Avoid the cloned website scams

Chris Torney / 11 November 2016

Fake or cloned websites are becoming increasingly common – here’s how you can stay safe.



Fraudsters have numerous methods for trying to get their hands on our cash and one which is becoming increasingly common is the fake or cloned website.

These sites look like the real thing, and may even have a web address that is very similar to a well-known site, such as the one operated by your bank.

Five scams to steal your personal information

How cloning scams work

There are several types of websites that may be copied by fraudsters in order to steal money. These include banks, financial advisers and pension firms as well as retailers, travel companies and online businesses like Apple and eBay.

The criminals’ biggest challenge is getting people to click through to their fake sites, and they do this in one of two ways:

• Persuading victims to click on the link for a cloned site via an email message. This type of scam, known as phishing, normally involves you getting a message that appears to come from your bank or other company, for instance your pension provider or an organisation like Apple or Amazon that you regularly do business with.

The email might state, for example, that there has been unauthorised activity on your account and that you need to log into the company’s site – via a link in the message – to check everything is ok. 

The link takes you to a site that looks genuine, but is in fact a front that allows the criminals to harvest your log-in and account details.

• Getting their cloned sites at the top of Google rankings. This can involve the fraudsters paying to ensure that their site appears at or near the top of Google’s rankings for certain searches. For example, recently, the police warned that a fake National Savings & Investments website had been set up in order to steal people’s money.

Signs an email may be a scam

Taking advantage of recent events

Often, criminals will use recent news events to make their approaches seem more convincing. 

For example, in the wake of the online theft from thousands of Tesco Bank accounts last weekend, customers were warned to be suspicious if they got messages that appeared to come from Tesco. 

Scammers realise that, at times like this, people are more likely to believe a message that relates to fraud on their account.

Avoid falling victim

There are a number of precautions you can take to avoid this type of con. Firstly, be very sceptical of any message you get from your bank or other financial company and never use a link in an email to visit their site.

Instead, get the web address from existing correspondence such as your bank statements, and type it in yourself.

If you are searching for a government service online, the genuine web address should begin with “https://www.gov.uk...”. 

And when you click through to a genuine site, you should also see a padlock symbol to the left-hand side of the address bar.

This applies to genuine retailers as well: when you reach payment pages, if not before, the address should begin with “https” and the padlock symbol should be displayed. 

If either of these things are missing, your money is at risk.

If you are worried about being duped by a cloned site or even a fake company, limit your purchases and other dealings to businesses that you know well.

What can I do if I am a victim of identity theft?


Enjoyed this article? Why not sign up for our Technology and Motoring newsletter?

The opinions expressed are those of the author and are not held by Saga unless specifically stated.

The material is for general information only and does not constitute investment, tax, legal, medical or other form of advice. You should not rely on this information to make (or refrain from making) any decisions. Always obtain independent, professional advice for your own particular situation.