Anatomy of a UK Crypto Scam

The Financial Conduct Authority (FCA) warns that criminals create clone firms by copying the name, address or registration number of a genuine FCA-authorised financial services business. They build professionally designed websites, run social media adverts and make unsolicited calls — presenting themselves as a firm the victim can verify on the FCA register. This is precisely the point: the registration number is real, but the firm contacting you is not the registered entity.

According to FCA guidance, clone scammers typically:

• Provide contact details that differ slightly from the registered firm's official details, or claim the register entry is out of date
• Create time pressure — urging victims to invest quickly before a "limited opportunity" closes
• Promise high or guaranteed returns and encourage victims to ignore warnings from banks or the FCA

To avoid clone-firm scams, the FCA advises: use the FCA Firm Checker to look up the firm, then independently source the official contact details from the register and call the firm directly before transferring money. Do not use any contact details provided in the unsolicited communication itself.

For context on how scam risk shapes UK bank payment restrictions, see the UK banking directory — several banks impose payment limits specifically in response to scam patterns of this type.

• Unsolicited contact: Genuine investment opportunities do not arrive uninvited via phone calls, text messages, or social media DMs. Any unsolicited crypto investment approach should be treated with scepticism.
• Urgency and time pressure: Scammers create artificial deadlines to prevent victims from thinking clearly or seeking a second opinion. There is no legitimate reason for a financial services firm to require an immediate decision.
• Guaranteed or unusually high returns: No investment instrument generates guaranteed returns. Any promise of high, risk-free profit is a hallmark of fraud. The FCA warns specifically about social media adverts using celebrity images and unrealistic profit claims.
• Unlicensed or unverifiable firms: Check the FCA register before sending money. If a firm is not authorised to conduct the activity it is offering, do not proceed.
• Off-domain or slightly-wrong URLs: Clone sites often use domains that resemble the real firm's address. Always type official URLs manually; never follow links from unsolicited communications.
• Requests to move to private channels: Asking you to continue a conversation on Telegram, WhatsApp or another platform away from official channels is a consistent pattern in social engineering attacks.
• Remote access requests: Any request to install TeamViewer, AnyDesk or similar software should be treated as an attempted theft, regardless of the stated reason.

For the equivalent red flags relating specifically to wallet software and hardware wallet scams, see Part 4 of the wallet series, which covers seed phrase attacks and the Stop, Verify, Confirm approach.

• Crypto Wallets Part 4: Red Flags and Scam Prevention — wallet-specific attack patterns including phishing via legitimate sender addresses and seed phrase theft.
• UK Banking Directory — how UK banks restrict crypto payments in response to scam risk, and which banks block outgoing transfers entirely.
• Staking & Yield in the UK — custodial yield products are a common vehicle for scams; understanding the legitimate regulatory framework helps identify fraudulent offerings.