Our comprehensive guide to digital scams – and how to avoid them

Avoiding scams and making sure your money is secure are both important lessons for adult life. Tom Allingham, Head of Editorial at Save the Student, gives us the lowdown
A male student sits at his laptop whilst holding up his mobile and his bank card to make an online payment

You might think that getting scammed online is the kind of thing that would only happen to an older relative or someone who doesn’t understand tech. But the truth is that anyone can fall victim to a scam – and you might be surprised to know how at-risk young people are.

In the first half of 2023 alone, 40 million people in the UK were targeted by scams, according to research by Citizen’s Advice1. That comes to a loss of £580 million – with under 25s most at risk of being targeted by impersonation scams2.

So: what are the latest threats and what can you do to avoid becoming a victim of a scam? We take a look at different scam types, how to avoid them and why you should never get involved.

Common types of scam

There are dozens (if not hundreds) of different types of scams. Even ‘romance scams’ – where people pretend to be in love and make multiple requests for money – saw a 29% jump in 2023, according to UK Finance. To help you stay wise to online fraud, here’s a round-up of the types you’re most likely to face:


Phishing is when scammers send out emails that are designed to trick you into revealing valuable information, such as account details and passwords, or tempt you into clicking on unsafe links. Remember the impersonation scams targeting young people we mentioned earlier? These emails often pretend to be from an organisation or person you trust such as banks, well-known brands or even the tax office, and fraudsters copy official designs and logos to catch you off-guard.

Smishing and vishing

‘Smishing’ is the text equivalent of phishing, and ‘vishing’ is short for ‘voice phishing’, where you receive a phone call from fraudsters trying to convince you to share personal or financial information. Smishing cases pretending to be from well-known delivery services – think Royal Mail, Evri or DPD – have gone up dramatically. They’ll usually ask you to pay a small fee to arrange for delivery of a parcel, but the link will take you to a fake website where the scammers try and get sensitive info from you like your name, date of birth and bank details.

Malware and spyware

We download daily, but do you know the risks that go along with it? Viruses like spyware and malware are often disguised as software or apps, which users are encouraged to download. Installing them on your computer or phone could seriously damage your device and put your personal information at risk. 

Games scams

Like mobile malware threats, scammers can trick gamers into downloading cheats and guides that then gather your personal information. Some will also offer new skins, colourful wallpapers and modifications for the game and then charge large sums of money to the gamer’s account.

Money muling

If you’ve ever watched Breaking Bad or Ozark, you’ll be familiar with criminals laundering money to avoid detection. But it can happen in real-life scenarios too. In this instance, they’ll contact someone (the ‘mule’) and ask if they can temporarily transfer money into their account. In return, the mule is promised a cut of the money, which has often been earned from illegal activity.

Fake websites and products

Can’t believe a new iPad is available for £150, or that you can get two tickets to a popular festival for the price of one? That’s because you probably can’t! Chances are, the website (or at least the product being sold) is a total scam, and you’ll never see your money, or what you paid for.

The consequences of scamming

Clearly, getting scammed can mean you spend money without getting anything in return. But if the scammers get hold of your login details or other personal information, they could also get access to all kinds of other accounts in your name – especially if you use the same passwords for multiple accounts.

What’s more, if you become involved in money muling, you could end up with a criminal record. Almost two-thirds of money mule activity now involve under 30s, and one in five cases involve under 21s, according to Cifas research3 released in 2023. And even though you’re ‘just the middle person’, you’ll be liable too. If caught, you could face a prison sentence and find it difficult to borrow money in the future. Take a second to consider whether you want to be involved in this, especially as mules who agree and later try to quit can be threatened with violence.

How to avoid being scammed

This sounds like scary stuff, but fortunately there are some really easy steps you can take to avoid falling victim to a scam:

Check for https

Before entering any personal or payment details, always look at the URL in the address bar. If the address says ‘http’ at the start rather than ‘https’, the website isn’t secure and your information could be at risk. When downloading apps, make sure you’re doing so from a reliable app store like Google Play or Apple’s App Store, and check that it looks authentic: are the logos and colours right? Is everything spelt correctly? What do the reviews say? You should also double-check the terms of any ‘free’ trials – set yourself reminders to cancel them before the trial is up to avoid fleeceware scams, which charge large sums for subscriptions after the initial free trial.

Research companies

Never heard of the company you’re about to shop with? Do a quick search for their name plus ‘reviews’, and sites like TrustPilot will be able to give you a good indication of whether or not they’re the real deal.

Only respond to official communication

Your bank has a few red lines it will never cross, like asking for your full PIN or online password via phone or email. Check the email or phone number they’re using and, if in doubt, call your bank using the number listed on your card to ensure you’re speaking to somebody official.

Update antivirus software

We’re all guilty of clicking ‘not now’ when prompted to update, but do this too often and you may as well be posting your personal details on your social media accounts. Hackers are always developing new ways to access people’s information, but antivirus software is never too far behind – so keep it updated.

Use a password manager

Having the same password for all of your accounts is a scammer’s dream, but how else are you meant to remember 27 different sets of login details? Well, with a password manager. Services like LastPass or 1Password offer a secure virtual-vault to store your details – as well as other neat features like help with pre-filling forms and generating passwords.

The bottom line

Never respond to a message or click on an unexpected link from an unknown sender. And stay vigilant: some scam messages can appear within existing threads of contact with trusted organisations, so if in doubt, contact the brand directly to check if it’s legit. If the message relates to NatWest, Royal Bank of Scotland or Ulster Bank, you can forward it to 88355, while anything else can be sent on to a free spam reporting service on 7726. If you’ve already clicked on a link, don’t panic, but make sure you act quickly. Reset any passwords that you might have accidentally revealed and, if it’s related to your bank, call them and explain what has happened. To find out more, check out our video on how to stay safe on social media.