Phishing

Phishing is a process used by fraudsters to acquire sensitive information such as usernames, passwords and credit card details by pretending to be an email or message from a trustworthy organisation. Communications claiming to be from banks, popular social websites and auction sites are commonly used to trick the unsuspecting public.

Phishing is usually carried out by email or instant messaging and often directs users to enter details at a fake website which looks almost identical to the real one, however some phishing scams are able to create pop-ups that appear whilst you are using a banking site.

Remember:

• Bank of Scotland may email you or send you a text message from time to time, but this communication will never ask you to enter your Internet Banking details either through an email, text message or a website
• Bank of Scotland do not ask you to enter any of your security details into a pop-up screen. If you see one of these screens then it is almost certainly a scam
• If you have been presented with a pop-up screen asking you to enter your security details, do not enter any details and call 08456 02 00 00.

Examples of phishing emails can be found at the Bank Safe Online website*.

Emails

You may receive emails, directing you to websites that ask you to enter your personal information. The aim of many of these email scams is to take you to websites that may look like the genuine site but are in fact ‘spoof’, or fake, web sites. When you click on a link or enter your personal details, the information is sent to someone other than your bank or other service providers. This means that someone else may be able to access to your accounts.

Text messages

There has been a rise in the occurrence of these type of scams received by SMS text message, known as ‘SMSishing’. Typically, you will receive a text message purporting to be from your bank or a known business requesting that you respond or follow a link to a website where you will be required to enter security or financial details (i.e. your card number and expiry).  If you are unsure, you should call your bank or the business involved using a phone number you know to be genuine to question the validity of the message you received. If you are unsure, never respond to the message or provide the information requested, and delete the message from your phone.

Phone calls

You should also be cautious when receiving unsolicited phone calls from people claiming to represent your bank or another business, especially where you are asked to provide information about your login credentials or card details. ‘Vishing’ is the term used for this process, where the caller’s objective for contacting you is attempting to obtain these details for their financial gain.

Don’t be fooled

We may email you or send you a text message from time to time, but will never send you an email or text message asking you to enter your Internet Banking details either through an email, text message or a website. For a quick way to tell if an email is genuine, check for your name at the top of the email. For text alerts check they will begin BOS A/C and quote the last four digits of account number. We know who you are so we’ll always greet you personally in an email, but fraudsters are unlikely to know your name and may begin an email “Dear Valued Customer” or something similar.

Examples of phishing emails can be found at the Bank Safe Online website*.

If you receive an email or text message that asks for your personal information, do not click on any link or provide any Internet Banking or telephone banking security details. Please forward suspicious emails or details of text messages that ask for your personal information to security@bankofscotland.co.uk and then delete it from your inbox without responding. This information will be used to help reduce fraud online.

If you have been presented with a pop-up screen asking you to enter your security details, do not enter any details and call 08456 02 00 00.

Protect yourself and your computer by having up-to-date anti-virus software, operating systems and firewalls.

More information on phishing along with example emails can be found at Bank Safe Online*.

Bank Safe Online is the UK banking industry's initiative to help online banking customers stay safe online. This site is run by UK Payments Administration on behalf of its member banks.