Common fraud threats

Being aware of common threats, knowing how they work and what to look out for can help protect your business against falling victim to fraud.

Here are some of the common techniques fraudsters attempt to use to trick you into giving away your business information, banking details or even access to your computer.

Online fraud

The internet brings many benefits, but it also gives criminals the chance to steal your personal or financial information through computer malware, fake emails, websites or social media accounts.

Criminals can create fake websites to look exactly like the genuine one but with slightly amended web addresses. These are then presented to victims when they search for their bank through search engines.

How to protect yourself from online fraud

  1. If you access online banking through a tablet or mobile phone, we recommend you set up strong passwords or passcodes on your device and keep it locked when it isn't in use.
  2. It's important that you avoid using a search engine or search engine adverts in order to access online banking.
  3. Always type the website address in to the address bar instead. That way, you'll know you're on the official website.
  4. Never tell anyone the codes from your security token or those generated from the app.
  5. Never allow anyone to access your device remotely.
  6. If you are asked to download software and then asked to log in to online banking, it's a scam.
  7. Protect your device by downloading security and anti-virus software, keeping them updated when prompted.
  8. Don't overshare your information on social media – be careful what you post.
  9. Check your privacy settings to help ensure you are only sharing with people you want to.

If you think that you may have revealed your security details, fallen victim to fraud, or notice any unusual activity on your account, please contact us:

For credit card customers – +44(0)345 600 6000

For business banking customers – +44(0)3457 213 213

Call charges

Scam emails, texts or social media messages (Also known as Phishing and Malware)

Fraudsters send fake messages which appear to be authentic and from legitimate organisations.

Scam messages can be very convincing and are popular with fraudsters. Fraudsters will deliberately mimic the contact details of the Bank, Police or other trusted companies to hide their true identity.

Scam messages will often imply a sense of urgency encouraging you to act fast, e.g. to call a phone number included in a text message to stop a fraud payment or include a request for personal information, or banking details such as password or security credentials.

Scam messages can lead to you speaking to fraudsters, who may try to trick you into providing account security such as; verification codes or token codes to move money out of your account without you realising. Remember we will never ask you to provide verification codes or token codes over the phone.

Some scam messages will contain links or attachments which, if accessed, will take you to a fake website that prompts you for your online banking details. The fraudsters then use your details to access your account(s) and steal your money.

Accessing fake websites or opening attachments in scam messages may install malware, a type of malicious software. This steals information and can be so sophisticated that it can work in the background to move your money, or trick you into believing that you've been unsuccessful in logging onto your online banking page and prompts you to re-enter your security details, which the fraudster captures.

How to protect yourself from scam emails, texts and social media messages.

  1. If you are in any doubt that a message may not be genuine, stop and do not respond. Instead, call us using a trusted number from the back of your card, your bank statement or from our contact us page.
  2. Be vigilant to any out of the blue message requests from family members, friends or work colleagues, which involve you transferring money to them. It's always best to check the message first by speaking to the person direct before deciding to part with any money.
  3. Never respond to an unexpected message from an unknown source. Always avoid clicking on links or opening attachments contained in messages. Never log into online banking through a link in a message.
  4. Ensure you use strong passwords and lock your devices when not in use. Keep your anti-virus software up to date and always complete security and software updates when promoted. This can protect you from viruses contained in links and messages.
  5. Be vigilant and alert to requests to re-enter your security credentials or any unusual screens, when banking online. These could be an indication of malware.
  6. When making a purchase online or inputting personal details on a website, always make sure it's secure. Look for a padlock symbol in your browser, usually next to the web address and check that the web address starts with 'https' rather than just 'http'. This tells you that the connection is encrypted but it should be noted that secure sites can also be created by criminals. So although this is a good check it should be one of many that you do when assessing whether a site is legitimate. If you have any concerns about the site then do not enter any information at all.
  7. If you want to check that an email, text or social media message received is genuine, use contact details obtained from a reliable source.
  8. To help stop SPAM texts forward the text to 7766. For further advice on nuisance calls and messages visit the OFCOM website.
  9. If you are using a Third Party Provider (TPP), please read our advice on how to use Third Party Provider (TPP) services safely.

Neither your bank nor the police will ever ask you to move your money to another account to keep it safe.

  • If you have seen a scam email or text message claiming to be from us, please let us know by forwarding it to ihaveseenascam@co-operativebank.co.uk
  • If you think that you may have revealed your security details, fallen victim to fraud, or notice any unusual activity on your account, please contact us:

For credit card customers – +44(0)345 600 6000

For business banking customers – +44(0)3457 213 213

Call charges

Scam telephone calls (Vishing)

Fraudsters may phone you out of the blue and claim to be from the bank, police, or other reputable organisations, in an attempt to obtain your personal information and banking details.

Fraudsters may even try to trick you into allowing them access to your computer to steal your money.

Regardless of how professional or convincing a caller sounds, remember the bank, police or other trusted organisations will never contact you by any means to:

  • Ask for your financial information or your full security details.
  • Ask you to provide your PIN code or requests to collect your bank card from your home address.
  • Ask you to provide a verification code or token code.
  • Ask you to move your money to a new or ‘safe’ account.

How to protect yourself from telephone scams

  1. Always be wary of unexpected cold calls. Say no to requests for information and don't be afraid to terminate the call.
  2. Never respond to callers who ask you to confirm your PIN, verification codes or token codes, or to request to collect your bank card from your home address. We will never ask you to do this.
  3. Never respond to a request to transfer your funds to another bank, even if the caller advises you that you need to urgently move your money to a ‘safe’ bank account. We will never ask you to do this.
  4. Never respond to a caller who asks you to log on to online banking or a request that allows them remote access to your computer.
  5. Don’t assume a call is genuine because they know personal details about you or by the caller ID information. Fraudsters can copy the telephone number of an organisation and make it appear on the caller ID display.
  6. If you want to validate a phone call use contact details obtained from a reliable source.
  7. If you are using a Third Party Provider (TPP), please read our advice on how to use Third Party Provider (TPP) services safely.

Computer software scams

When criminals pose as these representatives they may try to coerce you in to downloading an app or software on to your mobile or computer which allows them to access your device.

Criminals will use a range of methods to contact you, typically through a text message or a telephone call. Once they’ve made contact with you, they will pose as a representative from a genuine organisation such as the Bank, the Police, a government department or a broadband and telecommunications company. They’ll try to persuade you to act, often with claims that there has been suspicious activity, that there has been a security compromise or that you are due a refund of some sort. Here’s some examples of tactics they’ll use:

The Police or Fraud Department – They may tell you there is fraud on your account and that you need to move your money to keep it safe. They may even say they need your help with an investigation, but not to tell us as it could be an internal issue.

HMRC – You must pay an urgent tax bill or face prosecution.

Broadband and telecommunication companies – Problems with your broadband or that your internet is compromised.

Computer Software Scams

When criminals pose as these representatives they may try to coerce you in to downloading an app or software on to your mobile or computer which allows them to access your device. During the conversation, they’ll trick you and ask you to log in to your online bank account. Once you do this, the software you have downloaded allows them to take over your computer, enabling them to steal your money.

Be vigilant to any 'out of the blue' contact either by text message or from a telephone call.

  • If somebody calls you, no matter who they say they are, it’s important that you never agree to download an app or software on to your laptop, computer or mobile device. Especially if they then ask you to log in to your online banking accounts.
  • Never tell ANYONE your online banking token PIN (Personal Identification Number), not even us!

Remember these key tips:

  • Be vigilant – if you are unsure if a text message or phone call from us is genuine. Stop! Don’t panic, and contact us using the number on the back of your card, ideally using another telephone as the caller could try to stay on the line.
  • You can also contact a genuine company by using a trusted number from their website.
  • Neither the Bank nor the Police will ever contact you and ask you to move your money to another account to keep it safe. Neither will we ask you to help us with a fraud investigation.
  • HMRC will never text or call you and threaten you to pay a tax bill or face prosecution.
  • You will never be contacted by anyone and asked to log in to your online bank account to check that you have received a refund or to request that you return an over payment.

Invoice re-direction scams

Invoice re-direction scams can result in losses that run into hundreds of thousands of pounds. It happens when a fraudster tricks a business into changing bank account payee details for a known supplier.

All businesses, regardless of size, can become a victim of fraud. To protect your business from this threat always verify a request to change bank payment details. Contact your supplier directly using established contact details, before implementing the change or completing the payment.

If you hold a business account with us and think you may have fallen victim to an invoice redirection scam contact us immediately.

How do invoice scams happen?

Fraudsters will do their research. They will often be aware of the detailed relationships between businesses and their suppliers and know when regular payments are due.

Fraudsters may attempt to intercept genuine invoices and change the bank payment details.

Alternatively, they may contact the business by telephone, email, letter or fax, posing as a trusted supplier to make a formal request to change the bank account payment details held.

If the business does not validate the change and settles the invoice, the funds go to an account that the fraudster has access to.

The fraudulent payment is then quickly transferred, often to outside of the UK, making the recovery of funds extremely difficult.

Often the business does not realise they have been scammed until the genuine supplier chases for non-payment, in some cases this can be weeks or even months later. At this point, it is virtually impossible for the business to get the stolen funds back.

Alternative reports of this scam have included fraudsters falsely claiming to be a senior member of a business, providing account details and instructing an urgent payment to be processed. If the business completes the request, the funds go to an account the fraudster has access to.

What are the warning signs to look out for?

Any unexpected requests to change or update payment details for a regular supplier.

Whether made by telephone, email, letter, or fax, if your business is contacted ‘out of the blue’ to amend bank payee details always treat this as a potential warning sign.

Any unexpected, urgent payment requests made via email, text or fax, which supposedly appear to have been made by an internal senior member and provides account details.

What steps can I take to protect my business from this scam?

Protect your business by:

  1. Treating any notification to change a supplier’s bank account details or complete an ‘urgent’ payment, as a high risk activity.
  2. Always verifying a request BEFORE implementing the change or completing the payment. Be mindful not to use the contact details provided on the instruction, instead use established contact details to validate the change.
  3. Educating staff with responsibility for processing invoices to be alert to scams and unexpected payment requests. To always check for irregularities and to raise concerns immediately.
  4. Ensuring that senior staff members of your business know about this fraud risk and understand exactly what they are authorising.
  5. Agree at least two designated points of contact with all your regular suppliers.
  6. Reconciling accounts daily to help quickly identify potential fraud payments.
  7. Being mindful of information displayed on your company website and if this could be used to facilitate fraud.
  8. To not presume an email, text or fax request to make an urgent payment is genuine, even if it appears to have been sent by a senior member of the business.

I have lost money to an invoice scam. What should I do?

If you hold a business account with us and have fallen for an invoice re-direction scam recently or may have received a fraudulent request, contact us immediately.

If you don’t bank with us and have lost money to an invoice re-direction scam report it to Action Fraud, the UK’s national fraud reporting centre at www.actionfraud.police.uk or by calling 0300 123 20 40

Call charges

Where can I find out more about safeguarding my business against fraud?

More information about protecting your business from fraud is available in the scams booklets below.

Little book of big scams (business edition)

Financial Fraud Action UK Leaflet

Information is also available by visiting the Financial Fraud Action website.

Money mule scams

Fraudsters will try to trick you in any way they can, including offering you the chance to earn money. Fraudsters recruit 'money mules' who are used, sometimes unwittingly, to transfer illegally obtained money between different bank accounts.

Criminals often pose as employers, contacting you online or in person with offers to "earn from the comfort of your own home" or "make easy cash, with no experience necessary".

The scam works by a participant being asked to receive money into their bank account and then to transfer it to another account, keeping some of the cash for themselves.

Students, people who are unemployed, new residents to the country or anyone in financial hardship are often the most at risk to this type of scam.

The consequences

If you transfer money through your account that is from the proceeds of crime, you're a money mule. Even if you are not directly involved in the crimes that generate the money paid into your account.

If you fall for this type of scam and move money on, you are acting illegally and could be prosecuted and imprisoned for up to 14 years.

Your bank account will be closed and you will have problems applying for credit, loans or mobile phone contracts in the future.

How to protect yourself

  1. If you have already responded to a money mule scam, stop transferring money immediately and contact us at your earliest convenience.
  2. Be wary of any jobs promoted on recruitment sites, social media or in chat rooms for positions such as 'Account Manager', 'Transfer Manager' or 'UK Representative'.
  3. Don't give your bank account details to anyone unless you know and trust them. A legitimate company will never ask you to use your own bank account to transfer money.
  4. Be cautious of unsolicited offers of easy money. If it sounds too good to be true, it probably is.
  5. Research any company that makes you a job offer and make sure that their contact details are genuine.
  6. Be wary of job offers where all interactions and transactions are completed online.
  7. Be wary of job adverts with poor English, spelling and grammatical mistakes.

Report Fraud

If you think that you may have revealed your security details, fallen victim to fraud, or notice any unusual activity on your account, please contact us immediately on:

For business banking customers – +44(0)3457 213 213 

For commercial banking customers - +44(0) 03457 213 213

For credit card customers – +44(0)345 600 6000

Call charges

If you have seen a scam email claiming to be from us, please let us know by forwarding it to ihaveseenascam@co-operativebank.co.uk

Not found what you're looking for?

Contact our support team