Attack methods are becoming increasingly sophisticated – growing harder to detect and capable of deceiving even the most tech-savvy individuals.
Some of the most common approaches are:
Pension scams: Fraudsters promise early access to pension savings or high returns through dubious schemes. Phrases such as “liberate your pension,” “obtain a pension loan,” and “use this little-known pension loophole before it’s too late” appear attractive and place the victim under time pressure to engage without consideration.
Investment fraud: Scammers advertise authentic investment opportunities online, including cryptocurrency ‘offers’ which seemingly promise high returns. These schemes often turn out to be fraudulent, with victims losing significant amounts of money along the way.
Social media scams: Social media platforms are a hotbed for fraud and scams. A high proportion of investment scams occur through platforms with direct messaging options such as Facebook, Instagram, Telegram and even LinkedIn, where scammers claim to be representatives of legitimate firms, even going as far as to impersonate genuine, regulated individuals.
Spoofing: Emails and text messages that appear to be from legitimate sources, including HMRC, the FCA, financial institutions and e-commerce/delivery companies trick recipients into revealing personal and financial information, or making payments to fraudsters.
Website cloning: Fake websites are created that very closely mimic those of legitimate financial institutions. Victims believe they are engaging in a secure transaction, but are in fact purchasing unauthorised/valueless investments, or often directly paying money to a fraudster. It is exceedingly difficult for any organisation to keep on top of clone websites, as they tend to reappear even if successfully taken down.
With transactions increasingly being carried out on computers, tablets or smartphones, many internet criminals are able to obtain personal data to commit fraud and scams using phishing methods.
Fraudsters are renowned for sending fake e-mails, SMS or WhatsApp messages that trick the recipient into believing that account information and access to data are no longer secure – and therefore need to be updated using a weblink that is provided.
However, the link leads to a fake website that looks identical to the legitimate firm’s website page. Personal data that the victim enters there goes directly to the fraudsters, who then use the stolen data to commit fraud, by accessing the victim’s account to obtain more data and initiate transactions, including withdrawals and transfers.
This can take several forms:
Search engine phishing: Fraudsters often direct internet users to fake websites with ads on Google or Bing and access data.
Voice phishing (”vishing”): Fraudsters call customers, put them under time pressure and get them to install a supposedly new security program. This is malware that puts logins and passwords into the hands of fraudsters.
SMS phishing (”smishing”): Uses short message services, such as SMS and WhatsApp, for attacks. These are particularly dangerous because much of the criteria for detecting phishing emails do not apply.
One of the top priorities at Lumin Wealth is security and protection, particularly in the ever-evolving current financial crime climate.
The controls framework for prevention of scams includes the following measures:
Verification of identity: Strict controls to ensure staff are dealing with the right person before discussing personal data or carrying out instructions.
Secure instruction process: Enhanced verification steps before any request to move money or make changes is processed.
Multi-level checking: At least two staff members review key actions, to ensure accuracy and monitor for fraudulent activity.
Ongoing vigilance: Regular training ensures staff are alert to the latest scams, fraud methods, and warning signs.
Lumin Wealth’s regulator, the FCA, launched the ScamSmart campaign in 2015 to provide consumers with guidance on how to identify and avoid scams in the financial services industry.
One of the FCA’s more recent warnings highlights the importance of verifying the legitimacy of any investment-related marketing – known as financial promotions. This includes content shared by financial influencers, or “finfluencers,” on social media platforms. These individuals are often unregulated and typically lack the qualifications or authorisation required to promote investment products or services.
The good news is that by following a few practical security measures, consumers can significantly reduce the risk of falling victim to scams and fraud.
Information: Advice can be found on the FCA ScamSmart or GOV.UK Phishing and Scams web page, which will help to identify potential phishing communications or scam activity.
Verification: In all cases, verify any communication claiming to be from an official organisation—such as HMRC, the FCA, the police—or from companies like online retailers, delivery services, or payment providers. Always contact the organisation directly using official channels before clicking on any links or sharing personal information.
Authentication: Ensure the authenticity of any investment (and any adviser, influencer or other representative) using the FCA Register and ScamSmart as a reliable source of information.
Notification: Inform the relevant authorities about any suspicious contact, by forwarding suspicious emails to phishing@hmrc.gov.uk and suspicious texts claiming to be from HMRC to 60599. If there is reason to believe a fraud/scam has been committed, helpful advice and victim support can be accessed on the Action Fraud website.
A crucial factor in the fight against scams and fraud is maintaining strong online security. Preventing criminals from gaining access to online accounts is essential – failure to do so not only puts the individual at risk, but can also lead to fraud being carried out against their contacts via email, social media, and other platforms.
Key strategies for effective online security include:
Use strong, complex passwords or passphrases: Most websites and apps require passwords that include a mix of letters, numbers, and special characters. These are most effective when made up of random combinations rather than easily discoverable personal information – such as birthdays, pet names, or favourite sports teams – which can often be found on social media.
Even better is using a memorable passphrase, such as “I’ve never been to No 10 Downing St.” While it may take slightly longer to type, a passphrase is significantly more secure and far harder for password-cracking algorithms to guess.
Use a unique password for everything: Of course, remembering multiple unique passwords can be challenging. That’s why it’s wise to use a password manager (or vault). This type of software securely generates, stores, and autofills complex, unique passwords for each of your accounts – accessible through a single passphrase or biometric authentication.
Use multifactor authentication options: Wherever they are available, these options, such as single-use pass codes and authenticator apps, provide substantial security by requiring a combination of a unique piece of information (i.e. a password, passphrase, or PIN) with the use of a mobile device. This means that even if a criminal can access the information, it will be useless without access to the device.
Verification and authentication are easy and rarely take too much time. A legitimate representative of a regulated financial services business will never put pressure on a client or potential client to make financial decisions quickly and without consideration.
Please stay cautious and:
Let Lumin know immediately if there is any doubt about a request or contact.
Challenge any call, email or message claiming to be from Lumin Wealth that does not feel right, by getting in touch via the head office number.
Never share security details or passwords with anyone – Lumin will never request this data over the phone or by email/message.
We produce a range of factsheets and mini-guides to help our clients and consumers stay up to date and informed about key financial planning topics.
Our financial planning and investment newsletters provide timely insights, delivered directly to your inbox every single month.
Join Financial Planning Manager James Corcoran and Financial Consultant Jack Dudley as they discuss the financial topics you should be aware of.
Our studies provide thoughtful analysis, market research, and evidence-based insights to guide our clients through an ever-changing financial landscape.
This free publication is distributed to thousands of households three times a year. Serving as your go-to resource, it offers clear, expert guidance on the financial planning questions that matter most to you.