Find out how banking scams work and what you can do to protect yourself.
Banking and online scams can take many forms. Find out more about some of the common ones, including:
- telephone scams (including 'vishing' and number spoofing)
- online banking scams
- supplier scams
- card scams
Or, find out how to:
- protect yourself from scams
- contact us if you have any concerns
- check the Financial Services Register to find contact details for authenticated firms
- report a scam or unauthorised firm
It’s not easy to spot a telephone scam. Fraudsters may call you and claim to be from your bank, the police, or a similar organisation. They might pretend to be doing a ‘fraud check’ or calling to discuss a problem with your account.
To convince you that their call is genuine, they may tell you to hang up and call your bank. They may even tell you to use the phone number on the back of your debit or credit card.
However, when you try to end the call, the fraudsters don't hang up. Instead, they remain on the line to intercept your call when you try to contact your bank. This tactic is called 'vishing'.
Fraudsters will try to get you to:
- give them your account details (especially if they already have some of them)
- transfer money to another bank account
- hand over your cash or card to them via courier
A similar scam uses a tactic known as ‘number-spoofing’.
If your phone (mobile or landline) allows you to see the ‘caller ID’, it will show the number fraudsters are calling from, or it will say the number is withheld.
However, fraudsters may be able to change the number displayed on your phone to suggest they are calling from a genuine bank. They will then try to trick you into revealing information about your account.
You should also be wary of text messages to your mobile phone that encourage you to visit a specific website. It might seem genuine but it could turn out to be fake.
We have been told that fraudsters are making the FCA’s switchboard number – 020 7066 1000 – appear in the caller ID of people they contact.
Ofcom explains how to avoid 'caller ID spoofing' and why you shouldn't give any information to these people or call them back.
Bank websites can be copied ('cloned') by criminals. These sites use a similar address to the genuine bank website and use it to trick customers. One way to reach a cloned website is to click through to it from a spam email.
To protect yourself, carefully check the address of the bank website you are using. Look for subtle differences. Be especially cautious if you clicked through to it from an email that could be spam.
Remember, it is always better to bookmark the website address or type it in each time.
Fraudsters also send emails and text messages that pretend to be from a bank. These ask you to verify details such as your online banking passwords, PIN, or account or card details. This is known as ‘phishing’.
The email often comes with a story about why your details are needed, such as for a refund, a security and maintenance upgrade, or even to stop fraud.
Always remember that a bank will never email to ask for your personal information or account details. Be especially wary if the email does not include your proper name or contains spelling mistakes or poor grammar.
If you think an unusual email could be from your bank, phone them to ask about it. Use the number on your card, bank statement or in the phone book, rather than a number in the email.
If you’re sending money using an account number someone has sent you by email, call them to double-check it’s correct and hasn’t been intercepted
Fraudsters may contact consumers and businesses, pretending to be regular suppliers. They may say their bank details have changed and ask you to update your payment details to direct the money to them.
Alternatively, they may email you pretending to be a senior member of staff and try to persuade you to make an urgent transfer.
Remember, always check that the email address is the same as previous correspondence with the genuine contact. If you’re suspicious, call them back on a number you’re sure is genuine or speak with them in person.
Card details are sometimes taken by copying the information from the magnetic strip of a bank or credit card at a cash machine or in a store. This is known as ‘skimming’. By doing this, fraudsters are aiming to access your account or create a fake card that has your details on it.
You can protect yourself against skimming by taking the following steps:
- never share your PIN
- be discreet with your PIN
- look for signs of tampering on ATMs
- if possible, avoid outdoor ATMs
- check your credit card statement
- report suspicious activity
- notify your bank when you go overseas
There are many other scams that aim to steal your credit card details, either by taking the card itself or by tricking you into giving out the details, such as the security code (the 3- or 4- digit code on the back of your card).
In each case, the fraudsters intend to access your bank account, take money from it, or charge items to your credit card.
You should never give out your bank account or credit card details unless you are certain who you are dealing with. If you have already given the fraudsters this information, tell your bank immediately.
- Treat all unsolicited calls, emails and texts with caution.
- Don’t be rushed into acting quickly. A genuine organisation won’t mind waiting if you want time to think.
- Check your bank account and credit card statements regularly.
If you're concerned, you can search our list of firms to avoid and find out what to do if you think you've been scammed.
You can also read more about banking fraud on the Take 5 website.