securitysocial media

6 links you should never click

From fake delivery texts to dangerous QR codes, scammers are constantly finding new ways to catch us out online

by Lisa Barber

Online scams can be frustratingly hard to spot, with criminals using copycat websites, realistic messages and the power of AI to create more believable scams

1. Suspicious social media ads

Some are more obvious than others. Investing in random Bitcoin schemes from a company you’ve never heard of is unlikely to make you money. Buying a patch or some strange ‘miracle’ salt won’t help you lose weight quickly, either. Others are less obvious, such as ads that use a legitimate company’s branding and ask you to fill in a customer survey. 

And even if one seems easy to spot now, there’s a chance you’ll eventually come across one that bypasses your defences, especially as scams become more convincing with the help of AI.

Before you click, ask yourself these two things:

  • Is this too good to be true? 
  • Is it posted from an official channel of a legitimate company? 

It is, quite frankly, appalling that social media companies aren’t doing more to stop scam ads. When we flag these ads, the platforms typically tell us they’ve removed the scams due to violating their policies, and that they don’t allow scams on their platforms. 

Yet we still see more ads appearing. And you, your friends and your family probably do, too.

Tech analyst firm Juniper Research estimated that social media companies made nearly £3.8 billion in revenue from scam ads in Europe in 2025.

2. Missed delivery messages

‘Delivery not achieved’ – all I need to do is either click the link or reply ‘Y’ to get it all sorted out. Yeah, right. And I’ve got a bridge I can sell you.

Never, ever click on a link from a message like this. If I’ve got a package I’m waiting for, I’ll always check the official website or app to find out where it is. The Royal Mail app is very useful, too, as you just paste into it the delivery code the retailer sent you. 

Take particular care at busy times of year, like Christmas. Scammers will always try it on then, as they know so many of us are waiting for deliveries. I know someone who ended up handing over their credit card details after ordering a Christmas present online and then falling for one of these messages.

Another giveaway is urgency. Scam texts often try to panic you into acting quickly by threatening returns, extra fees or missed deliveries if you don’t respond immediately. And remember – legitimate delivery firms won’t ask you to confirm sensitive information or payment details via a random text link.

3. Copycat websites

This used to be a common scam, but I haven’t seen it in a while – I’m including it here in case, like whack-a-mole, it pops up again. Particularly as more of us are using AI and relying on it to help find the right site.

Back in the day, you’d use a search engine to find the right website to renew, say, your passport or driving licence. ‘Helpful’ websites would appear, claiming to take the stress out of the process or even pretending to be the official sites themselves.

At best, you’d overpay for something you could have easily done via the gov.uk website. At worst, you’d overpay and hand your details directly to scammers, ready to be reused or sold on.

Only use official websites. For government services, that usually means checking the address ends in .gov.uk. And if you need a hand filling something in, the Post Office can usually help – or you could ask a neighbour or relative.

Be cautious about clicking sponsored search results, too. Scammers have been known to pay for ads that appear above genuine websites in search results.

4. Car park QR codes

Gone are the days when we’d all keep loose change in the car. Now, it’s easy to pay for parking using your phone. Or at least it should be.

Have you got the right app downloaded? If not, you might not want to use mobile data installing it, or your signal may not be strong enough. Thank heavens there’s a handy QR code that you can simply scan, click and use to enter your card details.

Unless, of course, it’s a sticker placed over the real QR code that sends you to a phishing website designed to steal your bank details.

I recommend using your home wi-fi to download the parking app most commonly used in your local area. it’ll save you hassle later on and means you can pay with confidence. Side quest: find out which app your local hospital uses, just in case – your future self will thank you.

If you’re in a car park and there’s a QR code, see if you can pay by another way – a website, for example, if you can’t download the app. 

Otherwise, if you really have to scan, double-check you’re not scanning a sticker placed over the original. Use your phone’s camera and preview the link first in the pop-up that appears. Look carefully at the website address you’re being sent to – does it look genuine?

5. Ransom emails

This is a particularly nasty scam. You receive an email claiming that someone has hacked your webcam and recorded you – and that the footage will be sent to all your contacts unless you pay up. This won’t resonate with everyone, as it depends on what content you enjoy viewing. But it’s absolutely terrifying when it reaches its intended audience.

Some versions even include an old password of yours to make the threat seem more believable. Usually, though, that password has been exposed in a historic data breach rather than stolen directly from your device.

These emails are sent out far and wide, and scammers only need a handful of people to panic and pay up to make them worthwhile. Ignore the message. Do not engage. Do not pay.

6. Password reset emails I wasn’t expecting

It’s easy to see why scammers send these emails, as they can look incredibly convincing. They often copy the branding, colours and wording used by well-known companies such as Microsoft, Apple, Amazon or Netflix.

The email will often claim your account will be locked or deleted unless you act immediately. Scammers include this as they want you to react emotionally, so you click straight away and give away your data.

Sometimes these emails are actually from the company itself, as it’s been triggered when someone enters your address on a login page – either by mistake or as part of an automated attack using leaked passwords from other websites.

Either way, I would never click. 

If you get a password reset email you weren’t expecting, go directly to the company’s website or app and check your account there.

Leave a Reply

Your email address will not be published. Required fields are marked *