Bank / police impersonation
“Your account is unsafe.” The transfer is the theft. End the call and contact the bank independently.
Money for Operators field guide / UK edition
You do not need to outsmart every criminal. You need a small set of defaults that reduce the chance of being rushed, impersonated, locked out or persuaded to move money before you verify the story.
Money moving right now?
Do not use the number, link or transfer instructions sent by the caller. If money has gone, ask the bank to attempt a recall and open a scam claim immediately.
Most fraud does not begin with a technical masterstroke. It begins with borrowed authority and manufactured urgency: your bank, your boss, HMRC, a platform, a supplier, a friend. The control is not suspicion. It is independent verification.
Threat model
| Asset | What compromise unlocks | Priority control |
|---|---|---|
| Primary email | Password resets, private documents, identity and contact history | Passkey or unique password, strong 2SV, recovery review |
| Mobile number | SMS codes, account recovery and impersonation | Carrier account PIN and SIM-swap/port-out controls |
| Banking | Payments, cards, new payees and personal data | App security, alerts, transfer limits and separate verification |
| Password manager | Access to every stored credential | Strong master credential, 2SV/passkey and recovery plan |
| Social / messaging | Trust of friends, family, colleagues and customers | 2SV, privacy controls and verified recovery details |
| Company admin | Invoices, payroll, domains, cloud data and supplier payments | Separate admin accounts and two-person payment changes |
Baseline
If the email account is compromised, changing every other password before securing email can simply give the attacker another reset opportunity.
Money movement
Urgency is information. Pause even when the story is plausible.
Do not reply, click or call the number supplied in the message.
Use the bank app, the number on the card, a saved contact or an official register.
For new bank details, call a known person and confirm account name, sort code and account number.
Use a cooling-off period and a second approver for large or unusual payments.
Keep who requested, who verified, the channel used and the payment reference.
Pattern library
“Your account is unsafe.” The transfer is the theft. End the call and contact the bank independently.
Polished material and a real firm's reference number can still be copied. Use the FCA Firm Checker and its listed contact details.
Refunds, penalties, identity checks and fake invoices create urgency. Navigate to GOV.UK yourself.
A helpful caller asks you to install software or share a screen. No genuine bank needs control of your device.
Trust is built before the financial crisis appears. Verify identity outside the existing conversation.
Victims are targeted again by people promising recovery for an upfront fee. Treat every recovery approach as hostile until independently verified.
Incident response
APP scams
For qualifying UK Faster Payments and CHAPS APP scam claims, the mandatory regime generally covers consumers, microenterprises and qualifying charities. The standard maximum is £85,000 per claim. Most reimbursable claims should be resolved within five business days, although firms can take longer in some cases.
Coverage has exclusions and conditions. Payment firms may assess whether a claim is in scope and whether the consumer standard of caution was met. Vulnerable consumers receive additional protections. If dissatisfied, use the firm's complaint process and then the Financial Ombudsman Service.
Reporting matrix
| What happened | First report | Route |
|---|---|---|
| Money or bank credentials at risk | Your bank or payment provider | Official app, number on card or 159 |
| Fraud/cybercrime in England, Wales or Northern Ireland | Report Fraud | Online or 0300 123 2040 |
| Fraud in Scotland | Police Scotland | 101; 999 in an emergency |
| Suspicious email | NCSC | Forward to report@phishing.gov.uk |
| Suspicious mobile text/call | Mobile network | Forward/report to 7726 |
| Investment or authorised-firm impersonation | FCA | FCA scam reporting and Firm Checker |
| HMRC impersonation | HMRC | phishing@hmrc.gov.uk; suspicious texts to 60599 |
Maintenance
Official references
Reporting services and reimbursement rules can change. This guide was checked against official material available on 1 July 2026.