It’s easy to panic when you receive an email from your bank alerting you of account activity. But it’s more likely to be a scam. Here are just a few things your bank will never request online – but fraudsters will.
This is a particular concern if you use Internet banking. Of course there are benefits, but many people refuse to trust an online interface with details of their accounts. The wealth of scammers and scare stories on show is enough to make anyone nervous – as is the fact that even ATMs aren’t safe.
But if you keep a clear head and know what to look out for, there’s no need to feel like a target.
Please Enter Your PIN
“Well, obviously,” I hear you say. But people are becoming increasingly at ease with entering their PIN in shops they don’t recognise or at any rate shouldn’t necessarily trust. I know a few people who happily pay for everything on card, irrespective of whether they have enough cash on them or not. This complacency is dangerous, perhaps a reason fraud credit card losses came to £450.4 million in the UK in 2013 (a 16% increase on 2012’s £388.3 million).
Fortunately, this isn’t close to the losses suffered throughout 2004-08, the height of credit card fraud in the UK both in-store and via e-commerce.
The possibility that fraudsters would try to fool you into sharing your PIN online is far from unimaginable. You might be tricked into thinking you need to change your PIN as it’s been put at risk. Frequently, scammers will use time against you, fashioning a situation that needs to be dealt with now, forcing you to panic and make the wrong decision.
But no one needs to know your PIN except you. Even going in-store for help, banking assistants will look away as you type in your four-digit code.
Click on This Link and Enter Your Details
— ?Worstead Canary? (@poppygirl2014) December 8, 2014
This is a classic phishing scam.
The email will likely look genuine enough; so might the website address it links to. It’ll probably ask you to verify your account or change your Internet Banking details, but do not click on the link or fill out any details – especially not passwords.
If you think it might be genuine, go to your bank’s official site in a new browser window and enter the address manually (do not click the link in the email). The link address might even look real, but it’s been manipulated. Go to your real bank’s site if you’re particularly concerned or go to your nearest branch.
Just look how accurate this fake Google login page appears to be.
In a further effort to combat phishing, it’s worth downloading anti-virus software with tools that block phishing. Many email service providers like Hotmail and Gmail already file suspected fakes into Junk, but they’re not always quick to act, and aren’t fool-proof. (As Douglas Adams said, “A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.”)
Download And Fill Out This Form
As many of us know, downloading anything from an untrustworthy email address is a big no-no, whether it’s concerning itself with banking information or merely purporting to showcase a portfolio or CV. But the fact that fraudsters are still trying to get people to look at attachments means that a few are still tricked.
Even innocent-looking PDFs can come with software-locking ransomware or hidden malicious files that relay personal information to another server. Think of all the passwords you use: not just Internet Banking, but also for Amazon, for eBay, for PayPal, for social media, even for your emails. While it may seem harmless enough, a breached email account can cause plenty of damage!
A good example of this came last year: a hurtful message supposedly from the National Institute For Clinical Excellence (NICE), imploring you to download test results. It’s an awful, emotive subject and that’s potentially why people fell for it, as well as these other scam emails in 2014.
Once more, fraudulent emails like this will be filed into Junk and deleted, but sometimes, they slip through the net. Otherwise, here are a few ways you can spot a questionable email attachment.
Please Complete A Test Transaction
Some scammers send out emails asking possible customers to perform a test transaction, perhaps due to a supposed technical issue on their end or even claiming that they’re moving your money to a different account due to suspicious activity on your normal one. Obviously, the account they want you to send money to is one of their own.
But of course, a bank wouldn’t try to transfer your money, even if fraud is suspected: instead, most will suspend that account and contact you to verify payments they think aren’t your usual shopping basket fare. This is also why they like you to let them know when you’re going on holiday.
Asking you to move money about online sounds like such a glaring example of fraud. However, according to a YouGov poll, 4 million people in Great Britain would likely transfer money to a so-called “safe” account, and 3 million would perform a “test transaction” if instructed to via email or phone. Speaking of which…
Please Call Us on This Number
Steve Head, Police National Coordinator for Economic Crime, says that criminals are “exploiting the technological and Internet revolution to target people of all ages and from all walks of life with ever more sophisticated and convincing scams, increasingly delivered directly into the home via telephone, mobiles, laptops and tablets.”
Never blindly trust an email supposedly from your bank asking you to ring on a specific telephone number. At the very least verify your bank’s actual number by independently checking their official website (again, avoid clicking on any in-email links). Check for signs that the website is secure, looking for that ‘s’ in ‘https://’ in the address bar, for instance.
And if you really do need to contact your bank, the proper phone number will be in the letterhead of your statements. Use this rather than any displayed on a potentially fake website.
Similarly, scammers might ring you directly, by-passing emails, pretending to be a representative of your bank. This is known as Vishing, or voice phishing, a tactic used to obtain personal information over the phone. They might ask you for some account details or refer you online to authorise payments. A further trick involves you ringing your bank after a call (often to gain your trust), but the fraudster stays on the line.
Who Should You Trust?
The important thing, as ever, is not to panic and remain somewhat sceptical.
Caught off-guard, you may forget that your bank doesn’t even have your email address! If in doubt, pop down to your local branch when you’ve half an hour to spare. As the cliché goes, it’s better to be safe than sorry.
Do you have any tips to spotting a fraudulent email? Do you know of any scams going around right now? Have you been unfortunate enough to fall victim of one? Let us know below.