What does account takeover fraud look like?

Account takeover fraud is when criminals get unauthorised access to a person’s account and use it for some type of personal gain.

Jump to:

Spot the signs of account takeover fraud

Step 1: Fraudster contacts you and tries to get access to your accounts

A criminal will call you unexpectedly pretending to be from your bank, the police or a trusted organisation. They might use real names that they have found on social media and might even call you on what appears to be the Bank’s customer helpline.

They begin casting a spell on you, putting you into panic mode by telling you that your account has been compromised and is no longer safe – they prey on you feeling stressed or scared.

The fraudster may tell you that you need to secure your account or that they need to move your money into a safe account.

They may try to access your account through our mobile app or online banking. Their aim is to get your customer ID, user ID and your security token so they can log in to your online banking or register for the mobile app on their own device and access your accounts.

A screenshot depicting log in journey for mobile and desktop user

You do not need to be registered for our mobile app to become a victim.

Fraudsters often target people who do not have our mobile app as they are less familiar with how it works.

Step 2: The fraudster persuades you to give them your security details

You feel a sense of panic and urgency.

The fraudster takes advantage of your vulnerability and persuades you to disclose your customer ID, user ID and your security token from your HID Approve app or plastic security token.

The Co-operative Bank Business Online Banking and Business Banking App
The Co-operative Bank Business Banking App

Step 3: Security token is generated by the HID Approve app or physical plastic security token

If you disclosed your customer ID and user ID, the fraudster will then continue to register for the mobile app or log into your account on online banking using the details provided in panic.

They will then ask you to generate your security token in the HID Approve app or using your plastic security token.

The security token is an additional layer of security to check that it is you using our mobile app – never share this with anyone who contacts you.

Step 4: Fraudsters convince you to share your security token

The fraudster will then convince you to share your security token so they can enter it on their own device - never share this with anybody (banks, police and other organisations will never ask for this code).

The Co-operative Bank Business Online Banking

Never share your security token with anyone who contacts you. If a fraudster gets it they can access your account and steal your money.

The Co-operative Bank Business Banking App

Step 5: If you share your security token, the fraudster gains access to your account and can create payments

The fraudster gains access and can access your account.

They are then free to steal your money.

Top tips for avoiding account takeover fraud

  • Say no

    Say no to callers asking for personal information. A genuine organisation will never ask to move your money or to share your details over the phone or email.

  • Do not feel pressurised by the urgency

    Do not let the person on the phone pressurise you into giving your details quickly. If in any doubt, hang up and call the company back using their official number from their website.

    If the caller claims to be from the Bank or the police, put the phone down and call 159 where you will be safely routed through to our fraud team.

  • Do not rely on caller ID

    Do not rely on the caller ID display on the phone to check if the caller is genuine. Fraudsters can manipulate this to impersonate trusted organisations.

  • Never share your security token

    Never share a security token or PIN with anyone who contacts you, even if they claim to be from a reputable company or the Bank. Banks, the police and other organisations will never ask you to disclose your security token or any other personal information.

  • Change your password regularly

    We know it can be tempting to use similar passwords to make them easy to remember. But choosing strong passwords and changing them every few months helps to keep your accounts secure and can stop fraudsters getting access.

Take five to stop fraud

You can access straightforward and impartial advice as part of the Take Five national campaign. Visit Take Five to Stop Fraud.

Take Five logo

Learn more

Not found what you're looking for?

Contact our support team