Banking and online account scams

Find out how banking scams work and what you can do to protect yourself. Be aware that fraudsters target consumers and businesses. 

Telephone scam

A fraudster may call you and claim to be from your bank or a similar organisation.

After an initial conversation, sometimes about a ‘fraud check’ or a problem with your account, you will be told to hang up and call your bank, perhaps using the number printed on the back of your debit or credit card.

This tactic is known as ‘vishing’ and is used to convince you that the call is genuine. The trick is that the fraudster on the other end doesn’t hang up so when you make another call they, or a fellow scammer, are still on the line.

The scammer will then pretend to be a bank representative and try to get you to give out your account details (especially if they already have some of the details), transfer money to another bank account or hand over your cash or card to them via courier.

A variation of this is a tactic known as ‘number-spoofing’. If your phone (mobile or landline) has ‘caller ID’, it will show the number that is calling you or let you know it is withheld.

But the caller may be able to change the number that is displayed on your phone, which some fraudsters use to suggest they are calling from a genuine bank number, then try to trick you into revealing information about your account.

You should also be wary of text messages to your mobile phone that encourage you to visit a specific website, which seems to be genuine but turns out to be fake.

We have been told scammers are making our own switchboard number – 020 7066 1000 – appear in the caller ID of people they contact. Ofcom explains how to avoid ‘caller ID spoofing’ and why not to give any information to these people or call them back.

Online banking scam

We have seen instances of bank websites being copied by criminals, with a similar address to the genuine bank website being used to trick customers. One way to end up on a cloned bank website is to click through to it from a spam email.

Scammers also send emails and text messages pretending to be from a bank, asking you to verify details such as your online banking passwords, PIN, or account or card details. This is known as ‘phishing’ and often comes with a story about why your details are needed, such as for a refund, a security and maintenance upgrade, or even as a fraud alert.

Fraudsters will also contact consumers and businesses, pretending to be regular suppliers. They may say their bank details have changed and ask you to update your payment details to direct the money to them. Alternatively, they may email you pretending to be a senior member of staff and to try to persuade you to make an urgent transfer.

Card scam

Card details are sometimes taken by copying the information from the magnetic strip of a bank or credit card at a cash machine or in a store. This is known as ‘skimming’ and the fraudsters intend to access your account or create a fake card that has your details on it.

There are many other scams that aim to steal your credit card details, either by taking the card itself or by tricking you into giving out the details, such as the security code (the three- or four- digit code on your card).

In each of these cases the fraudsters intend to access your bank account, to remove funds from it, or to charge items to your credit card.

Protect yourself

Treat all unsolicited calls, emails and texts with caution.

Fake websites, emails, telephone calls and text messages are likely to be linked to organised fraud and we strongly advise you not to respond to the criminals in any way.

Don’t be rushed into acting quickly. A genuine organisation won’t mind waiting if you want time to think.

You should never give out your bank account or credit card details unless you are certain of who you are dealing with. If you have already given the fraudsters this information, tell your bank immediately.

Keep in mind that a bank will not email you to ask for your personal information or account details. Be especially wary if the email does not include your proper name or contains spelling mistakes or poor grammar.

If you think an unusual email could be from your bank, phone them to ask about it – but use the number on your card, bank statement or in the phone book rather than a number in the email.

If you have a call from your bank or a similar organisation you should call them back but from another phone line, such as a mobile phone or landline, or wait at least five minutes before doing so.

Remember that genuine bank staff will never ask for the PIN for your bank or credit card.

Carefully check the address of a bank website you are using, looking for subtle differences, especially if you clicked through to it from an email that could be spam. It is better to bookmark the website address or type it in each time.

If you’re sending money using an account number someone has sent you by email, call them to double-check it’s correct and hasn’t been intercepted. 

At work, look out for fraudsters impersonating your suppliers or senior managers. They may ask you to make a payment or change payment details. Always check the email address is exactly the same as previous correspondence with the genuine contact. If you’re suspicious, call them back on a number you’re sure is genuine or speak with them in person.

You should also look at your bank account and credit card statements regularly.

You can see our list of firms to avoid and find out what to do if you think you have been scammed. You can also read more about banking fraud on the Take 5 website.