Account takeover fraud is when criminals get unauthorised access to a person’s account and use it for some type of personal gain.
Jump to:
A criminal will call you unexpectedly pretending to be from your bank, the police or a trusted organisation. They might use real names that they have found on social media and might even call you on what appears to be the Bank’s customer helpline.
They begin casting a spell on you, putting you into panic mode by telling you that your account has been compromised and is no longer safe – they prey on you feeling stressed or scared.
The fraudster may tell you that you need to secure your account or that they need to move your money into a safe account.
They may try to access your account through our mobile app or online banking. Their aim is to get your customer ID, user ID and your security token so they can log in to your online banking or register for the mobile app on their own device and access your accounts.
You do not need to be registered for our mobile app to become a victim.
Fraudsters often target people who do not have our mobile app as they are less familiar with how it works.
You feel a sense of panic and urgency.
The fraudster takes advantage of your vulnerability and persuades you to disclose your customer ID, user ID and your security token from your HID Approve app or plastic security token.
If you disclosed your customer ID and user ID, the fraudster will then continue to register for the mobile app or log into your account on online banking using the details provided in panic.
They will then ask you to generate your security token in the HID Approve app or using your plastic security token.
The security token is an additional layer of security to check that it is you using our mobile app – never share this with anyone who contacts you.
The fraudster will then convince you to share your security token so they can enter it on their own device - never share this with anybody (banks, police and other organisations will never ask for this code).
Never share your security token with anyone who contacts you. If a fraudster gets it they can access your account and steal your money.
The fraudster gains access and can access your account.
They are then free to steal your money.
Say no
Say no to callers asking for personal information. A genuine organisation will never ask to move your money or to share your details over the phone or email.
Do not feel pressurised by the urgency
Do not let the person on the phone pressurise you into giving your details quickly. If in any doubt, hang up and call the company back using their official number from their website.
If the caller claims to be from the Bank or the police, put the phone down and call 159 where you will be safely routed through to our fraud team.
Do not rely on caller ID
Do not rely on the caller ID display on the phone to check if the caller is genuine. Fraudsters can manipulate this to impersonate trusted organisations.
Never share your security token
Never share a security token or PIN with anyone who contacts you, even if they claim to be from a reputable company or the Bank. Banks, the police and other organisations will never ask you to disclose your security token or any other personal information.
Change your password regularly
We know it can be tempting to use similar passwords to make them easy to remember. But choosing strong passwords and changing them every few months helps to keep your accounts secure and can stop fraudsters getting access.
You can access straightforward and impartial advice as part of the Take Five national campaign. Visit Take Five to Stop Fraud.
Find out more about common fraud threats and how to avoid them.
Not found what you're looking for?
Contact our support team