Fraudsters and scammers are becoming ever more sophisticated in how they operate. As the world and technology evolves, so, too, do the techniques used by criminals.
At Allica, we do everything we can to try and help prevent this. However, it’s important that you’re vigilant and alert, too, to protect yourself and your money.
Here, we’ll explore different types of common frauds and scams, and ways you can help keep yourself safe.
if you think you’ve been a victim of a fraud or a scam, contact us straight away.
What is fraud?
Fraud is a criminal act to deceive you and take your cash – it’s a transaction that you didn’t make or authorise.
What is a scam?
A scam is where you’re tricked into making or authorising a payment to a criminal’s account. Scammers impersonate banks, retailers and official organisations using emails, phone calls and texts that look and sound genuine.
Examples of scams:
- A text message with a link to listen to a voicemail. When you click this link it will download malware onto your device, creating a doorway for hackers to gain access to your device.
- ‘Too good to be true’ cryptocurrency promotions. Scammers will often look to leverage the popularity of cryptocurrencies such as Bitcoin by sharing ‘get rich quick’ opportunities.
- Scammers have been known to pose as potential love interests in order to win people’s trust. Watch out for people requesting money that you haven’t met in person.
How to combat fraud
Fraudulent emails
What to look out for
- Threatening or urgent-sounding ‘act now’ suggestions.
- Inaccuracies and spelling mistakes.
- Unexpected emails that claim to come from a financial institution.
- Urgent requests and threats.
- Claims that your account has been compromised.
- Requests to “Open an Attachment” or “Click a Link”.
What you can do to stay safe
- Be suspicious of unsolicited emails. Listen to your instincts. If something doesn’t feel right, then stop and question it.
- Never reveal your bank details or other personal information if requested by email.
- Check links in emails are legitimate by ‘hovering’ your mouse over the link to view the web address (URL) without clicking. If it is different to what you were expecting, do not click.
- Consider having different email addresses for different purposes; one for your bank to use, another for family and friends and perhaps a different address for online newsletters.
Fraudulent phone calls
What to look out for
- ‘Vishing’ (short for 'voice phishing') – sometimes fraudsters try to trick you into divulging personal and confidential information, including bank account details, over the phone.
- ‘Smishing’ (short for SMS phishing) – when fraudsters use text messages instead to trick you into giving up personal details.
What you can do to stay safe
- Criminals who have called your landline can stay on the line for up to five minutes, even after you have hung up. Wait at least 10 minutes after hanging up. Then, to ensure that the fraudsters have disconnected, call someone you know before using the phone again or use a different line to report the incident to the Bank.
- Sometimes fraudsters make phone calls claiming to be from a reputable IT organisation to offer assistance. Never allow a cold-caller to take remote access of your computer.
- Never respond to suspicious text messages or click on links contained sent by text from contacts you don’t recognise. These links may lead to malicious content. Send a screenshot of the suspicious text to customer.services@allica.bank and then delete it.
- Please note, that we, the police, or any other genuine organisation will never ask for your help in investigating crime. If you are contacted with a similar request, please end the call immediately and call us to inform us of the suspicious call.
Being safe online
Online banking
The internet has made banking much more accessible and convenient. With online or mobile payments being used every day, there are precautions you need to take to ensure that you enjoy the safest banking experience possible:
- Never reveal your online login information to anyone.
- Shoulder surfing – make sure you are not being observed. When entering passwords or PINs into online accounts in a public place, shield your screen and ensure no one is overlooking you or trying to distract you.
- Monitor your accounts on a regular basis. Check for suspicious transactions. If you do find anything suspicious, report it.
- Always log out completely from online banking. Select the log out button rather than just closing the website or app.
- Use secure websites (https). When entering login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:
- The web address (URL) has changed from ‘http’ to ‘https’.
- That a closed padlock icon is present.
- Your browser address window may be green.
Password safety
- Never give your password out to anyone. A strong password following the guidance below will help to keep your password ‘hard to crack’.
- More than eight characters. The more complex the better.
- Make it unique. Try using a specific password only once for one platform.
- Replace letters with numbers and symbols. B@tm@nB3g1ns (Batman Begins) is an example.
- Vary it. Random words made up of a combination of upper and lowercase letters, numbers, and symbols.
- Memorable. Make sure it’s easy to remember. Making it personal doesn’t have to make it easily crack-able!
Protecting your computer, tablet or phone
- Use antivirus programmes and update them regularly.
- Only download apps/software from trusted sources like the Play Store (Google) or the App Store (Apple).
- Make sure your device is wiped of data before being sold on.
- You can wipe your device of data remotely if you suspect you have lost it/had it stolen.
- Look out for signs that your device is infected with a virus/malware. Does it run slower than usual, bring up unusual pop ups, have unusual error messages, or does your toolbar look different?
Reporting fraud
If you suspect you have been a victim or fraud or a scam, contact us as soon as possible.
Note that, if we need to contact you about a potential fraud on your account, we will do this through a secure channel, such as the phone, SMS, or email.
What is Authorised Push Payment (APP) fraud?
APP fraud is when you’re tricked into sending money from your account under false pretences. Nobody has to hack into your account or pretend to be you to complete the fraudulent activity.
It’s a particularly challenging type of fraud because, technically, you’ve agreed to make the payment. This can complicate the investigation process as you gave your explicit approval – even though it was because you believed the situation was legitimate.
Examples of APP fraud and top tips for prevention
APP fraud takes lots of different forms, but there are some you’re more likely to encounter than others – especially in a business setting.
Impersonating your bank
A scammer might pretend to be calling from your bank. They have sophisticated ways of making it look like a call is coming from an official bank phone number, so you might not suspect anything at first.
We will never ask you to transfer your money elsewhere (or within the bank) or call you out of the blue. Those are immediate red flags you should watch for.
Top tip: Tell the person on the phone that you’ll ring them back in a minute. Then, use a different phone to call the bank’s contact number as listed on their website or your app. You can then decide whether you think the call was legitimate. It’s wise to use a different phone as there have been incidents where individuals have remained connected to fraudulent callers, even when they believed they had hung up and redialled.
Social media marketplaces
If you’re buying something using an online marketplace, it’s possible that a fraudster could pretend to have an item for sale.
After you make your payment, they’ll delete their account and remove the listing.
Top tip: Never pay upfront for an item you haven’t seen. Anybody who asks you to pay in advance should put you on the defensive.
Impersonating trustworthy organisations
Fraudsters often exploit our trust in established organisations, pressing our psychological buttons to trick even the most cautious of us.
Commonly impersonated organisations include HMRC, the police or utilities companies.
Top tip: Don’t let yourself be pushed into urgent action. Take the time to contact that organisation away from the original conversation and independently verify information.
Investment scams
Promising huge payouts and guaranteed returns, investment scams tend to be pushed using social media.
No investment can guarantee you a return and should only be made with Financial Conduct Authority (FCA) registered companies.
Top tip: Search the FCA register to make sure the company is legitimate and remember that if an opportunity sounds too good to be true, it usually is.
Fake supplier invoices
A criminal could create a fraudulent invoice, either from you or for you. Either way, you or your customers could end up losing money if a fake invoice slips through the cracks of your invoicing process.
Top tip: Use purchase orders and have a named contact attached to every invoice for an added layer of security. If you receive an unexpected invoice, double check against previous invoices from that supplier and contact them directly to check its authenticity.
Impersonating an executive or senior figure
Getting a message from your CEO with an urgent reason for you to transfer company funds is stressful. It’s exactly the kind of situation a criminal wants to exploit.
This kind of impersonation plays on our psychological biases and how we tend to follow instructions from those in power, even if something doesn’t seem right. We don’t want to cause trouble for the person in charge, but a bit of discomfort is much better than accidentally participating in fraud.
How to avoid APP fraud
We’ve shared some specific tips for avoiding different types of APP fraud, but there are also best practices you can embed in your day-to-day activities that can help.
Ideally, you’ll be fraud-aware at all times, without driving yourself to paranoia or excess worry. With the right grounding and knowledge, you’ll be able to confidently handle and avoid any of these unfortunate situations.
Pause, think and get a second opinion
In almost all APP fraud situations, the criminal will urge you to act quickly. They don’t want your rational brain to start working; they want you to feel panicked or pressured.
In reality, there’s no reason a bank (or any other company) will call you up and demand action from you there and then. In a real situation, they should be fine with you stopping the conversation, taking time to think and verify the situation.
It’s even better if you can talk to somebody you know and trust about the situation, as they can provide a valuable neutral perspective.
Double-check the details
If your alarm bells are ringing, your first step should be to double-check that they are who they say they are.
Check the phone number or email address being used against your previous records and the details listed on the company’s website, email signatures and so on. Look out for the tiniest differences, down to single letters or numbers.
As an example: firstname@alllica.bank looks fine if you skim over it but, looking closer, you’ll see there are three Ls instead of two.
If you’re dealing with a phone call, it’s possible for a fraudster to stay on the line and make it seem as though you’ve disconnected. If possible, you should try to contact the company from a different phone to verify the call.
Only deal with FCA-regulated businesses
The FCA is an independent body that makes sure any business offering financial services meets their high standards for responsibility, risk management and communication.
You should only deal with FCA-registered businesses, as their regulations are designed to help keep consumers safe.
Trust your gut if something feels wrong
Human instinct counts for a lot. If you’re not sure about a call, email or request you’ve received, follow that feeling.
It’s better to act with an abundance of caution than it is to be reckless.
Steps Allica takes to prevent APP fraud
We take fraud incredibly seriously at Allica, as any financial services company should. Some of the steps we take to protect our customers include:
-
Confirmation of Payee (CoP) – if you’re setting up a new payment, we use CoP to verify the name of the account against the name you’ve entered. If the two don’t add up, we’ll alert you so you can check again.
-
Payment-specific checks – if you’re making a larger payment than normal, or there’s some other reason that a payment seems out of the ordinary, we’ll ask you some specific questions to verify the situation before releasing the payment.
-
Anti-fraud team – we’ve got a dedicated team of anti-fraud specialists who are using the latest technology to intercept fraudsters and intervene if they do reach you.
Those are just three of the ways we protect you from fraud but there is a lot more we do behind the scenes to keep you and your accounts safe.
Your rights as a victim of APP fraud
If the worst happens and you do fall victim to APP fraud, you may be eligible for reimbursement.
The new rules apply to consumers using Faster Payments and CHAPs, including payment service providers (PSPs) that offer accounts in the UK. Consumers are:
-
Individuals.
-
Charities (whose income is less than £1 million per year, and is a charity as defined by the Charities Act 2011, Charities and Trustees Investment (Scotland) Act 2005 or the Charities Act (Northern Ireland) 2008).
-
Micro-enterprises (fewer than 10 employees and/or has a turnover or annual balance sheet that does not exceed £2 million).
Each claim is assessed on a case-by-case basis, but the maximum claim limit is £85,000 across all linked claims.
To make a claim with us, you must meet the eligibility criteria of a consumer set out above, be an Allica customer with a business current account or savings account, and the fraudulent payment must have been made to a UK account using Faster Payments or CHAPS. However, here’s what is not covered:
-
international transactions.
-
any claim reported more than 13 months after the final APP fraud payment.
-
payments that were made for an unlawful purpose, such as for the purchase of an illegal item.
-
payments using a credit or debit card.
-
payments to another account you control.
-
payments where you have been involved in the fraud.
-
payments where you have made a false claim.
-
private civil disputes (for example, a payment for a product or service that you are not satisfied with).
-
payments through credit unions, municipal banks and national savings banks.
-
payments where you haven't taken steps to protect yourself from the scam.
How to make a claim after APP fraud
If you’ve been pushed to make a fraudulent payment from your Allica Bank account, you should tell us by contacting us at scams@allica.bank or by calling us on 0330 094 3333.
Under the consumer standard of caution, when you make a claim, we expect you:
-
to have been mindful of warnings or interventions made either by Allica, or by a competent national authority, for example the police.
-
to promptly report the scam to us upon learning or suspecting of falling victim to a scam.
-
to comply with appropriate information requests from us to support the assessment of the claim.
-
to report to the police.
We will:
-
acknowledge your claim by email within one business day.
-
inform you if we require any further information to assess your claim.
-
aim to inform you of a final decision within five business days, explain whether we have accepted or rejected your claim and, if it has been rejected, our reasons for doing so. In some circumstances, it may take longer while we investigate.
-
pay any approved reimbursements into the same Allica account from which the fraudulent payment was made.
If at any point during your APP claims process you aren’t satisfied with our response, you can register a complaint with us. If you’re dissatisfied with our response to your complaint, you may be able to complain to the Financial Ombudsman Service (within six months of the date of the final response).
You can never be too safe
When it comes to financial fraud, it’s always best to default towards overcautiousness. If you’re not 100% convinced about a request you’ve received, step back and do all the precautionary work you need to feel comfortable.
There’s almost no instance when a financial services provider will rush you to make a decision or put pressure on you to act in a certain way. These are immediate red flags and should set your anti-fraud processes into action.
You can be confident that, as your bank, Allica is doing everything possible to keep you safe. Criminals are unfortunately very dedicated and constantly trying to find ways past anti-fraud systems.
You are your own last line of defence, which is why it’s so important you create and maintain a strong fraud-aware culture within your business.
Further reading:
-
Latest updates from Cifas – the UK's fraud prevention community
-
Fraud Focus - rise in ‘Hello Mum’ scams, bank card scams, and cheap malware offers
-
Allica Bank - customer security page
-
FCA Register – useful for checking whether an organisation can legitimately provide financial services
-
Companies House – useful for cross-referencing UK company information