19 Feb 2024

5 scams you need to know about in 2024

From deepfakes of the prime minister to dodgy QR codes and false screens on your phone, scammers show no signs of slowing down

Faye LipsonSenior researcher & writer

Just when we think we've got a handle on scams, criminals enjoy wrongfooting us by finding new and nefarious ways to subvert modern life.

And while advances such as confirmation of payee and mandatory reimbursement work to make us safer, new threats emerge in the form of AI images and individually targeted multi-step scams.

Read on to find out the latest lingo and how you might be targeted by scammers in 2024.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

1. Spear phishing

You've almost certainly heard of phishing - where scammers trick you with a message or email purporting to be from a reputable bank, business or government body. But what's this about spear phishing?

The phrase describes a personally targeted phishing attempt, in which fraudsters use your own information - compromised at an earlier stage - to convince you they are a trusted organisation you normally transact with.

Personal data used in spear phishing can come from a huge number of sources, including large-scale data breaches, open social media profiles or previous scams in which we've handed over our data without realising.

Learn: how to spot an email scam

2. Tapjacking

This bizarrely named scam will trick you into clicking and performing actions on your phone or device without even realising it.

It works by showing you an overlay, which you think is clickable - but it's not. It's just a false screen designed to obscure the thing you're actually clicking on.

For example, you may think you're playing a skill-based mobile game, but the gaming elements on screen are just a cover. Far from earning points in the game, your clicks are actually being applied to an invisible screen beneath, where you're unwittingly making in-app purchases or being signed up to a rolling monthly subscription.

To minimise the risk of falling victim to this scam, only install apps from reputable app stores such as App Store or Google Play Store, and read user reviews before downloading.

3. Quishing

QR codes seemed to really take off during the pandemic, when restaurants had us enthusiastically scanning them so we could order from our phones and minimise interactions with waiting staff.

But as with anything, they've been exploited by cybercriminals to deceive victims into using copycat sites. This con is known as 'quishing', or QR phishing.

The criminals have cottoned on to the fact that we tend to assume such codes are genuine and scan them without a second thought.

For example, in recent years phoney QR codes stuck on parking meters by scammers have misdirected drivers to spoofed payment apps, where they end up unwittingly enrolling in costly monthly subscriptions.

Always go direct to a website by looking up a company on a reputable search engine or app store and picking the highest relevant organic result. Watch out for search ad scams that can appear at the top of results pages on search engines, as a recent investigation found scammers imitating legitimate parking firms on Google, Yahoo and Bing.

4. AI & deepfake

It's an election year, not only in the UK but in more than 40 countries around the world. As more than half the world's population goes to the polls, the incentives for bad actors to misuse artificial intelligence (AI) have never been higher.

In January, the Guardian reported on the discovery of more than 100 'deepfake' videos on Facebook impersonating Rishi Sunak. The phoney clips reportedly led to webpages mocked up to look like a BBC news article which promoted an investment scam.

Facebook and Instagram's parent company Meta has now said it will detect and label all AI images so ordinary users know that what they're seeing isn't real.

Read: are AI chatbots risking a new wave of convincing scams?

5. Ads on online platforms

Last year saw the era of self regulation end for the largest social media sites and search engines. Thanks to the Online Safety Act, big online platforms are now responsible for illegal content hosted on their sites, including scam adverts.

Yet those laws are not yet in force, and our latest investigation in the March 2024 edition of Which? magazine found blatant examples of scam ads, showing little has changed so far.

One such example was an ad imitating electronics retailer Currys and offering an improbable 90% off to Black Friday shoppers.