The five scams we block most often.

We maintain a running classification of every page Pagevet blocks. Five patterns account for most of them. Here's what each looks like from a user's perspective, and the signals that give them away.

1. Fake parcel delivery

The most common by a wide margin. A text or email says a parcel is held because of an unpaid fee (usually £2 to £5). The link goes to a site that looks exactly like Royal Mail, DPD, Evri, Amazon Logistics, or whichever courier the victim is most likely to recognise. The page asks for name, address, and card details. The 'fee' goes through. Minutes to hours later, the card is used for larger transactions before it gets blocked.

Signals: text from an unrecognised mobile number, domain registered in the last 30 days, SSL certificate from a reseller rather than the actual courier's certificate authority, missing or inconsistent company-registration details on the page.

2. Fake bank or Microsoft login

An email says your bank account or Microsoft 365 has been accessed from an unrecognised location, and you need to verify. The login page looks identical to the real one. You enter your credentials. An attacker uses them in real time to sign in to the actual service. If you have two-factor authentication via SMS, they prompt you for that too. They're already logged in.

Signals: email sender domain doesn't match the real organisation's domain, URL is a lookalike (login-microsoft.com, microsoft-verify.co, micros0ft.com), page layout is 90 per cent right but often a few months out of date, urgency framing ('within 24 hours or your account will be suspended').

3. Tech-support pop-ups

A full-page pop-up, usually triggered by visiting a compromised ad network, claiming your computer has a virus. It plays a siren sound. It gives a UK phone number. If you call, 'Microsoft' or 'Apple' support tells you to install remote-access software, which they use to access your bank.

Signals: impossible-to-close overlay on an otherwise normal site, audio alert (Microsoft never makes noise), phone number that doesn't match the actual vendor, claim of specific viruses they couldn't possibly know about from a web page.

4. Investment and crypto scams

An ad, email, or Instagram message promotes a crypto or trading platform with a celebrity endorsement (usually Martin Lewis, Elon Musk, or whichever UK TV personality is most trusted in the target demographic). The site encourages deposits; an account manager contacts the victim encouraging larger deposits. Withdrawals are blocked.

Signals: celebrity endorsements that the celebrity has never actually given (Martin Lewis has sued dozens of these), unrealistic return promises, pressure to deposit via cryptocurrency, 'account manager' phone contact, sites registered under offshore-friendly domains.

5. Romance scams via legitimate platforms

Less technical, but the most financially devastating when they succeed. Someone matches on a dating app, moves the conversation to WhatsApp or Telegram within 48 hours, develops a relationship over weeks or months, and then asks for financial help (medical emergency, visa issue, crypto-trading opportunity). Victims often send tens of thousands of pounds.

Pagevet can't block these because the conversation happens on legitimate platforms and payments happen through legitimate banking. But we flag the investment-scam landing pages that often come up in the final stage, and we maintain a reference site for anyone worried about a relationship they're in.

You shouldn't have to remember any of this

Sharing this is useful for understanding what's out there. It's not useful as a defence. The defence is a tool that recognises the patterns for you, because you can't be vigilant at all times against people whose full-time job is getting past your vigilance.

Pagevet is that tool for the first four categories. Install it on the devices that matter. Check on your family quietly. Let the software do the memorising.