Your weekly dose of scam-proofing in 3 minutes or less. No fluff, just the latest hacks, scams, phishing attacks, and cyber cons you actually need to know about.

You saw the ad. Maybe it was a weight loss supplement. A teeth whitening kit. A skincare miracle. A VPN. A productivity app. Something with a before and after photo and a celebrity face you half-recognise.

The offer was irresistible. Try it free. Just pay £1.99 for postage.

So you typed in your card details. You got the product. You moved on.

Three months later, you're staring at your bank statement, wondering why £49.99 has been leaving your account every month since.

You scroll back. There it was, buried in a wall of tiny text you clicked past at checkout. By entering your card details, you agree to a recurring subscription. Cancellation requires calling a number. The number rings out. The email bounces. The chatbot loops you back to the homepage.

More than 20 million UK adults have signed up to a subscription without realising it. Of those, 4.7 million are still paying for a subscription they never knowingly agreed to.

That is not a glitch. That is the business model.

1️⃣ The irresistible offer.

The ad finds you where you're relaxed and scrolling Facebook, Instagram, TikTok. It uses a celebrity face (often faked with AI), dramatic testimonials, and an offer that feels low-risk. Just cover postage. Nothing to lose.

Researchers at Bitdefender Labs found scammers used over 1,000 different deepfake videos across social media communities to promote health supplements, impersonating celebrities and medical professionals, including Brad Pitt, Cristiano Ronaldo, and George Clooney. None of them agreed to appear. None of them had ever used the product.

2️⃣ The buried terms.

The checkout page is designed against you. The subscription terms are:

A review of 642 subscription websites and apps across 26 countries found that nearly 76% used at least one dark pattern, and nearly 67% used multiple dark patterns. These are not accidents. They are deliberate design choices with one goal: get your card details before you understand what you've agreed to.

3️⃣ The charges begin.

The first charge is small - often under £5. Then the "trial period" ends, and the full amount hits. A 2024 study found consumers believe they spend around $86 a month on subscriptions. The actual figure is closer to $219 - a gap of $133 that often includes forgotten or unwanted services.

4️⃣ The impossible exit.

This is where the scam really shows itself. Legitimate businesses let you cancel in one click. Subscription traps are engineered to make cancellation as painful as possible:

8% of UK victims took over three months to notice money was leaving their account. And consumers said they would need to lose an average of £143 before they'd even bother reporting it- which is exactly the threshold scammers are targeting.

This scam sits in the greyest of grey zones. Some of these companies are outright fraudulent. Others are technically operating within the law; they did disclose the subscription, just in a way that was designed specifically for you not to see it.

That ambiguity is the weapon. You're not sure if you have a case. You're embarrassed you didn't read the small print. The amount feels too small to fight over. The cancellation process is exhausting enough that most people eventually just give up.

Nearly one in five scam victims who didn't report the crime said the amount stolen was too small to be worth reporting. Scammers know this. They set the monthly charge at exactly the amount where most people will sigh, write it off, and scroll on.

Multiply that by a million customers. That is a very profitable sight.

These are not fly-by-night operations. They are household names, caught doing exactly what the scammers do, just with better lawyers.

🚩 Any offer that asks for your card details for a "free" trial or to "just cover postage". 

🚩 Subscription terms in tiny text, below the fold, or pre-ticked by default. 

🚩 A celebrity or doctor endorsing a product on social media, check if it's real.

🚩 Cancellation processes that require you to call a number or send a letter. 

🚩 Small recurring charges from company names you don't recognise on your bank statement. 

🚩 A trial period shorter than your billing cycle, a seven-day trial on a monthly subscription is designed for you to miss it.

Before anything else, remember this: no tax authority on earth collects debt in gift cards.

Not HMRC. Not the IRS. Not the ATO. Not any of them. If someone claiming to represent a government tax authority asks you to pay in gift cards, iTunes vouchers, Google Play credits, or cryptocurrency, hang up. That is the entire test. Everything else below is detail.

Know how your tax authority actually contacts you.

Every major tax authority follows the same basic rule: they do not call out of the blue to demand immediate payment, threaten arrest, or ask for personal information by phone or text. HMRC contacts you by post first. The IRS contacts you by mail before calling. The ATO will never send a text message containing a hyperlink. If the contact you received does not match how your tax authority actually works, it is not your tax authority.

Type, don't tap.

If you receive any message claiming to be from a tax authority and want to check whether it is real, go directly to the official website by typing the address into your browser. Do not click the link in the message. Do not call the number in the message. Find the official contact details independently and use those.

Hang up and call back.

If someone calls you claiming to be from a tax authority, hang up. Find the official number on the authority's website and call that number directly. A legitimate tax authority will have a record of any genuine outstanding issue. A scammer will not know what to do when you call back on a number they did not give you.

If the free trial needs your card details, it's not free; it's a subscription with extra steps.

That's it for this week.

Subscription traps work because the amounts are small, the embarrassment is real, and the cancellation is a full-time job. None of that is accidental. Every part of the experience -- the easy sign-up, the hidden terms, the exhausting exit - is deliberate.

The defence is simple: never give your card to something you don't already want to pay for every month. If it's genuinely good, you can sign up properly once you've tested it for free in another way.

Catch you next time,

Dan & the Goldphish Team

📌 P.S. Know someone who's got mystery charges on their statement they've been ignoring? Forward this - and then tell them to check their bank account right now.