on payment rates if provider taxes are restricted, particularly for institutional providers including nursing facilities, intermediate care facilities, and hospitals.

Key Takeaways Bank account fraud comes in many forms including check fraud, P2P payment scams, ATM skimming, phishing and wire transfer schemes.

Prevention is your first line of defense. Use tools like account alerts, cardless ATM access, strong passwords and secure Wi-Fi.

If you fall victim to a scam, act quickly by contacting your bank or reporting to the FTC.

Today’s consumers have more options for paying bills, depositing checks, sending money to friends and family and performing other banking transactions. But each new method comes with new ways for fraudsters to deplete your bank account.

Having your bank account raided by scammers can devastate your ability to pay your bills and everyday expenses. Luckily, for each common type of bank fraud, there are ways to keep your accounts safe and secure.

Most common types of bank account fraud

1. Check fraud

This type of fraud involves illegal attempts to obtain money through checks. Although Americans use fewer paper checks today via their checking accounts or money market accounts than in previous decades, check fraud remains a widespread problem.

In 2023 alone, financial institutions reported over $688 million in suspicious check-related activity, according to the Financial Crimes Enforcement Network .

Examples include:

Creating fake checks.

Check washing: Replacing the original information on a check with new information.

Check kiting: Writing a check for an amount greater than what’s in the account and depositing it at another bank.

Forgery: Signing and using a check without permission.

How to protect yourself from check fraud

Verify suspicious checks: If you receive a check that seems like it could be fraudulent, contact the issuing bank directly to confirm it’s real before depositing it.

If you receive a check that seems like it could be fraudulent, contact the issuing bank directly to confirm it’s real before depositing it. Be wary of overpayments: Some check scams involve the writer of the check issuing it for too much money, followed by a request to refund the difference. The check may bounce if you send it back, so you’ve been scammed out of whatever amount you sent.

Some check scams involve the writer of the check issuing it for too much money, followed by a request to refund the difference. The check may if you send it back, so you’ve been scammed out of whatever amount you sent. Never pay to claim a prize: If someone asks you to send money to claim a prize, it’s likely a scam. Never write a check (or send money in other forms) to someone you don’t know or feel suspicious about.

What to do if you’re a victim of check fraud

Report it to your bank: This is especially helpful if you suspect a check is fraudulent before the bank catches it — the bank may be able to put a stop payment on the check.

This is especially helpful if you suspect a check is fraudulent before the bank catches it — the bank may be able to put a stop payment on the check. File a police report: Your bank may require you to do so before reimbursing you for any lost funds.

Your bank may require you to do so before reimbursing you for any lost funds. File a report with the Federal Trade Commission: Once you do, the FTC will provide next steps you can take to protect yourself. It also shares reports with law enforcement agencies to help with investigations.

2. Peer-to-peer payment scams

Peer-to-peer (P2P) payments are those made between people using services such as Zelle, Venmo , PayPal and Cash App .

When you send a payment to a friend or relative through a P2P provider’s website or mobile app, the money typically goes straight from your checking account to the other person’s account.

It’s important to be aware of common types of scams involving P2P services, according to Jason Zirkle, training director with the Association of Certified Fraud Examiners.

“Most are impersonation scams, where the scammer pretends to be a representative from your bank (or a government agent, or a utility provider, etc.) asking you to send money,” Zirkle says. “They will often use spoofing services to trick your caller ID into showing that the call actually is from your bank, so do not trust caller ID.”

Fraudsters may also request you send money to yourself through an app such as Zelle, Zirkle adds. “Scammers will try to convince you that this is the only way to ‘reverse’ a fraudulent transaction, but in the end, you’re sending money to the scammer.”

How to protect yourself from P2P fraud

Look out for impersonators: Scammers can spoof numbers to make it look like your bank (or the Internal Revenue Service (IRS), or your utility company) is calling. If someone asks you to send money, hang up and call the organization directly.

Scammers can spoof numbers to make it look like your bank (or the Internal Revenue Service (IRS), or your utility company) is calling. If someone asks you to send money, hang up and call the organization directly. Use payment protection features when available: Some platforms, like PayPal, offer buyer protection when paying for goods or services. Avoid using P2P apps to pay strangers unless the platform offers and you select this kind of coverage.

Some platforms, like PayPal, offer buyer protection when paying for goods or services. Avoid using P2P apps to pay strangers unless the platform offers and you select this kind of coverage. Double-check every payment request: If someone asks you for money — even if they claim to be your friend, your bank or a business — reach out to them through a phone number or contact method you know is real before sending anything.

What to do if you’re a victim of P2P fraud

There’s a good chance you won’t be able to recover money stolen through P2P fraud, Zirkle says. “The quicker you accept that, the quicker you can move forward,” he adds.

Zirkle advises attempting to get the funds back with these steps:

Notify your bank and ask how to file a claim to try and get your money back.

File a report with your local law enforcement. While the police might not investigate the theft, having an official report may assist with problems such as credit disputes.

Put a fraud alert on your credit. This can make it more difficult for someone to open a new credit account in your name. You can set up a fraud alert by contacting any of the three credit bureaus (Experian, TransUnion or Equifax), according to the FTC .

. Report the scam to the FTC. Once you submit your report, the FTC will provide tips on what to do next.

3. ATM skimming

Thieves use ATM skimming to people’s credit and debit card information by installing hidden recording devices on ATMs. Skimming is also possible at payment terminals like those at gas stations.

Thieves can install a plastic overlay atop the keypad to capture your PIN as you type it. Similarly, an overlay installed over the card insertion slot lets them obtain the data on the card’s magnetic stripe.

Once scammers obtain your card number and PIN, they may use the information to create fake cards, withdraw your money or make online purchases. Scammers also sell stolen card numbers to criminal groups for fraudulent use.

How to protect yourself from ATM skimming

Use cardless ATM features : If your bank offers cardless access through a mobile app or digital wallet, take advantage of it. There’s nothing to skim if you never insert your card.

If your bank offers cardless access through a mobile app or digital wallet, take advantage of it. There’s nothing to skim if you never insert your card. Avoid sketchy machines: Steer clear of ATMs or payment terminals that look damaged or tampered with.

What to do if you’re a victim of ATM skimming

The sooner you notice and report skimming activity on your account, the sooner you can stop it . Be sure to log in to your bank accounts regularly to view your balance and recent transactions. Take note of anything you don’t recognize.

If you find any transactions you believe are fraudulent, report them to the bank immediately. Quick action may limit your liability for unauthorized transactions.

4. Phishing

Phishing scams are cyberattacks that involve tricking the victim into sharing login credentials or other sensitive information. Scammers may insert malware into a text or an email, allowing them to steal your information if you click a link or download an attachment.

Phishing messages are usually designed to look like they’re coming from someone you trust, such as your bank or another service provider.

How to protect yourself from phishing scams

Don’t click suspicious links: If you get an email or text asking you to log in, verify info or “act now,” don’t click. Go directly to the company’s official website or app instead.

If you get an email or text asking you to log in, verify info or “act now,” don’t click. Go directly to the company’s official website or app instead. Question unexpected messages: Just because an email says it’s from your bank doesn’t mean it is. If you’re unsure, call the number on the back of your card — not the number in the message.

Just because an email says it’s from your bank doesn’t mean it is. If you’re unsure, call the number on the back of your card — not the number in the message. Watch for typos and urgency: Many phishing messages contain grammatical errors or try to rush you into acting fast. That’s a classic red flag.

Many phishing messages contain grammatical errors or try to rush you into acting fast. That’s a classic red flag. Keep your devices secure: Use antivirus software and keep your apps and operating systems updated to block malware hidden in phishing attachments.

What to do if you’re a victim of a phishing scam

The FTC advises taking these steps if you’ve been a victim of a phishing scheme:

If you believe the scammer has obtained your social security number, report the identity theft to the FTC. The FTC will provide a recovery plan that includes how to monitor your credit.

to the FTC. The FTC will provide a recovery plan that includes how to monitor your credit. If you’ve given up a password, create a brand new, strong password. Choose one with at least 12 characters and avoid common words or phrases. If you used the stolen password for more than one account, change it for those accounts too.

If a scammer has remote access to your computer, run a scan using your computer’s security software and remove anything it flags as a problem.

If a fraudster has taken over your mobile phone number and account, reach out to your service provider to regain access. Then, change your account’s password.

5. Wire transfer scams

Scammers often request wire transfers because it can be difficult for victims to recover the money they send. Common wire transfer scams include:

Family emergency scams: You may receive a call or text from someone pretending to be a friend or relative and asking you to wire money for anything from paying a hospital bill to bail.

You may receive a call or text from someone pretending to be a friend or relative and asking you to wire money for anything from paying a hospital bill to bail. Dating app scams: Fraudsters may build relationships and cultivate trust on popular dating apps. Then they’ll invent stories about why their victims should loan or gift them money.

Fraudsters may build relationships and cultivate trust on popular dating apps. Then they’ll invent stories about why their victims should loan or gift them money. Classified ad schemes: Scammers may post classified ads purportedly selling items and request you pay them through a wire transfer — with no intention of providing you with the item you paid for.

How to protect yourself from wire transfer scams

Don’t wire money to strangers: No matter how convincing the story is, always be careful when wiring money to someone you haven’t met in person. Even if they claim to work for a government agency such as the IRS or Social Security Administration.

No matter how convincing the story is, always be careful when wiring money to someone you haven’t met in person. Even if they claim to work for a government agency such as the IRS or Social Security Administration. Be suspicious of urgency: Scammers thrive on panic. If someone’s pressuring you to send money right away — whether it’s a fake emergency, a deal or a threat — it’s likely a scam.

Scammers thrive on panic. If someone’s pressuring you to send money right away — whether it’s a fake emergency, a deal or a threat — it’s likely a scam. Avoid “wire only” payment requests: If a seller insists that a wire transfer is your only payment option, be wary. Legitimate sellers usually offer safer, more flexible methods.

If a seller insists that a wire transfer is your only payment option, be wary. Legitimate sellers usually offer safer, more flexible methods. Ignore government impostors: The IRS, Social Security Administration, and other agencies will never ask you to wire money. Anyone who says otherwise is trying to scam you.

What to do if you’re a victim of a wire transfer scam

If you wired the funds through your bank, contact the bank to report what happened. Ask about reversing the wire transfer so you can recover the money.

If you wired the funds through a provider such as Western Union or MoneyGram, contact the provider directly and tell them it was a fraudulent transfer. Ask if the transfer can be reversed and your money returned.

Report the fraud to the FTC, which may provide next steps to take and share the report with law enforcement partners.

Extra tips for protecting yourself from checking account scams

Monitor your account regularly: Check your bank account often to catch suspicious activity early.

Check your bank account often to catch suspicious activity early. Set up account alerts: Get notified of transactions, large withdrawals or logins from new devices so you can act fast.

Get notified of transactions, large withdrawals or logins from new devices so you can act fast. Use strong, unique passwords: Avoid reusing passwords across accounts and enable multifactor authentication whenever possible.

Avoid reusing passwords across accounts and enable multifactor authentication whenever possible. Keep your devices updated: Regular software updates help patch security vulnerabilities scammers may try to exploit.

Regular software updates help patch security vulnerabilities scammers may try to exploit. Shred sensitive documents: Don’t toss out old bank statements or checks without shredding them. They’re gold for identity thieves.

Bottom line

Bank account fraud can happen no matter where you live, so it’s important to protect your money by being aware of common scams. Vigilance and precautions can help keep your bank account safe and secure since only a few types of fraud are listed in this article. And scammers are always thinking of new ways to fool consumers and businesses.

If you lose money through check fraud, peer-to-peer payment scams, ATM skimming or phishing schemes, know you have recourse to minimize the damage and try and regain your funds.

Fraud is the most prevalent type of crime in the UK, accounting for over 40% of offences in England and Wales, according to figures from the National Crime Agency.

Criminals stole £1.17 billion through unauthorised and authorised fraud in 2024, according to trade body UK Finance (UKF). This is unchanged since 2023, and represents suffering and turmoil for millions of people.

UKF says banks prevented a further £1.45 billion of unauthorised fraud through advanced security systems.

While anyone can fall victim to fraud, scammers often take aim at the financially vulnerable, targeting them with schemes that run the gamut from fake ‘investment opportunities’ to fraudulent tickets and parcel delivery scams. We’ve rounded up some common scams to watch out for in 2025 and beyond.

Pro Tip On 7 October 2024 the Payments System Regulator (PRS) introduced new rules around APP scams, which include minimum protection for consumers of up to £85,000 and reimbursement times of no more than five days from making a claim. The rules apply to all payment firms including high street banks and building societies and e-money institutions

Online shopping scams

For many bargain hunters, online shopping is the first port of call – and unscrupulous criminals know it.

Online shopping scams, also known as purchase scams, target these consumers with fraudulent deals and discounts.

Fraudsters may create websites that imitate legitimate retailers, or use social media platforms and auction sites to push fake listings including tech, clothing and even cars at discounted prices.

On making a purchase shoppers may receive a completely different item, or their order may never materialise.

According to Santander’s Quarterly Scamtracker report, customers lost more than £18 million to purchase scams in the first quarter of 2025 alone.

And as UK consumers gear up for summer spending, fraudsters are only too happy to take advantage.

Adam Mercer, deputy head of Action Fraud, says: “Never feel pressured into buying anything online – creating a false sense of urgency is a tell-tale sign of a fraudster. Whether you are shopping on online marketplaces, social media or retailers, avoid bank transfers if you can, and use a credit card as it can provide more protection if anything goes wrong.”

Charity fraud

The regulator of charities in England and Wales, the Charity Commission, regularly cautions the public to make donations carefully in the wake of humanitarian crises.

Criminals have been known to replicate legitimate charity websites and contact individuals via email or text message requesting donations for fraudulent appeals.

To ensure you are donating to a legitimate charity, Action Fraud recommends checking its registration number. All charities with an annual income of £5,000 or more must be registered, which means they are obliged to follow rules set by the Charity Commission and release annual reports.

When making a donation, Action Fraud also recommends navigating directly to your chosen charity’s website rather than following email links, to ensure you reach the genuine site.

If you suspect an appeal is not legitimate, you can report it to Action Fraud.

Gerald Oppenheim, chief executive of the Fundraising Regulator, says: “We want to make sure that the public can continue to give, safe in the knowledge that their donations are going to help alleviate suffering.

“By carrying out just a few simple checks, you can ensure you make informed decisions when donating to the disaster response.”

Travel scams

As summer approaches and holiday planning gets underway, opportunistic criminals are only too happy to catch travellers off-guard.

West Midlands Police has warned that criminals are creating fake listings for holiday packages, accommodation, excursions and flights.

This type of fraud isn’t limited to online listings – criminals may also contact individuals with fraudulent holiday ‘deals’ at unrealistically low prices.

According to research by Action Fraud, UK consumers lost more than £11 million to holiday fraud in 2024, with average losses of £1,844.

To avoid falling prey to this kind of fraud, Action Fraud recommends booking your holiday directly through a trusted operator, and ignoring unsolicited ‘deals.’

If in doubt about a provider, you can check whether it’s a member of the Association of British Travel Agents (ABTA) online.

Impersonation scams

During an impersonation scam, fraudsters pose as an authority figure to convince their targets to move money or part with sensitive information.

Over the course of 2023, Lloyds Bank saw a 13% rise in the number of impersonation scams reported by its customers.

Each customer who fell victim lost £5,318 to impersonation scams on average, although losses can be far steeper.

So-called CEO fraud, where criminals impersonate senior staff members at their victims’ company, can be especially costly. On average, £10,918 was lost to each individual who fell prey to CEO fraud in 2023.

During a CEO impersonation scam, criminals convince employees to transfer them money under various guises, such as an ‘urgent’ unpaid invoice, or convince them to purchase gift cards ‘for colleagues’ under the promise of reimbursement.

Liz Ziegler, fraud prevention director at Lloyds Bank, says: It’s important people take steps to protect themselves and be really wary of unexpected calls or out of the blue requests for help.

“If something doesn’t seem right, take a step back and verify who you are actually speaking to.”

To avoid impersonation scams, she recommends being cautious of any messages you receive from unknown contacts – even if they claim to be from an organisation or person you trust.

She adds that your bank, the police and your employer will never ask you to move money or install software. If in doubt, contact the person or organisation a message claims to be from to double check it’s really them.

Loan fee fraud

With loan fee fraud, opportunistic criminals charge victims a fee for fake loans which they never receive.

This type of scam is known as loan fee fraud, and it costs each victim £255 on average, according to the Financial Conduct Authority (FCA).

Loan fee fraud is usually more prevalent in the summer, as consumers look towards credit to manage the extra costs that arise this time of year, such as holidays, childcare and entertainment.

According to FCA data, loan fee fraud has become more prevalent in recent years, as criminals respond to the uptick in households relying on credit to make ends meet during the cost of living crisis.

Between 2021 and 2022, the FCA reported a 26% uptick in reports of loan fee fraud.

In a survey of 2,000 UK adults, the regulator also found that 21% said they had used a loan to cover summer expenditure in the past, or planned to.

Steve Smart, executive director of enforcement and market oversight at the FCA, said: “For fraudsters, this provides the perfect opportunity to take advantage of people considering how to make ends meet over the summer months.”

To spot loan fee scams, the FCA recommends looking out for the following warning signs:

Cold calling or emailing unexpectedly

Asking for an upfront fee

Asking you to pay quickly, or through an unusual channel

It’s also urging consumers who need a loan to check their would-be provider is FCA authorised. You can do this by checking the FCA Register.

Authorised push payment scams

During an authorised push payment (APP) scam, victims are tricked into sending money directly to a criminal.

According to UK Finance, which produces an annual fraud report, APP fraud losses in 2024 were £450.7 million. This comprised £365.7 million of personal losses and £84.3 million of business losses.

However, the real impact is likely much higher, since the National Crime Agency estimates that 87% of fraud cases go unreported.

While the number of APP cases was down 20% compared with 2023, the total value of losses to think type of fraud was down just 2%.

Purchase scams, in which victims pay in advance for goods and services they never receive, accounted for 71% of the total number of APP fraud cases in 2024.

Meanwhile, the number of romance scams, where victims are tricked into believing they are in a relationship, reached its highest highs in terms of losses, which were up by 13% to £44.7 million.

The number of fraud cases where criminals impersonate a bank or the police and convince someone to transfer money to a ‘safe account’ fell by 32%, and the amount lost to this type of fraud fell by 38%. UKF says there has been significant investment made in warning consumers that a bank will never ask someone to transfer money in this way.

Elsewhere, the government has announced that banks and building societies will soon be given the power to delay payments they suspect to be fraudulent for up to four days, allowing them time to investigate, and hopefully protect consumers against scams.

Ben Donaldson, managing director of economic crime at UK Finance, an industry body, says: “This could allow payment service providers time to get in touch with customers and give them the advice and support they need to avoid being coerced by the criminals who want to steal their money.”

Criminals may also pose as legitimate organisations to instil trust in their victims before requesting money. In 2024, £65.9 million was lost to criminals posing as bank staff or the police, for instance.

According to analysis by Revolut, social media is a key channel for APP scams, with Meta platforms Facebook, WhatsApp and Instagram accounting for 60% of all scams reported in 2023.

While just 16% of APP fraud was carried out over the phone in 2024, these cases accounted for 36% of losses.

These losses are likely to be cut down when the government’s new fraud strategy – which places a blanket ban on cold calls offering financial services – comes into play.

With this measure in place, individuals can assume that any unexpected calls offering financial services are a scam.

Kate Frankish, chief business development officer and anti-fraud lead at Pay.UK, said: “Fraudsters move fast and adapt quickly, coming up with novel methods and using technology to their advantage. This is reflected in the steep rise of online scams.”

She added: “To tackle this issue, regulators and law enforcement must keep up with new technology and work more closely with online social and technology platforms, telecommunications providers and financial institutions.”

New rules from the Payment System Regulator mean that, as of October 2024, victims of APP scams must be reimbursed by their bank or payment processor for their losses.

In total, £267.1 million of APP losses was returned to victims in 2024, or 59% of the total loss. This is a decrease from 62% in 2023.

Parcel delivery scams

The internet is a massive shopping outlet, as evidenced by the fact that over a quarter of UK retail sales in May 2025 took place online, according to the Office for National Statistics (ONS) – and opportunistic fraudsters are taking advantage through parcel delivery scams.

During these scams, criminals pose as legitimate delivery companies to convince victims they need to pay additional fees or reschedule a delivery, in a bid to access their cash, personal information or bank details.

Of the 40 million UK adults targeted by scammers in the first quarter of 2023, almost half (49%) encountered this kind of scam, Citizens Advice reports.

Identity theft

Cases of identity theft — when fraudsters use a victim’s name and personal information to access their cash or take out credit in their name — have also been on the rise.

A 2024 survey by digital payment platform, Adyen, found that 33% of UK consumers said they fell prey to identify fraud in 2023 (losing £311.09 on average), compared with the 23% who experienced identity fraud in 2022.

In the majority of identity fraud cases (86%), victims’ personal details were stolen from online sources. These stolen details are often used to make purchases, accounting for £726.9 worth of losses amongst UK adults in 2022 alone, according to UK Finance data.

Mike Haley, chief executive of Cifas, the fraud prevention service, said: “The large majority of fraud and financial crime starts online, and the increasing use of digital technology has led to greater opportunities for criminals to commit fraud.”

Criminals often pose as legitimate organisations – or even government bodies – to trick their victims into sharing personal details or transferring money.

With the tax self-assessment deadline of 31 January now passed, HMRC is warning customers to be on the lookout for fraudsters offering fake tax rebates.

In the 12 months to January 2023, HMRC received more than 207,800 reports from the public about suspicious contact, up 14% compared with the previous 12 months.

Some scammers use the promise of rebates to trick customers into sharing personal details, while others threaten would-be victims with the prospect of arrest for tax evasion unless they update their tax details.

Laura Suter, head of personal finance at investing platform AJ Bell, said: “The move to cut the tax-free limits on capital gains tax and dividend tax, as well as lower the threshold for the additional rate income tax band, means that more people will be filing a tax return next year.

“Many of these people filing will be doing so for the first time ever, navigating a complicated system often without help. It means they are far more likely to fall prey to scammers who send a text asking for details or promising them a tax rebate.”

HMRC says it does not phone customers out of the blue, make threats, or ask you to transfer money. If you think you’ve been targeted by one of these scams, you can report it by forwarding suspicious text messages to 60599, and suspicious emails to phishing@hmrc.gov.uk.

According to a recent survey by Nationwide, around 17% of UK adults have had their identity stolen or used fraudulently.

Ed Fisher, head of fraud policy at Nationwide, said: “We urge everyone to be vigilant by protecting their details and observing a few basic tips – don’t overshare your information unnecessarily, consider who is following your online activity, and protect your devices and accounts with both security software and strong passwords or codes that are not the same.”

Ghost brokers

City of London Police has warned young drivers about the ongoing threat of ‘ghost brokers’ — scammers who sell invalid car insurance policies at unrealistically low prices.

After making a sale, the scammers send their victims fake insurance documents, or take out a real policy but falsify details such as the driver’s age, address, and history to bring down the premium.

Most victims of ghost brokers don’t realise they have been scammed until they need to make a claim on the insurance policy.

Ben Fletcher, director of the Insurance Fraud Bureau (IFB) said: “Young and vulnerable people are constantly being targeted online with fake car insurance deals that are too good to be true, and if they fall for them they’re immediately left out of pocket and face having their car seized by the police for no insurance.

“The cost-of-living crisis means it’s never been more important for people to safeguard their personal finances against fraud.”

Ghost brokers tend to canvass victims via social media or word of mouth, so when you need to take out a car insurance policy, be sure to use a reputable comparison site or broker, or go direct to the provider.

Insurance fraud

Fraudulent insurance claims cost the industry £1.1 billion in 2023, according to data from the Association of British Insurers (ABI).

When fake claims are made, fraudsters forge evidence to get an insurer to pay out for an incident that never happened, or greatly exaggerate a legitimate claim.

While such fraud targets insurance companies rather than individuals, the effect is to push up premiums for everyone.

The number of fraudulent claims rose by 16% between 2022 and 2023, and the average value of each was £13,000.

Fraudulent motor insurance claims were the most common, accounting for 54% of cases.

Mark Allen, assistant director and head of fraud at the ABI, says: “Fraud doesn’t just impact victims that fall foul of the scammers, it affects everyone that pays for an insurance policy – with bogus claims pushing up the cost of premiums for all. That’s why cracking down on fraud continues to be a top priority for our industry.”If you suspect insurance fraud has been committed, you can report it anonymously to the Insurance Fraud Bureau.

Investment fraud

Investors are also at risk of being targeted by scammers, the Pensions Management Institute (PMI) has cautioned.

Around £144.4 million was lost to investment fraud in the UK in 2024, according to UK Finance data – up 34% compared with 2023.

So-called ‘boiler room’ scams are the commonly reported type of investment fraud, accounting for losses of £553 million between 2020 and 2023, the Pensions Management Institute (PMI). During a boiler room scam, fraudsters apply pressure tactics to persuade their victims to ‘invest’ in shares or bonds that are worthless or non-existent.

Often, these criminals promise exceptionally high returns and tell victims they need to act quickly.

Robert Wakefield, president of the Pensions Management Institute, says: “It is concerning that every year thousands of people are losing millions of pounds to financial scams in the UK. The number and sophistication of investing scams is ever-growing.

“By maintaining a healthy dose of scepticism and training yourself to spot some common red flags, you may be able to protect yourself and your loved ones from becoming victims.”

Losses show no sign of slowing in 2024, with Metro Bank customers losing over £4 million to investment fraud between 1 January and 2 April.

Baz Thompson, head of fraud and investigations at Metro Bank, says: “Scammers will go to extraordinary lengths to persuade, entice and defraud investors using sophisticated techniques from fake websites to posing as financial advisers to create credible investment scenarios.”

He also recommends checking the Financial Conduct Authority’s (FCA) warning list, which lists unauthorised firms and websites, before committing to an investment.

Pension fraud

Fraudsters may also persuade their targets to withdraw a portion of their pension fund, which the scammer promises to reinvest for higher returns.

To avoid these scams, it’s best to hang up on anyone who contacts you unprompted to discuss a ‘pension review,’ only dealing with financial advisors who are FCA regulated, and being wary of anyone offering ‘guaranteed’ returns on investments.

It’s important to bear in mind that if you are under 55, it is almost never in your best interest to make a pension withdrawal.

Unless you are too ill to work, have been diagnosed with a terminal illness, or have a ‘protected retirement date’ that stipulates you can retire before age 55, you will be hit with a 55% tax bill on the withdrawal.

Bear in mind that cold calls relating to pension schemes have been banned in the UK since 2019, so any unsolicited calls about your pension are likely to be fraudulent. The government has also announced that a blanket ban on cold calls offering financial services will soon come into effect.

Victoria Hasler, head of fund research at Hargreaves Lansdown, adds that overly complicated jargon is another warning sign an investment opportunity might not be legitimate.

She says: “The problem is if you don’t understand an investment, then it’s very difficult to tell if it is legitimate or a scam.

“Scammers are often keen to present very complicated investment strategies, banking on the fact that you will think them very clever. Ask them to explain it in language you can understand. If they can’t, then walk away.”

Tips for avoiding scams

Virtually anyone can be impacted by a scam. According to research by Outseer, an anti-payment fraud software provider, men and women are equally likely to fall victim, and scams are reported across age ranges.

Those aged 20 to 39 reported the most instances of fraud (around 125,800 cases), while those over 80 reported the fewest (around 13,700 cases). However, those in higher age groups who did report scams tended to lose more money.

Mark Crichton, chief product officer at Outseer, says: “There is no profile of a typical fraud victim — every business and consumer is at risk. And for those working to tackle fraud, it’s unhelpful that there remains a perceived ‘image’ of a victim.”

To avoid being the victim of one of these scams, Citizens Advice suggests looking out for key warning signs:

An offer seems too good to be true. Scammers lure consumers in with promises of cheap deals or high-returns. If something seems too good to be true, Citizens Advice warns, it probably is.

Scammers lure consumers in with promises of cheap deals or high-returns. If something seems too good to be true, Citizens Advice warns, it probably is. Communications don’t appear genuine. It’s common for scammers to impersonate legitimate organisations such as energy companies or government bodies. If in doubt, get in touch with the company directly to check if the communication is from them.

It’s common for scammers to impersonate legitimate organisations such as energy companies or government bodies. If in doubt, get in touch with the company directly to check if the communication is from them. You are being pressured to act quickly. One tactic scammers use is putting pressure on their victims to act quickly, with promises of limited-time deals, or warnings of negative consequences if action isn’t taken. If you are being asked to transfer money or provide personal details urgently, you may be the target of a scam.

One tactic scammers use is putting pressure on their victims to act quickly, with promises of limited-time deals, or warnings of negative consequences if action isn’t taken. If you are being asked to transfer money or provide personal details urgently, you may be the target of a scam. You are being asked to use an unusual payment method. If an organisation you have dealt with in the past is asking you to pay in a new way — such as transferring money to an account you don’t recognise, or using a new payment link — the request may not be legitimate.

If an organisation you have dealt with in the past is asking you to pay in a new way — such as transferring money to an account you don’t recognise, or using a new payment link — the request may not be legitimate. You have been asked for personal information. If you receive an email or text message asking you for information such as a PIN or password, do not provide your details. Genuine companies will not ask you to send these details over text or email.

According to the GASA survey, 66% of people who fall victim to scams don’t report it. However, when fraud is reported victims often get their money back. In 2024, 59% of APP fraud losses were returned to customers, UK Finance figures suggest.

If you are ever in doubt that an email or text is legitimate, contact the company the message claims to be from directly. Make sure you get in touch using the organisation’s official channels rather than details provided in the suspicious message.

Jane Parsons, consumer expert at Citizens Advice, says: “With the volume of scams on the rise, it’s important for us all to take steps to safeguard ourselves and others against scams.”

Consumer protection

If you suspect you’ve fallen victim to a scam, you should report it to your bank right away.

Payment service providers are legally required to reimburse customers up to the value of £85,000 if they lose money to APP fraud. The cost of reimbursement will be evenly split between the company that sent the money, and the company that received it.

According to a study by the Payment System Regulator (PSR), the cap should cover 99% of fraud claims. However, in 2023 the regulator reported 411 cases in which a victim lost more than £85,000 to scammers.

By making purchases with a credit card, customers also receive an extra layer of fraud protection.

Under section 75 of the Consumer Credit Act, the credit card company is liable for reimbursing customers if something goes wrong with a purchase worth over £100 and up to £30,000.