Banking and online account scams

Find out how banking scams work and what you can do to protect yourself. Be aware that fraudsters target consumers and businesses. 

Telephone scam

Fraudsters may call you and claim to be from your bank or a similar organisation.

They might pretend to be doing a ‘fraud check’ or discuss a problem with your account. Then, to convince you their call is genuine, they tell you to hang up and call your bank. They may tell you to use the phone number on the back of your debit or credit card. 

But the fraudsters don't hang up. So, when you call your bank, they or another fraudster are still on the line. The tactic is called 'vishing'.

The fraudsters will then pretend to be from your bank and try to get you to:

  • give them your account details (especially if they already have some of them)
  • transfer money to another bank account, or
  • hand over your cash or card to them via courier

A variation is a tactic known as ‘number-spoofing’. If your phone (mobile or landline) has ‘caller ID’, it will show the number they are calling from or let you know it is withheld.

But the fraudsters may be able to change the number displayed on your phone, which they use to suggest they are calling from a genuine bank, then try to trick you into revealing information about your account.

You should also be wary of text messages to your mobile phone that encourage you to visit a specific website, that seems to be genuine but turns out to be fake.

We have been told that fraudsters are making our own switchboard number – 020 7066 1000 – appear in the caller ID of people they contact. Ofcom explains how to avoid ‘caller ID spoofing’ and why you should not give any information to these people or call them back.

Online banking scam

Bank websites can be copied ('cloned') by criminals. These sites use a similar address to the genuine bank site and use it to trick customers. One way to reach a cloned website is to click through to it from a spam email.

Fraudsters also send emails and text messages that pretend to be from a bank. These ask you to verify details such as your online banking passwords, PIN, or account or card details. This is known as ‘phishing’. It often comes with a story about why your details are needed, such as for a refund, a security and maintenance upgrade, or even to stop fraud.

Fraudsters will also contact consumers and businesses, pretending to be regular suppliers. They may say their bank details have changed and ask you to update your payment details to direct the money to them. Alternatively, they may email you pretending to be a senior member of staff and try to persuade you to make an urgent transfer.

Card scam

Card details are sometimes taken by copying the information from the magnetic strip of a bank or credit card at a cash machine or in a store. This is known as ‘skimming’. The fraudsters intend to access your account or create a fake card that has your details on it.

Many other scams aim to steal your credit card details, either by taking the card itself or by tricking you into giving out the details, such as the security code (the three- or four- digit code on your card).

In each case the fraudsters intend to access your bank account, take money from it, or charge items to your credit card.

Protect yourself

Treat all unsolicited calls, emails and texts with caution.

Fake websites, emails, telephone calls and text messages are likely to be linked to organised fraud. We strongly advise you not to respond to the criminals in any way.

Don’t be rushed into acting quickly. A genuine organisation won’t mind waiting if you want time to think.

You should never give out your bank account or credit card details unless you are certain who you are dealing with. If you have already given the fraudsters this information, tell your bank immediately.

Keep in mind that a bank will not email to ask for your personal information or account details. Be especially wary if the email does not include your proper name or contains spelling mistakes or poor grammar.

If you think an unusual email could be from your bank, phone them to ask about it. But use the number on your card, bank statement or in the phone book rather than a number in the email.

If you receive a call that seems to come from your bank or a similar organisation, say you will call them back. But use another phone line, such as a mobile phone or landline, or wait at least five minutes before using the same line.

Remember that genuine bank staff will never ask for the PIN for your bank or credit card.

Carefully check the address of a bank website you are using, looking for subtle differences, especially if you clicked through to it from an email that could be spam. It is better to bookmark the website address or type it in each time.

If you’re sending money using an account number someone has sent you by email, call them to double-check it’s correct and hasn’t been intercepted. 

At work, look out for fraudsters impersonating your suppliers or senior managers. They may ask you to make a payment or change payment details. Always check that the email address is exactly the same as previous correspondence with the genuine contact. If you’re suspicious, call them back on a number you’re sure is genuine or speak with them in person.

You should also look at your bank account and credit card statements regularly.

You can see our list of firms to avoid and find out what to do if you think you have been scammed. You can also read more about banking fraud on the Take 5 website.