How to protect yourself from scammers
Today, more and more people around the world pay for their goods and services online. But this shift has also opened the door to various types of cybercrime, including email and internet fraud, banking scams and identity theft—and rates in the UK are on the rise.
At SumUp, we’re committed to making sure that you are aware of and protected against any potential scam attempt, so that your account and your money are safe at all times.
Scammers can be polite and friendly or may be pushy and try to intimidate you. There’s no one single approach, so it’s important to be vigilant. But you can stay scam-savvy if you know what to look out for. With this in mind, we’ve put together a list of tips to help you identify and avoid fraud. But first, let’s take a look at some of the most common types of fraud.
The most common scams
Usually, fraudsters contact you via text, phone, email or social media and may claim to be from SumUp, HMRC or even the police. They ask for personal information, account details, passwords and verification codes, all of which they can use to gain access to your account.
To be sure, no SumUp employee will ever: a) ask you to tell us your password or verification code, b) ask you to disclose your account details, or c) ask you to move money into or out of your account.
If this does happen to you, or if you think you’ve fallen victim to fraud or received a scam text or email, please change your password and contact us as soon as possible and we’ll make sure your account is protected.
By far and away the most common scam is the phishing email. Phishing emails are fake messages sent by an email address that looks very similar to one you trust, designed to get you to click a link. That link will then take you to a site where the scammer can steal your login information, bank account data, or both.
Phishing emails may seem highly realistic or convincing. Check out our tips below on how to spot a phishing email.
Similar to phishing, smishing is a type of scam designed to give hackers access to your data. Whereas phishing is primarily email-focused, smishing takes place via SMS. The change in medium changes what these attacks look like, since smishing scammers know that people tend to trust texts more than emails.
That means smishing is more likely to rely on social engineering – making you feel guilty, afraid, or sympathetic – so you’ll reply without thinking. To capitalise on this, smishing scammers will therefore often pretend to be friends in need.
More SumUp customers have been targeted by smishing in recent months. If you get a text and something looks off – the tone is weird, there’s a suspicious link, etc. – don’t answer it. Above all, if the number messaging you is unfamiliar, delete the text.
Another common type of fraud is known as vishing. Vishing is the phone call or voice message equivalent of phishing and smishing, whereby scammers call you or leave a voicemail in the hopes of stealing your data.
Like smishing, vishing often uses social engineering to appeal to you. Instead of friends in need (since you’d recognise your friend’s voice), vishing scammers often pretend to be from a trustworthy entity like a bank or insurance company.
Now that you know how these scams work, what can you do to guard against them? Knowing what you’re looking for is most of the battle, so avoiding fraud isn’t as tough as you might think. Here are some steps to identify and avoid scam attempts.
Here are our 7 tips on how to avoid scams and keep your money safe.
1: Don’t share account information
Scam emails often ask for you to confirm your login details, PIN number, or request your password. That’s a red flag. Don’t share passwords, PIN numbers, verification codes, or anything else that could lead to your account being hacked. No SumUp employee will ever ask you for them.
2: Don’t feel pressured
If you get a text or email telling you to act ‘urgently’ or ‘now’, stop for a few minutes. That’s a classic sign of fraud, since it’s asking you to act out of fear that time is running out. For example, we would never require you to take immediate action to keep your account from being blocked.
Another way to recognise scams is by checking for errors in the text. Misspellings, bad grammar, and obvious typos tend to mean you’ve found fraud. Additionally, if the sender is unfamiliar, or if the message starts with a generic greeting (such as ‘Dear Sir/Madam’), it’s most likely not legit.
If you received a strange-looking text or email, report it to us as soon as possible and we’ll take care of it.
4: Check any links
Many scam messages also include a link for you to click on. Before you do, look closely to make sure the URL navigates to a trustworthy website. Phishing and smishing scammers send links that look very close to trusted SumUp links.
Additionally, you can hover over a link with your cursor (without clicking on it), and you’ll see whether or not the URL matches what it claims to match.
5: Don’t follow up on something you don’t remember
Sometimes, you’ll get a message asking you to confirm a payment or enter your details to claim a prize you won. If you don’t remember making the payment or entering any contest, don’t share your details. If you haven’t initiated the process, don’t complete it.
6: Change your passwords frequently
It’s harder for hackers to guess your password if you change it regularly. It’s a good idea to make your passwords fairly random, since something personally relevant is easier to guess. Special characters (#,$,!,&, etc.) and numbers also help make your password more secure. And don’t use the same password for everything, since that will compromise more than just your SumUp profile.
7: Be careful shopping online
If you’re buying from a new company, make sure it’s a seller you can trust. Check customer reviews, product reviews, and look up the business so you can verify it. When you’re paying, only use verified payment methods to complete transactions.
By following these 7 steps, you’re well-equipped to identify whether what you've received is fraudulent or not. If you’ve examined the message and still feel uneasy, you’re probably right. If you decide you’re looking at a scam, don’t reply at all, just inform our security team at [email protected] as soon as possible.