Hello, Mike here. Every week I visit people across South London whose computers I'm asked to check after a dodgy email, a scary pop-up, or a phone call from "Microsoft". Some got away unscathed. Some lost real money.
So I've put together this page: real scams that are doing the rounds right now, what they look like, and the tell-tale signs that give them away. Every example below is based on genuine scams reported to Action Fraud, Which?, and the banks.
One thing before we start: falling for a scam is nothing to be embarrassed about. These are professional criminal gangs, and they catch out clever people every single day. The trick isn't being clever. It's knowing what to look for.
If you remember one thing
Unexpected contact + urgency + a request for money, passwords, or access to your computer = scam.
Real companies never mind you hanging up and calling them back on the official number. Scammers hate it, because it breaks the spell.
Email scams
Scam emails ("phishing") pretend to be from a company you trust (Apple, your bank, Netflix, PayPal) and try to panic you into clicking a link and typing in your password or card details.
The fake Apple "iCloud storage full" email
One of the most common scam emails in the UK right now. Which? has issued repeated alerts about it, and it resurfaced again this year asking for payment card details.
You get an email that looks like it's from Apple, warning that your iCloud storage is full and your photos are about to be deleted. Some versions even offer a "free storage upgrade" where all you have to do is click and "verify" your card. Here's what one looks like:
⚠ Scam example
From: Apple Support <no-reply@icloud-alerts-secure.com> 1
To: you@example.com
Subject: Final Notice: Your iCloud storage is FULL 2
Dear Customer, 3
Your iCloud storage is full. Your photos, videos and contacts will be permanently deleted within 48 hours4 unless you take action now.
As a valued customer you are eligible for a free 50GB upgrade. Verify your details to keep your memories safe.
Verify & Upgrade Now5
If the button does not work, copy this link: http://icloud-storage.support-renew.info/verify5
The tell-tale signs
1The sender address isn't Apple. Real Apple email comes from addresses ending @apple.com or @email.apple.com. "icloud-alerts-secure.com" is a made-up domain. The display name says "Apple Support", but the address gives it away. Always check the part after the @.
2Panic in the subject line. "FINAL NOTICE", capital letters, exclamation marks. Apple doesn't write like this.
3"Dear Customer". Apple knows your name and uses it. Generic greetings mean a mass mail-out to thousands of victims.
4A deadline designed to scare you. "Deleted within 48 hours" is there to make you click before you think. Apple doesn't delete your photos when storage fills up. Your iCloud simply stops accepting new uploads.
5The link doesn't go to apple.com. Hover your mouse over any button (or press and hold on a phone) and look at the address. If it isn't apple.com, it's a fake page built to steal your Apple ID and card details.
✓ What you can learn from this one
Never check an account through a link in an email. If you're worried your iCloud really is full, check it yourself on your device: Settings → your name → iCloud. The same rule works for every company: go to the app or type the website address yourself. If the email was real, the same message will be waiting for you there.
Got a suspicious "Apple" email? Forward it to reportphishing@apple.com, then delete it.
The same trick in other costumes
Once you can spot the iCloud one, you'll recognise its cousins instantly. The costume changes, the trick doesn't:
!"Your Netflix/Amazon Prime payment failed" - update your card details or lose your account.
!"HMRC: you are owed a tax refund" - HMRC never emails or texts about refunds. Ever.
!"Unusual sign-in to your account" - a fake security alert with a "secure your account" button that does the exact opposite.
✓ What you can learn from this one
It's always the same recipe: a trusted name, a problem that isn't real, a deadline, and a link. Judge the recipe, not the costume. You can forward any suspicious email to report@phishing.gov.uk (the National Cyber Security Centre's reporting service) and they'll get scam sites taken down.
Text & WhatsApp scams
Text scams are short, cheap to send, and land on the device you use to pay for things. These two catch more people in the UK than almost anything else.
The "missed parcel" text (Royal Mail, Evri, DPD…)
Sent out by the million. The wording changes, the pattern never does: a missed parcel, a small fee, and a link.
⚠ Scam example
From: +44 7911 123456 1
ROYAL MAIL: Your parcel could not be delivered on 11/07. A redelivery fee of £1.99 2 is required. Reschedule here: royalmail-redelivery-uk.com3
The tell-tale signs
1It comes from an ordinary mobile number. Real Royal Mail texts show a named sender, not a random 07 number.
2A small "redelivery fee". This is the giveaway: no UK courier charges a fee by text link to redeliver a parcel. The £1.99 isn't the prize. It's the excuse to get your full card details onto their form.
3A nearly-right web address. "royalmail-redelivery-uk.com" is not royalmail.com. Scammers register lookalike addresses by the hundred.
✓ What you can learn from this one
The "small fee by text link" is always a scam. The amount is kept tiny so it feels harmless, but the card details you type in are the real target. Some versions install malware on your phone instead. If you're genuinely expecting a parcel, check on the courier's own app or website. Forward scam texts to 7726 (free, works on all UK networks) and then delete them.
The WhatsApp "Hi Mum / Hi Dad" scam
A particularly cruel one, and it works frighteningly well, because it borrows the voice of someone you love.
⚠ Scam example
Unknown number 1
Hi Mum, it's me. Dropped my phone down the loo 😭 this is my new number, save this one and delete the old one 2
Don't suppose you could do me a huge favour? I need to pay a bill today or I get a late fee, but my banking app won't work on this phone 3
Can you transfer £950 to this account and I'll pay you back Friday? It's urgent, sorry ❤️ 4
The tell-tale signs
1A new, unknown number claiming to be your child, with a ready-made excuse (lost, broken, or water-damaged phone) for why it isn't their usual one.
2"Delete the old number." That's not housekeeping. It's cutting off your easiest way to check.
3A reason they can't do it themselves: the banking app "won't work on the new phone". Convenient.
4Money to an account you don't recognise, needed today. Speed is the whole scam: they need the transfer done before you speak to your real child.
✓ What you can learn from this one
Verify by a different route before a penny moves. Ring your child on their old number, or ask a question only they would know the answer to ("what did we have for lunch on Sunday?"). A real child won't mind. A scammer will vanish or make excuses. This rule of checking by a second route defeats every impersonation scam ever invented.
Phone call scams
Phone scams are the most dangerous of the lot, because a live human voice is very persuasive, especially one that sounds calm, official, and "on your side". Action Fraud figures put the average loss from a tech support call at over £1,000.
The "Microsoft" tech support call (and its pop-up cousin)
The classic. Running for over 15 years and still costing UK victims millions every year, for one simple reason: it keeps working.
⚠ Scam example - how the call goes
Caller: "Good afternoon, I'm calling from Microsoft technical department. 1 We've detected that your computer is sending out virus alerts to our servers. 2 Don't worry, I can fix it for you today."
You: "Oh dear… what do I need to do?"
Caller: "Just go to your computer and I'll show you the errors. Now type in this website and download the small support tool 3 so I can connect and repair it… I just need you to stay on the line and do exactly as I say. 4"
The same scam also arrives as a scary full-screen pop-up while you browse: alarm sounds, "YOUR COMPUTER HAS BEEN LOCKED", and a phone number to call "Microsoft Support". Same gang, opposite direction: they want you to ring them.
The tell-tale signs
1Microsoft never cold-calls anyone. Not ever. They have over a billion users; they are not ringing you about your laptop on a Tuesday. The same goes for BT, Sky and TalkTalk "engineers" who've "detected a problem with your internet".
2"We've detected errors on your computer" is technically impossible in the way they describe. Nobody in a call centre can see your home computer's health.
3They ask you to install remote access software (often AnyDesk or TeamViewer). That hands them your keyboard, your screen, your files, and your online banking.
4They keep you on the line and rush you. Pressure is the product. A real engineer doesn't care if you call back tomorrow.
✓ What you can learn from this one
Real error messages never include a phone number. No genuine Microsoft or Windows warning will ever ask you to call anyone. If a pop-up locks your browser, don't call the number and don't pay anything. Close the browser (Ctrl+Alt+Del if you have to, or just switch the computer off) and it's gone.
Only ever allow remote access to someone YOU contacted first. When I help customers remotely, it's because they rang me and we arranged it. That's the right way round. If the caller contacted you, hang up.
The bank "safe account" call
The most expensive scam in Britain. It's called APP fraud (Authorised Push Payment) because the victim is talked into pressing the button themselves. UK victims lose hundreds of millions to it every year.
⚠ Scam example - how the call goes
Caller: "This is the fraud team at your bank. 1 We've flagged suspicious payments on your account this morning. Someone may be inside your account right now. 2"
Caller: "To protect your money we need to move it to a safe account3 while we investigate. I'll give you the details now, but please don't discuss this with anyone, even bank staff, as they may be involved. 4"
The tell-tale signs
1The caller ID can lie. Scammers can "spoof" the number so your phone displays your bank's real phone number. A matching number proves nothing.
2Fear first, "help" second. Your money is "at risk right now". The panic is manufactured so you'll act before you think. Some versions start as a robot voice: "Press 1 to speak to our fraud team."
3"Move your money to a safe account." This sentence is the scam. No bank, ever, will ask you to transfer money to keep it safe. If your account really were compromised, the bank freezes it. They don't ask you to empty it.
4"Don't tell anyone." Real banks never ask for secrecy. Scammers do, because one chat with your son, daughter or bank cashier would sink them.
✓ What you can learn from this one
Hang up and call your bank yourself on 159. 159 is the UK's official anti-scam short-code. It connects you safely to your own bank, like 101 for the police. Or use the number on the back of your card. Ideally call from a different phone; at minimum, wait a few minutes first. If the "fraud team" was real, they'll be pleased you were careful.
The Amazon Prime "press 1" call
Action Fraud issued a national alert about this one after victims lost over £400,000 to it in just two months.
⚠ Scam example - how the call goes
Robot voice: "This is Amazon. A Prime membership of £79.99 has been purchased using your details. 1 If you did not authorise this payment, press 1 to speak to customer services. 2"
"Agent": "I can see a hacker signed you up. To cancel the payment and secure your account, I need you to download an app called TeamViewer 3… now log into your online banking so I can check the refund has gone through. 4"
The tell-tale signs
1A payment you never made, announced by a robot. The fake "£79.99 charge" exists purely to make you press 1.
2"Press 1" connects you straight to the criminal, who now knows they have a worried person on the line.
3Remote access software again. TeamViewer and AnyDesk are legitimate tools, but in the wrong hands they're a burglar's key to your computer.
4They ask you to open your online banking while they can see your screen. Everything you can see, they can see. And move.
✓ What you can learn from this one
Never press a number on an automated call, and never install software because a caller told you to. If you're worried about an Amazon charge, hang up, open the Amazon app or website yourself, and look at Your Account → Your Orders. If there's no rogue charge there, there was no rogue charge.
Mike's six golden rules
Print this page and keep it by the phone. These six rules stop practically every scam above.
Unexpected + urgent = suspicious. Real companies don't need you to act in the next ten minutes. Urgency is a tool used on you, not for you.
Never click links in unexpected emails or texts. Go to the app or type the company's address yourself. If it's real, the message will be there too.
Hang up and call back on the official number. Your bank is on 159 or the back of your card. Anyone who objects to you doing this has just told you what they are.
No bank will ever ask you to move money to a "safe account", and no real company takes payment in gift cards or asks you to keep a call secret.
Never give remote access to someone who contacted you. Only ever to someone you rang first and trust. A cold caller asking to "connect to your computer" is a scam, every time.
When in doubt, ask someone. A quick call to family, a friend, or me costs nothing. Scammers rely on you deciding alone and in a hurry.
Keep a copy near the computer or phone, print one for a parent or neighbour, or share it straight into the family WhatsApp group.
⚠️ Already clicked, paid, or let someone in?
Don't panic, and don't be ashamed, but do act quickly. Speed makes a real difference to getting money back and locking scammers out:
Money sent or card details given? Call your bank immediately on 159 or the number on the back of your card. The sooner you call, the better the chance of stopping or reversing a payment.
Typed a password into a fake page? Change that password straight away, and anywhere else you use the same one. Do it from a different device if a scammer had access to yours.
Let someone connect to your computer? Disconnect it from the internet (turn off the Wi-Fi or pull the network cable) and don't use it for banking until it's been checked. This is exactly the sort of check I do, so get in touch below.
Report it: scam texts forward to 7726, scam emails to report@phishing.gov.uk, and fraud to Action Fraud on 0300 123 2040 or at actionfraud.police.uk. Reports genuinely get scam numbers and websites shut down.
Worried about a scam? Ask Mike
Not sure if that email or call was genuine? Been caught out and want your computer checked over? Send me a message. No judgement, ever.