When you’re managing your bank account it's important that you keep yourself safe and secure online.
Learn how to spot a scam, what to do if you are contacted unexpectedly, and advice on how to stay safe online.
Fraudsters phone people pretending to be Bank of Scotland, the police, or other well-known companies. They do it to get you to send money, let them access your bank account or take control of your device to steal your personal data. Stop and think – is this call genuine?
Telephone fraudsters sound convincing and professional. Here are a few tips on how you can protect yourself and tell a genuine phone call from a scam.
Do you really know who’s calling? - If the call is unexpected, then they might not be who they say they are. If you’re not sure, say you’ll call back. Always use a trusted number (not the number the caller is using or asks you to use), and don’t assume a caller is from Bank of Scotland even if your caller ID says that it is. For Bank of Scotland, use the number on the back of your card. If the caller says they are from the Police you can call back on 101.
Is the caller putting pressure on you? - Fraudsters want to create a sense of urgency to force you to make quick decisions. The scammer might also ask you to “keep it quiet” and not tell anyone about the call. Don’t trust anyone trying to silence you or hurry you up.
Never let a caller trick you into transferring your money - Never transfer money if a caller says you must do this for “security purposes” to a “safe/secure/holding account”. Fraudsters might also say they’re from Bank of Scotland telling you that you are due a refund, or that you must complete a test transaction. We’ll never ask you to do this so hang up the phone!
It’s very rare for the Police or Scotland Yard to call people unexpectedly. If they do, they’ll never ask you to move your money. And they’ll always follow up with a visit from a Police Officer with photo ID and a warrant number.
The Police will never ask you to transfer money to a new account, and neither will we.
Don’t log in to your computer for a caller - If an unexpected caller claims there is something wrong with your computer or asks you to download something, this is almost certainly a con. The caller might claim to be from a broadband provider or trusted software company (even the one you use). But unless you asked for this phone call, it is likely to be a fraud.
If a caller asks you to log in to your computer, tell them you’ll make you own arrangements and hang up. Never tell a caller what you can see on your screen or allow anyone remote access (control of your machine) unless it's a company that you called first. Be very wary if the caller claims they have accidentally sent you money and ask you to send it back. If in doubt, put the phone down.
Find out how to protect yourself, and tell a scam email or text message from a real one.
Is the email asking for financial and personal info? - Fraudsters pretend to be well-known companies like Bank of Scotland be wary even if you think you recognise the sender. Genuine companies never ask for Internet Banking login details or card details in an email. Don’t reply, and don’t click on any links or attachments.
Do you know who really sent the email? - If in doubt, phone the company on a trusted number or visit their website by typing their web address directly into the address bar. Don't click on a link or copy and paste from the email itself.
Is the email trying to scare you into action? - Emails from reputable companies should sound reasonable and calm. Phishing emails often contain threats of account suspension or immediate risk of fraud. If you’re not sure about an email that looks like it’s from Bank of Scotland you can always phone us on the number on the back of your card.
Is the text message asking for financial and personal info? - Fraudsters pretend to be well-known companies: be wary even if you think you recognise the sender. Genuine companies never ask for Internet Banking login details or card details in a text. Don’t reply, and don’t click on any links or attachments.
Do you know who really sent the text message? - If in doubt, phone the company on a trusted number or visit their website by typing their web address directly into the address bar. Don't click on a link or copy and paste from the message itself.
Is the text message trying to scare you into action? - Does it sound reasonable and calm, like a message from a reputable company? Phishing text messages often contain threats of account suspension or immediate risk of fraud. If you’re not sure you can always phone us on the number on the back of your card about a message that looks like it’s from Bank of Scotland.
There are threats that can harm your devices even if you’re not aware that anything is wrong. But there are simple steps you can take to protect yourself.
Remember - always log out from your Internet Banking and lock your device with a PIN or password. Never leave it unlocked and unattended, and safeguard your device.
You can keep most viruses out if you:
Protect yourself by using security settings, PINs and passwords wherever you can. Think carefully about what you post in tweets, on Facebook, Instagram and other social media.
Think about what information you should not share online and how you can keep your account as safe as possible.
Passwords are key to online security on your Internet Banking, computer, tablet and smartphone. Choose secure passwords, don’t share them and change them often.
Make your password as secure as possible:
If you think anyone else knows your Internet Banking password, report it immediately.
Follow these simple tips to stay safe online:
Real-time fraud detection systems - When you are using Internet Banking, we use real-time fraud detection systems to decide whether it's really you or a fraudster. We use your data strictly according to the terms and conditions and your data privacy rights. If we see activity on your account that may be suspicious, we'll ask you to call our Fraud Department to confirm it's really you. If it's really you making the payment it will take you a few extra minutes, but this means that we are able to stop most fraud attempts and protect your account. We’ll also send you a text message and display a message in your Internet Banking account overview to confirm recent requests that might be suspicious.
Biometric analysis - We use behavioural analysis to help make sure it’s really you giving us instructions in your Internet Banking account. This technology builds a detailed profile of how you use Internet Banking (i.e. what’s ‘normal’ for you) which is very difficult for a fraudster to mimic. This data is used strictly in compliance with our Internet Banking terms and conditions, to protect your privacy and information about you.
DDOS protection - We aim to provide you with fast, accessible Internet and Mobile Banking, 24 hours a day. That's why we use state of the art DDOS (Distributed Denial of Service attack) protection, to stop hackers from blocking your access to your accounts online.
Bank name display - When you set up a new payment, we may display which bank account brand you’re sending money to, e.g. Barclays, HSBC, Tesco. By displaying this, we give you the opportunity to recognise if the new payment may be going to the wrong place, for instance if you were expecting to pay another Bank of Scotland account but it shows up as Lloyds Bank.
Helpful hints - You’ll see tiles and banners on the login page and throughout your Internet and Mobile Banking sessions once you’ve logged in, which will give you useful hints and tips on protecting yourself online.
For certain instructions you give us in your Internet Banking, such as setting up a payment to a new account, we need to make sure it’s really you to prevent fraud. You can choose to do this via our secure App, or you can receive an automated phone call and enter the 4 digits shown on your device screen.
Always make sure the explanation is the one you’re expecting.
Telephone Authentication is the recorded call where you’re asked to enter 4 digits from your computer screen to complete an Internet Banking action such as payment to a new beneficiary, new products or registrations.
If someone tells you to ignore this explanation (for instance, if they say it's just a test transaction), or if you don’t recognise the action described in the automated call, then you are speaking to a fraudster
You will never be asked to complete this call to receive money into your account.
This where you have chosen log in to your Bank of Scotland Mobile Banking App to authorise an action you’ve made on your computer or tablet such as payment to a new beneficiary, new products or registrations.
Read the explanation on screen carefully. If someone tells you to ignore this (for instance, if they say it's just a test transaction), or if you have not yourself requested the above actions, then you are speaking to a fraudster.
If we suspect fraudulent activity on your account we may contact you via telephone to confirm that you carried out the activity. We will confirm your identity by asking you to confirm questions from your credit file / details from your passport or driving licence. We will never ask you for your login details.
If you have a hearing or speech impairment, you can contact us 24/7 using the Next Generation Text (BGT) Service. If you’re Deaf and a BSL user, you can use the SignVideo service.
If someone knows your credit or debit card PIN or if someone has used your credit or debit card without your permission report it to us on:
External: 0800 0 288 335
International: +44 (0) 131 454 1605.
Opening hours: 07:00 Until 23:00
For any other issues that you think may be related to fraud please call Action Fraud:
0300 123 2040
Lines are open Monday to Friday 9am-6pm. Text phone users can ring 0300 123 2050.
They’ll be able to log the incident and provide you with a Crime Reference number if needed. Action Fraud collects data from across the UK to help banks and other businesses combat fraud.
We guarantee to refund your money (including charges and interest that you’ve paid or not received as a result) in the unlikely event that you experience fraud with our Internet Banking service. We will take steps to protect you 24/7, using technology and safeguards that meet or exceed industry standards, but you must also use our Internet Banking services carefully.
Being careful when you use our services includes, for example, that you:
If you've been grossly negligent, we will not refund any money taken from your account before you have told us your Security Details have been lost, stolen or could be misused.
We won't give you a refund if you have acted fraudulently.
For further guidance on using our online banking services, see our Internet Banking terms and conditions.