Financial Scammers

Spotting financial scammers can be hard.  The scammers’ methods are getting more and more sophisticated, and their access to technology means it can be hard to spot fake emails, texts or calls.

Why would my bank or credit card be contacting me?

It’s important to understand why your bank or credit card would be contacting you in the first instance.  Ignoring the ‘marketing’ communications you may receive – why would they get in touch to ask you to click a link, hand over information or take action?

Let’s start with the innocuous.  Your bank will send you account-specific communications via email or text asking you to take simple action, e.g. your new statement is available to view, click here to view it; your direct debit is coming up, click here to review it; your interest rate is changing, click here for more information.

These all sound innocent, right?  However, like any link you receive, only click on it if you are CERTAIN it is coming from your bank.  See the tips at the end on spotting fake emails or texts.  

For these regular communications, you will likely be used to the look and feel of them and recognise them when you get them.  If you get any that claim to be one of these regular messages but they read, look or feel different to normal, DO NOT CLICK!  Log in to your account through a separate browser window and check your account – any statements, messages about direct debits or interest rates are going to be available for you to view in your online account as well. 

Now what about when they contact me for urgent or unusual activity? 

Why would my bank or credit card contact me urgently?

Banking institutions are getting much better at spotting fraudulent activities on customer accounts, and they have teams whose sole focus is this.  Should a bank spot a transaction on a customer’s account they suspect is fraudulent, they will reject the transaction and their fraud team will contact the customer by the quickest means available – phone call.

This is where it can get tricky.  On calling a customer, the bank needs to confirm they are speaking to their real customer before it can proceed, and therefore, need to ask you questions to confirm your identity – but you are suspicious of a phone call from someone asking you to confirm personal details!

Spotting Scam Calls

If you receive a call purporting to be from your bank telling you there is a problem with your account, ask yourself a few questions:

1. What number are they calling from?  Take a moment (tell them you’re moving to another room to hear better to give yourself a beat), and quickly Google the number they are calling you from.

1. Do they know your name, and are they addressing you by it correctly?  An interesting tip here is that many people are known by names that are not their full or ‘official’ name.  If your name is Catherine, but you are known by Kate – what name are they using?  Are they calling you by your full and correct name, as it is shown on your bank account?

1. Are they calling from a noisy background? If it’s a noisy call centre, be cautious.  

1. What, specifically, are they telling you the issue is?  Does it make sense, is it likely and does it sound like they are reading from a script?  The primary reason they’ll call is because they’ve spotted some unusual activity.  Your bank will not call you to tell you that your funds are insecure and that you need to move them all.  Don’t be afraid to ask them to clarify the issue BEFORE you move on to security questions.

1. Are they trying to force or coerce or rush you?  A genuine call from your bank, even about a potentially fraudulent transaction they’ve spotted, is not rushed.  If it’s genuine, they’ve already stopped the transaction (and likely put a temporary freeze on your account), so your account is safe till they have resolved it with you, so they don’t need to rush you.

If you are AT ALL suspicious, tell them.  If it is a genuine call from your bank or credit card, they will understand.  Explain to them that you would rather call them back and then get a phone number from your bank’s website, or the number on the back of your card, and call that way.  If they try to give you a phone number to ring, don’t call it.  

If, after these initial questions, you are happy to proceed with the call, they do need to confirm your identity before they can discuss your account with you.  They have several ways of doing this:

1. Confirming some personal details (address, date of birth, phone number).

1. Answering a previously set security question (mother’s maiden name, name of first pet – although these are being used less).

1. Asking you to confirm a bespoke Telephone Banking password you would have set when you opened the account (this is NOT your online banking password, but a separate and specific password set up, it’s often a password you’ve forgotten, so if you have – tell them, and they’ll ask another security question – don’t guess and potentially give away passwords that you use elsewhere!).

1. Asking you to confirm certain characters, e.g. the first and fourth, in your Telephone Banking password or security passphrase (again, NOT your online banking password, but a specific password or passphrase set up by yourself on setting up the account. They will not ask for the FULL password, rather a specific character/number; for example the first and fourth letter or character in your password.).

1. Confirming a recent genuine transaction on your account.

1. Asking you to confirm one or two companies you pay via direct debit out of your account.

1. Sending the registered phone and/or email address linked to your account a passcode and asking you to repeat this back.

Here’s where you should be cautious.

Generally, you need to pass 3 security questions for them to confirm your identity.  If this is a scammer – they want ALL this information.  Are they asking you for too much?

It’s worth repeating here again: if you are in any doubt about the call – tell them, and advise you will call back.  

A few key things to remember

Your Bank will NEVER:

1. Pressure, coerce or create a level of urgency on a call to make you feel like you are rushed into something.

2. Tell you that your funds need to be moved at a moment’s notice.

3. Ask you for your debit/credit card’s PIN number (either full or characters from it).

4. Ask you for your online banking password (either the full or characters from it).

Quick Tips to Spot Fake Comms

On emails:

1. Check the sender’s address. Is it from the correct domain, and are there spelling mistakes?

2. Check the footer (bottom) of the email – does it have the correct information, like their address, privacy information?

3. Does the body of the email have spelling or grammar errors?

4. Does it read with a sense of urgency/time sensitivity – asking you to ‘act fast’, or give grave or dramatic warnings?

5. How does it compare to previous correspondence you’ve had from your bank/credit card?

As a general rule – don’t click on the links.  Instead – go to a fresh browser and access the bank’s website and log into your account that way.

On texts you receive:

1. Is it from a ‘number’ – generally genuine text messages come from a ‘name’ rather than a number – see the image.

2. Are there spelling or grammar mistakes?

3. Is it asking you to click a link?  

4. Does it have a sense of ‘act fast’ urgency?

Some tips on how to protect yourself online (your bank or other online accounts!):

Have different passwords for EVERYTHING, and use random letters, numbers and symbols that are at least 12-14 characters long.  

This sounds a pain and inconvenient, right?  And it is.  But it’s a small price to pay to protect yourself!  The best way to create these (and store them!) is a Password Manager software – there are lots on the market, such as Dashlane, bitwarden, 1Password – this article from wired.com provides some good information on what’s available.  

You can check how easy it is to hack your password by visiting https://www.passwordmonster.com/ . A tip: use spaces, if possible, in your password. This significantly increases the amount of time it takes hackers to get access to your password. 

1. Have two-factor authentication set up on all accounts where it is an option – and it is an option on almost everything these days.  An authenticator app is often cited as the safest option.  If the website allows, set up two options for 2FA, to give you options and access.

2. Have a back-up email address: one that you do not use anywhere else other than as an alternative email address.  So, it’s not used as the primary log-in on any accounts and you don’t give it out as a means of contacting you.  

3. Monitor your credit score – ClearScore is a free option for this.  If a ‘hard’ search is performed on you, that is the type of credit check a company does when you apply for a loan or credit, this will show up on your credit report.  If anything shows up you didn’t instigate – you will be aware.

4. If you are often on the move, consider using a VPN – that is a virtual private network software on your laptop and mobile devices.  These provide a higher level of security over the internet, are excellent at blocking dodgy links should you inadvertently click one and protect you if you are using public WiFi networks.