Threats and tips
Be aware of the different types of potential fraudulent attacks online.
Top tips to stay safe online
Protect your identity when you're online
Create strong passwords, change them regularly, don't use the same password for different sites, don't write them down and don't give them to anyone else.
Don't open emails from suspicious senders
If you receive a suspicious email, don't click on any links or download any attachments.
Keep your computer software up to date
Set your computer to receive automatic updates and the latest versions of operating systems, anti-virus software and internet browsers. A lot of updates include important security fixes.
Turn your computer off when you're not using it
It sounds simple, but it's often overlooked. By turning your computer off, not only will you save on your energy bills but you'll also prevent any unauthorised access while you're away.
Only download software from trusted websites
If you need to download software, use trusted sources and go directly to their websites instead of downloading from a third party.
Secure your wifi connection
Make sure your wireless broadband router is secured with a strong password, and disconnect it if you don't need it for long periods. Be wary of using free public wifi services if you're entering personal information.
Keep your mobile secure
Log out of Apps when you have finished using them. Make sure the password function for your smartphone requires you to input this every time you use your phone and don’t leave your mobile unattended.
Ways to stay safe
Be aware of the different types of potential fraudulent attacks.
The illegal, aggressive mis-selling of worthless or over-priced shares, often traded in very limited volumes.
Someone uses your personal details to pretend to be you, access your accounts, remove money or buy goods.
Software used by criminals to gather your personal or financial data, or disrupt your computer or network.
Boiler room scams
What are they?
The term ‘boiler room’ is used to describe illegal, aggressive mis-selling of shares that are worthless, vastly overpriced or ones traded in very limited volumes/markets. The purpose of the sales pitch is to defraud investors and it is typically done with a high-pressure approach.
These frauds typically start with a phone call from a person posing as a salesperson for shares in companies you are unlikely to have heard of.
Shares sales fraudsters tend to be very persistent and can be very convincing – even providing authentic-looking websites and information for the company shares they are selling. They will frequently offer gifts and free reports and will often succeed by wearing down the investor until they eventually agree to invest.
If you fall foul of this particular type of fraud there is unfortunately little chance of compensation and you are almost certain to lose any money invested. These scams are almost always operated from foreign countries (whatever the salesperson says). This means the fraudsters are not regulated by an authority which might protect or provide compensation for the victim.
What you can do to protect yourself
You should be particularly cautious if any approach to sell investments directly to you is unsolicited, you are being offered unrealistically high returns on investments, and/or you are asked to keep the approach confidential.
You should always check the validity of any scheme you intend to invest in. Pay particular attention if you find it difficult or impossible to get hold of any real evidence of the scheme’s legitimacy, or find that telephone numbers are untraceable mobile/cell numbers.
If you think you may have been approached by a fraudulent sales person you can check on the FCA website to see if the company they claim to be from is legitimate. If you have any suspicions, you should check with the relevant authority that the company the salesperson claims to represent is on a regulator’s register - and that it is allowed to give financial advice and to make investment sales. If it is not, of you are unable to find this information, you should ignore or terminate any future calls.
Even if the company is on a register, you should not assume that the salesperson actually works for that company. Do your own independent checks and call the firm the salesperson claims to work for on a number not given by the salesperson. Any genuine salesperson will not mind a customer undertaking their own checks.
What is it?
Identity theft is when someone uses your personal details to pretend to be you, often using them for financial gain.
You can be vulnerable to identity theft on social networking sites and when using other online services, as well as in the real world.
Once an identity fraudster has your personal details they can access some or several of your accounts, removing money or buying services or goods which you are charged for but, never see.
What you can do to protect yourself
There are a number of precautions you can take, both online and offline, to make sure no one gets hold of your personal details.
Protecting yourself online and on the phone
- Create strong passwords and usernames – with numbers and lower and upper case letters
- Use different details for different account logins and never disclose them to anyone
- Verify who you’re speaking to on the phone or online
- Check your bank and trading statements regularly and report any transactions you don’t recognise
- Don’t be afraid to say ‘no’ if you think someone is trying to trick you out of information
- Avoid using the auto-complete option when filling in forms online – your browser stores your details to do this and that information is easy for thieves to access.
- Don’t post personal details on chat rooms, forums or social networking sites
- Don't choose words or dates obviously associated with you - people can often find out a lot about you online – from your date of birth to your pet's name.
- Don’t rely on words that can be found in a dictionary – hacking algorithms usually use dictionary entries as the first line of attack.
- Use a mixture of unusual characters - you can use a word or phrase that you can easily remember but with replaced characters.
- Keep your passwords safe - writing them down can be highly insecure.
- Consider changing your passwords on a regular basis – many experts recommend a monthly password change.
Protecting yourself offline
- Check any statements carefully and securely store statements, bills and confidential letters.
- Shred personal information you want to throw away – a common way fraudsters get hold of people’s details isn’t online, but by going through their rubbish.
- Redirect your post using the Royal Mail Redirection Service if you move home.
- Consider obtaining credit reference reports from providers such as Experian.
What is it?
Malware is the term used for any kind of software that is designed to be used by attackers to gather your personal information (for malicious intent) or cause disruption to your computer or systems in some way.
Even with anti-virus software and firewalls, malware can sometimes get through to cause damage to your computer, track what you do online and give criminals access to your security details. Types of malware include:
- Computer viruses – software programmes which have the potential to damage your computer and, in some cases, track what you do online passing back information and security details to hackers. You might notice a virus on your computer if it starts behaving uncharacteristically, or you notice changes you can’t account for. For example it may slow down significantly, you may notice that files have been changed or deleted, or you may see messages and pop ups (or even music playing) that you haven’t initiated. Anti-virus software is specifically designed to protect your computer against viruses.
- Trojans – are software programmes that pretend to be something they are not. Essentially they are harmful programs, often disguised as downloadable files such as screensavers, tools or applications.
- Spyware - secretly tracks what you do online to get information about your browsing habits, and might display unwanted advertising, while Adware installs pop-ups and advertising on your computer. Spyware and adware can be relatively harmless, but they can scan your hard disk to get your personal details and can slow down your computer.
- Scareware – is designed to trick you into installing malware. Typically by delivering pop ups which tell you your computer is infected and inviting you to buy software to remove the issue. In reality the software you buy is likely to contain malware
What you can do to protect yourself?
To protect you from any type of computer virus you should always be cautious about sites you visit, links you click on, and any files you download or install – especially if you haven’t requested them.
- Ensure you have up-to-date anti-virus software installed
- Use the latest version of any software you use, such as your internet browser
- Avoid clicking on links or downloading files from sources you don’t know, haven’t requested or aren’t confident about
- Only buy software from sources you trust.
Phishing is when fraudsters use emails and calls to try to get you to disclose personal information. Phishing attempts can be generic, with the same email sent to millions of people hoping for a handful of responses, or more targeted, using recognisable information to make the email seem more trustworthy.
In either case, there are often warning signs to watch out for:
- Generic greetings with little personal information
- Spelling and grammar mistakes
- Rewards for responding, or threats of consequences if you do not respond - e.g. the loss of money or closure of an account
- Information mismatch - e.g. an email claiming to be from your bank but sent using a Gmail account
- Asking for something - the goal of phishing is always to get something from you
We are continually updating our security procedures to protect your accounts but it is still important that you remain aware of potential threats. Here are some steps you can take to stay safe.
What can you do?
- Any email asking you to log in or provide your details is almost certainly going to be a phish. Most businesses will specifically not ask you for these details. That is why they cannot tell you what your forgotten password is and why you have to reset it.
- If the email is from a business you deal with or someone you know, is the content in line with your previous dealings? Is this a normal request? Even if it is normal, should you be giving them this information?
- If you want to check up on an email just to be sure, never use any of the data in the email, it could be compromised or fake. Go to a search engine and find the website of the company. Is there anything on their homepage in line with the email you just received?
- Log in to your accounts using the method above. Never put your details into a link from a suspicious email.
- Contact the sender to clarify or query the email. But use a different method of communication, as it could be possible their account has been compromised and captured.
- Protect your ii account at all times. Be careful what you sign up for with it. Never share your password details and avoid storing them on your desktop or in documents titled "passwords".
- Pick a good password. Try to avoid dictionary words, think of something memorable but random. Do not make it sequential. A strong password becomes weak if all you are doing is adding 01 on the end and changing it to 02 when prompted.
- Be aware of your social presence on the internet. We all have social media accounts but have you checked to see who can see what? Are you careful with what you post? Facebook and Google recently highlighted some of the risks of our internet presence.
- Consider using a password manager to store your passwords. For any site or application on your phone that you log in to, consider a strong, separate password. Especially if that site or app stores financial information (card details for online purchasing), or sensitive personal information. Where possible, consider activating two-factor authentication.
If you are in any doubt whether a call is genuine please hang up and call us on 0345 607 6001.
If you are suspicious about an email that appears to be from us please report it to us at firstname.lastname@example.org. We will never;
- include attachments unless you have asked us for information or updates
- include a link in an email which takes you directly to a log in page.
- ask you for your username or password in an email.
- ask you for your password and dealing password on the same web page.