What is Phishing?
Phishing is when a criminal contacts you by email and tries to gain your personal details e.g. name, date of birth, financial details, and/or login details by convincing you they are from a bank or another trusted organisation. This could be by asking you to click a link or download an attachment.
How to identify a potential phishing email?
- The email address doesn’t match the website address it says it is from. Always check the sender’s email address.
- The email doesn’t address you directly e.g. ‘Dear Customer’.
- The email tells you to act immediately.
- The email contains a link to an address that looks like the proper email address, but has a character difference or is incorrect. If you hover over the link it will tell you where it will take you.
- The email is asking you to provide personal information e.g. name, date of birth, address, account details.
- There are spelling and/or grammatical errors.
- The body of the email is an image instead of text.
- The logo or design of the email looks different.
How to protect yourself from a phishing email?
- Never provide your sensitive login/personal details by email.
- Never click on a link or download an attachment in an email you are not expecting.
What to do if you receive a phishing email?
- If the email appears to be from Vanquis but you don’t believe it is forward it to firstname.lastname@example.org and then delete it. We investigate every email we receive, however we cannot guarantee you will receive a response.
- If an email appears to be from another company check with the company directly using a known number e.g. such as the number on the back of your card. It can also be reported to Action Fraud.
What is Smishing?
Smishing is similar to phishing but is via SMS (text message).
How to spot a smishing message?
- It asks you to provide sensitive, personal or financial information, your password or to make transactions by following a link in the message.
- You are asked to call a specific number that isn’t related to the genuine company.
- The sender uses an urgent tone.
What to do if you receive a smishing text?
- Do not reply to the text, even to text stop as this will confirm to the criminal that it is a live number.
- Do not click on any links within the text message that you are not expecting.
- It asks you to call a certain number but that number is unknown to you. In this case, call your bank or service provider on a number that you trust to check the number and message is authentic. E.g. such as the number on the back of your card.
- Delete the message.
What is Vishing?
Vishing is a where a criminal pretends to be phoning from a bank, the police or another trusted organisation to trick you into revealing your financial and/or personal details to gain access to your bank and/or credit card accounts. The criminal could ask you to call them back whilst they remain on the line. When you redial you are reconnected directly back to the criminal. Always dial back from a different phone line if possible, if not wait 5 to 10 minutes. If it is a genuine call the company will not mind waiting.
Remember Vanquis will never call you to ask for your PIN or to transfer money to another account and the police will never offer to collect your card from your home.
How to identify a vishing call?
- The fraudster doesn’t provide you with time to think e.g. they may try to stop you from speaking to a friend or family member.
- The fraudster asks you to transfer money to a new account saying it is not safe in the current account.
- The fraudster asks you for your PIN.
- The fraudster requests you to withdraw money to hand over to them for safe keeping.
- The fraudster may offer to send a courier to collect your cash, PIN, payment card or cheque book.
What to do if you receive a vishing call?
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and revealing security details. Remember, criminals can also make any telephone number appear on your phone handset so even if you recognise it or it seems authentic, do not use it as verification they are genuine. If you are unsure you are talking to your bank, check the back of your card and call the number on a different phone if possible.
A Data Breach is when a customers’ personal and confidential information held by a company or organisation is compromised.
Once a fraudster has an individual’s details they could use any of the above methods (phishing, vishing, smishing) to contact a customer and pretend they are from a trusted organisation. They may do this to obtain personal details to gain further credit or to ask you to transfer money.
If a company, who you are a user of, experiences a data breach then you should change your password to the account directly on the company’s website. Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text.
Once a criminal obtains your details they may takeover one of your accounts. This is a type of fraud where somebody uses another person’s account information to obtain products and services using the genuine person’s existing accounts.
What is a money mule?
A money mule is a person who is used by criminals to move illegal funds between accounts, whether in person or electronically, in order to launder the money and evade authorities.
How to protect yourself?
- A legitimate company will never ask you to use your own bank account to transfer their money. Don’t accept any job offers that ask you to do this.
- Be especially wary of job offers from people or companies overseas as it will be harder for you to find out if they really are legitimate.
- Never give your financial details to someone you don’t know and trust.
What are investment scams?
This is when a criminal tricks you into making an investment for something that is worthless or doesn’t exist. We have listed some of the types of investment scams below:
- Binary – This is a form of fixed-odds betting where criminals offer high returns.
- Advance – This scam involves being told you have won a lottery you did not enter or an inheritance you did not know was due. They will usually ask for a fee upfront for administration costs. Genuine lotteries will not ask for a fee upfront to release your winnings.
How to protect yourself?
- Be wary of unexpected phone calls that are selling you investment with huge financial gains.
- If it sounds too good to be true it probably is.
- Before you make an investment check the FCA list of businesses to check the company is authorised: https://register.fca.org.uk