Scam & Fraud Terminology Explained: The Ultimate Protection Glossary

A rising threat: why understanding scam and fraud terminology matters

In the UK, one in four people fell victim to fraud in 2023, making it the most common crime in the country. Scammers rely on confusion and misinformation to trick victims, often using complex jargon to make fraud seem legitimate. Understanding scam and fraud terminology is more than just learning definitions—it’s about recognising threats before they happen and knowing how to protect yourself. Whether it’s phishing, vishing, or deepfake scams, being informed is your first line of defence.

Below, we break down every major scam and fraud-related term so you can spot scams, avoid them, and take action if you’re targeted.

The three main types of fraud

Before diving into the glossary of scam and fraud terminology, it’s important for you to know that fraud generally falls into three categories:

First-party fraud

Also known as credit muling, this happens when someone intentionally provides false information for personal financial gain. For example, one instance is lying on a loan application with no intention of repayment.

Second-party fraud

This occurs when someone knowingly gives their personal details to another person, knowing it will be used for fraud. For example, willingly allowing someone else to take out a loan in their name.

Third-party fraud

The most common form of fraud, this happens when a scammer steals someone’s personal details without their knowledge to commit crimes. Specifically, this includes identity theft, bank fraud, and phishing scams.

How to protect yourself from scams

Fraudsters use a variety of tactics to trick victims. It’s important to remember that they are professional criminals, and no one should blame themself if they fall prey’ Here are actionable ways to stay safe:

• Verify before you trust: Never provide personal information to unsolicited callers, emails, or texts.
• Enable Two-Factor Authentication (2FA): Adds an extra layer of security when logging into accounts online.
• Monitor bank statements: Regularly check for suspicious transactions so that you can catch fraud early.
• Avoid clicking unknown links: Since phishing emails and messages often contain harmful links that steal your information. It’s true that they may look legitimate, so always remain cautious.
• Use strong passwords: A mix of letters, numbers, and symbols reduces the risk of hacking.
• Keep software updated: Ensuring your devices have the latest security patches protects you against new threats.
• Check for spoofing: Because scammers may disguise their phone number to look like one you would trust.
• Educate yourself on social engineering scams: In particular, be cautious of urgent requests that pressure you into taking immediate action.
• Report scams immediately: Using Action Fraud UK ensures that fraudulent activities are logged and investigated.
• Stay informed: Follow Cyber Aware on social media, as they provide the latest scam alerts and online safety tips.

How to report a scam in the UK

If you think you’ve been scammed or suspect fraudulent activity, it’s crucial to report it immediately. Here’s how you can take action:

• Action Fraud UK – The UK’s national fraud reporting centre. You can report online via www.actionfraud.police.uk or call 0300 123 2040.
• Your bank – If you’ve sent money to a scammer, contact your bank immediately. As a result, they may be able to reverse the transaction.
• Citizens Advice – For consumer fraud and scam-related advice, visit www.citizensadvice.org.uk. In addition, they may be able to direct you to vital support.
• Financial Conduct Authority (FCA) – If you’ve been targeted by an investment scam, report it at www.fca.org.uk.
• Ofcom – To report spam or nuisance calls, visit www.ofcom.org.uk or text 7726 (SPAM)
• The Information Commissioner’s Office (ICO) – If you suspect identity theft or data breaches, report it at www.ico.org.uk.

Why reporting matters:

• Helps authorities track down scammers.
• Prevents others from falling victim.
• Increases the chances of getting your money back.

A-Z of scam and fraud terminology

A is for absconder fraud

Absconder fraud – When someone secures finance for goods (like a car loan) but disappears without repaying.

Account takeover (ATO) – A scam where criminals gain access to someone’s online accounts to transfer money or make purchases.

Action Fraud – The UK’s national centre for reporting fraud and cybercrime.

Advance-fee fraud – A scam where victims pay upfront for goods or services that don’t exist (e.g., fake investment opportunities).

Adware – Software that displays unwanted ads or pop-ups on a device.

Antivirus software – Security programs designed to detect, prevent, and remove malicious software like viruses and malware.

Application fraud – Fraudsters use stolen or fabricated personal information to open bank accounts or apply for credit.

Artificial intelligence (AI) – Machines or software that can perform tasks typically requiring human intelligence, sometimes used in fraud schemes like deepfake scams.

Authentication – Security checks (like passwords, biometrics, or PINs) to verify a user’s identity.

Authorised push payment (APP) fraud – Where a scammer tricks a victim into willingly transferring money to them. In the UK, banks recovered only 59% of APP fraud losses in 2023.

B is for bait & switch

Bait and switch – Advertising fake deals to lure people in, then forcing them to buy higher-priced goods.

Bitcoin – A widely used cryptocurrency, often associated with scams and cybercrime.

Blackmail – Threatening to reveal personal information unless a payment is made.

Botnet (Zombie net) – A network of computers controlled by hackers to launch cyberattacks.

Brushing – A scam where fraudsters send fake deliveries to boost online seller ratings.

Brute force attack – A hacking method where criminals repeatedly guess passwords to gain access to accounts.

C is for caller ID scam

Caller ID scam – Fraudsters manipulate caller ID to make it appear as if they are calling from a trusted source, so victims are more likely to answer and share personal information.

Card cloning – Copying credit or debit card details using skimmers at ATMs or payment terminals.

Card-not-present fraud – Fraud where transactions are made online or over the phone without a physical card.

Card testing fraud – Making small online transactions to verify stolen card details.

Catfishing – Using a fake identity online, often in dating scams.

Celebrity profile scams – Scammers create fake celebrity profiles on social media to deceive people into sending money, believing they are supporting a cause or speaking to the real celebrity.

Charity scams – Fraudsters pose as legitimate charities, particularly after disasters, so that they can trick people into donating money that never reaches those in need.

Clean fraud – When fraudsters make legitimate-looking transactions using stolen data.

Clickjacking – Concealing harmful links under legitimate website elements.

Cloud computing fraud – Exploiting cloud services to commit fraud.

Copycat websites – Fake sites that imitate legitimate companies to steal login details or card information.

Cross-channel fraud – Having stolen your bank details, criminals make fraudulent payments across multiple channels such as online platforms, mobile apps, physical stores, phone calls, and more.

Cryptocurrency – Digital currency used for transactions, frequently exploited in fraud schemes.

Cryptography – Encrypting data to protect it from cybercriminals.

Cyberfraud – Any type of fraud committed online, including phishing and malware scams.

D is for dark web

Dark web – A hidden part of the internet where cybercriminals trade stolen data.

Data breach – When personal data is stolen or exposed without permission.

Data loss – The accidental or intentional deletion or corruption of data.

Data theft – The deliberate stealing of sensitive information.

Deepfake scams – Using AI-generated videos or audio to impersonate real people.

Delivery scam – Criminals send fake delivery notifications via text or email, urging recipients to click a link to pay a fee or confirm details, which then leads to phishing attacks.

Doxxing – Publicly exposing someone’s personal details online.

Distributed Denial of Service (DDoS) attack – Cyberattacks that overload a website to make it unusable.

Encryption – A security process that scrambles data so only authorised users can read it.

Energy saving scam – Scammers offer fake energy-saving devices or schemes, claiming they will reduce bills, yet victims often receive faulty equipment or nothing at all.

F & H

Firewall – Software that monitors and filters network traffic to prevent cyberattacks.

Fleeceware – Mobile apps that overcharge users with hidden fees.

Fraud ring – A group of people working together to commit large-scale fraud.

Friendly fraud – Purchasing and receiving goods or services then claiming a chargeback from the bank, claiming you never received what you paid for.

Hacking – Gaining unauthorised access to a computer, network, or system.

Hashing – Encrypting passwords so they cannot easily be deciphered.

HMRC scams – Fraudsters impersonate HMRC, claiming you owe tax or are due a refund, so that they can pressure you into making payments or revealing sensitive information.

Holiday scams – Scammers create fake travel deals or rental listings, advertising luxurious stays at unbelievable prices, only for victims to find out the booking never existed.

I to M

Identity theft/fraud – Using stolen personal details to obtain credit or services fraudulently.

IP address – A unique number identifying a device on the internet.

ISP – Internet service provider such as BT, Sky or Plusnet.

Loan fraud – Applying for loans using fake or stolen details.

Malvertising – Short for malicious advertising. It’s the use of fake online ads to distribute malware or direct users to fraudulent websites.

Money mule – Someone who transfers illegally obtained funds on behalf of criminals, often unknowingly.

Missed call scam – A fraudster calls and hangs up so that the victim returns the call, which then connects to a premium-rate number that charges extortionate fees.

Mum and dad scam – Scammers impersonate a victim’s child via text or WhatsApp, claiming they have lost their phone and urgently need money, so that they can trick parents into transferring funds.

O to R

One-time passcode (OTP) – A single-use password sent via SMS or email for extra security.

Online Safety Act – UK legislation aimed at controlling harmful online content, including scams.

Password manager – Software that securely stores and manages passwords.

Patches – Software updates designed to fix vulnerabilities and improve security.

Pharming – Redirecting users to fake websites to steal personal information.

Phishing – Sending fake emails or messages to trick people into revealing sensitive information.

Phone scam – Fraudsters call pretending to be from a trusted organisation, such as a bank or government agency, in order to steal personal details or demand payments.

Pig butchering – Scammers build trust with victims before defrauding them.

Ponzi/pyramid schemes – Fraudulent investment schemes that rely on recruiting new investors to pay previous ones.

Private and public key – A pair of encryption keys used to secure and decrypt data in digital communication.

Promotional abuse – Exploiting discounts or loyalty programs through fake accounts or multiple sign-ups.

Ransomware – Malware that locks access to data until a ransom is paid.

Recovery scam – A scam where fraudsters pose as authorities offering to recover lost funds for a fee.

Robocall scams – Automated scam calls use pre-recorded messages to impersonate companies or authorities, so that they can trick victims into pressing a key or speaking to a fake agent.

S is for shipping fraud

Sextortion – Blackmail involving threats to expose explicit images or videos unless a ransom is paid.

Shipping fraud – This is the same as delivery fraud, when criminals manipulate delivery details to intercept or reroute online purchases.

SIM swap scam – Taking control of someone’s phone number to access their accounts.

Skimming – The use of hidden devices to steal card details from ATMs or payment terminals.

Smishing – Phishing scams conducted via SMS messages to steal personal or financial data.

Spear phishing – A highly targeted phishing attack using personalised details to deceive victims.

Spyware – Malicious software that secretly records user activity, including keystrokes and login details.

Synthetic fraud – Creating a fake identity using a mix of real and fabricated information.

T to Z

Tapjacking – A scam where a fake overlay on an app tricks users into clicking unintended buttons.

Trojan horse – Malware disguised as legitimate software.

Two-factor authentication (2FA) – A security measure requiring two verification steps.

Virus – A type of malware that spreads between devices and corrupts files or steals data.

Vishing – Phishing scams carried out over the phone to extract personal or financial details.

Voice cloning – AI-generated deepfake technology that mimics real voices to deceive victims.

VPN (Virtual Private Network) – A tool that encrypts internet connections to enhance privacy and security.

Wardrobing – Returning used or worn products under the guise of them being new for a refund.

Whaling – A phishing attack targeting high-level executives or senior professionals.

Zero Day – A software vulnerability that hackers exploit before a fix is available.

FAQs

• Phishing – Fake emails pretending to be from banks or HMRC.
• Investment fraud – Fake stocks or crypto schemes.
• APP fraud – Tricking victims into transferring money.
• Phone scams – Scammers pretending to be from tech support or financial institutions.

For a list of scam and fraud terminology and their definitions, please see the full blog above.