Phishing (pronounced 'fishing') is a con trick used by criminals to get hold of your personal information. Phishing typically happens when criminals send convincing looking but fraudulent emails or text messages, although they have also been known to use phone contact.
These emails are often sent to thousands of individuals - in the hope that some will be hoodwinked into supplying personal information. This may include user names, email addresses, passwords, bank account, and credit card details.
These phishing attacks will typically encourage victims to enter details on a fake website - which often seems to come from a legitimate organisation.
You may receive text messages pretending to be from the bank. Some state that sensitive information about you has been posted onto the internet and encourage you to visit a web site. These messages are fraudulent, and visiting the link in the text is likely to result in an attempt to infect your computer or handheld device with a malicious virus.
Other messages state that there is a problem with your bank account and encourage you to phone a number. These are also fraudulent, attempting to trick you into giving away your personal and security information.
Example text messages:
"Your account is closed due to unusual activity. Call us at [number removed]"
"Someone has posted your full Personal & Banking information @ http://[website address removed] You must remove it now."
"Hi, I post your full Personal and Banking information at [website address removed] You can remove it, I am sorry"
Always DELETE text messages like these.
If you have followed the link, we recommend that you carry out a full check of your computer or handheld device as soon as possible to find out if any spyware, computer virus or other malicious software has been installed.
The most effective protection is to keep your computer's security up to date. By downloading Rapport, the free security software from the financial security experts at Trusteer, you help protect your personal information.
We will never ask you for your PIN or password by text or email.
Whilst the Bank now offers a Text Messaging service to give alerts or updates about your account and services available, we will never ask for your full security details or direct you to a page which requires you to enter any logon details or use a card reader device. Smart phones will automatically convert some text into web page addresses - do not click on any link unless you are absolutely certain it has come from a valid source.
If we send you a text, we won’t include specific details but may refer you to our Alerts Service or ask you to contact our Customer Services (without providing a number) or visit your Branch.
You can find our contact details here.
Voice phishing involves customers receiving unsolicited phone calls pretending to be from the bank or even the police. Often they will encourage you to part with security information as part of an ongoing investigation into potential fraud, or claiming that they need to verify security information following a recent transaction.
Sometimes you might get a "warm-up call" where no information is discussed, but your guard is lowered when you get a subsequent call, which refers back to the initial seemingly innocent call you received.
Call 1 - "You recently made a card transaction and we wanted to check your customer experience - you'll be entered into a prize draw - I just need characters 2 and 4 of your four digit card PIN for security".
Call 2 - "You recently took part in our telephone survey - we'd now like to get your views on our online banking service - we need to verify your security information to ensure the right customer goes into our prize draw - could I have characters 1 and 3 of your card PIN?"
Do not give any security information away during a telephone call you have not initiated.
Ask for a contact number for you to call back, but always verify this number independently before phoning back, for example by contacting your branch to confirm the number is valid.