Jump directly to the content
SCAM ALERT

Scammers are using new online security checks to trick people into handing over details

SCAMMERS are using new online security checks to trick banking customers into handing over their personal details.

Many banks, card providers and retailers are currently in the process of emailing customers asking them to provide up-to-date contact details ahead of a roll out of new checks for online card payments.

 Scammers are mimicking emails sent from HSBC asking for up-to-date personal details
3
Scammers are mimicking emails sent from HSBC asking for up-to-date personal detailsCredit: Which?

Tougher checks - known as strong customer authentication (SCA) - is being implemented over the next year and a half in an attempt to reduce the amount of fraudulent online payments.

But has found that tricksters are mimicking the emails in the hope that you'll confuse them with the real deal and part with your passwords.

The fraudsters can then use the information you provide to log on to your online banking and drain the account.

The scammers are firing out emails at random in the hope that you'll accidentally open it and mistake it for a real one. This is called phishing.

 Scammers have also been impersonating Royal Bank of Scotland
3
Scammers have also been impersonating Royal Bank of ScotlandCredit: Which?
 Scammers are trying to trick Santander customers into handing over their details
3
Scammers are trying to trick Santander customers into handing over their detailsCredit: Which?

So far, the consumer group has spotted dodgy emails from Santander, Bank of Scotland and HSBC.

Each of the messages ask you to click on a link included in the email that takes you to a website that's actually run by scammers.

The websites have been taken down since the consumer group alerted the banks to the fraud set up, but it expects to see more of them over the next 18months of implementation.

SCA rules, which are being issues under the Payment Services Regulations 2017, mean that when you use your card to pay online your bank will carry out extra checks to make sure it's really you.

How to protect yourself from fraudsters

ACTION Fraud recommends taking the following advice to stay safe:

  • When making a purchase, be suspicious of any requests to pay by bank transfer or virtual currency instead of safer methods, such as credit card or payment services such as PayPal.
  • Listen to your instincts: If something feels wrong then it is usually right to question it. Don’t pay for goods or services unless you know and trust the individual or business.
  • Personal information obtained from data breaches is making it increasingly easier for fraudsters to create highly targeted phishing messages and calls - watch out for these.
  • You shouldn’t assume the caller is genuine just because they’re able to provide some basic details about you.
  • Always be suspicious of unsolicited requests for your personal or financial information.

You will be asked to do two out of the three following things - either enter in a one-time passcode sent to your phone, enter a unique password or passcode, or provide a fingerprint, voice pattern or facial recognition.

This is on top of other information such as you card number and CVV code, in an attempt to reduce fraud.

Experts warned that a third of online shopping payments will be blocked over fears that banks aren't ready for the new rules.

But in the meantime, you can keep yourself safe from tricksters by being vigilant to emails claiming to be sent by banks.

Look out for spelling mistakes that might give the email away as not being genuine.

You should also check the real sender's address - some scammers mask theirs with one that looks like it's from the bank.

How will your bank send you an authentication code for online shopping?

HERE'S how your bank will let you know the authentication code when SCA rules come into force:

  • HSBC- Customers will be emailed a code if shoppers aren't able to receive it via text, but only if they have shared their email address with the bank.
  • Lloyds, Halifax and Bank of Scotland - Consumers can only opt to get the code via text or messaged to their landline if they have one.
  • Royal Bank of Scotland and NatWest - Shoppers can choose to have the code emailed to them instead, but delays could leave the transaction to time out and customers will have to start the purchase again.
  • Barclays - customers will be able to receive the code via the app, a text message or via its PINsentry card reader.
  • Santander - The bank is to allow customers choose between getting a text or using the app.
  • Metro Bank - The bank will contact customers by text. It is currently reviewing alternative methods and is yet to update customers on the changes.
  • Starling - The digital-only bank is managed via the app so all customers already have access to a mobile phone. Customers will be sent a security code via the app, or in case when users can't get signal, it will generate a one-off code offline.
  • Monzo - Yet to alert customers of any changes. All customers have access to a mobile in order to manage their accounts. Payments will be made via the online app. Monzo says that if devices are connected to wifi to make online payments, then the mobile phone can also be connected in order to receive the code.

You can do this by clicking on the email address to reveal the true sender.

You can also check whether the links a real before clicking on them by hovering your mouse over the URL.

If it look suspicious to you, don't click on it and contact the company directly to ask them if it's legitimate.

A spokesperson for Santander told The Sun that the bank "works hard to both detect and prevent scams" but that consumers should still be on their guard.

A HSBC spokesperson pointed out that phishing is an issue that affects the whole industry and that it is working to raise awareness of the tactics used by scammers.

They added: "HSBC UK will NEVER ask for confidential information in an email, or ask to confirm your security details and links within our emails will only take customers to information pages.

"We would ask anyone receiving dodgy emails to forward them to [email protected] so we can get the sites shut down urgently."

The Sun has contacted RBS for comment.

O2 and EE customers urged to check accounts as hundreds hit by African phone call scam


We pay for your stories! Do you have a story for The Sun Online Money team? Email us at [email protected]


Topics