Online banking fraud – how to avoid becoming a victim

12th May 2015

Banking fraud is an ever-present and increasing threat to both individuals and companies. With fraudsters making use of increasingly sophisticated technology to perpetrate these scams, it is more important than ever to be alert to the risk of your bank account becoming a target.

To help you to avoid becoming the next victim of this fraud, we have highlighted the main methods being used by fraudsters to carry out these attacks, along with our top tips for identifying and preventing these attacks.

Main types of attack:

1. Phishing emails – this involves an email being sent from what looks like your bank, requesting you to update or verify your personal and financial information. This email will contain a link that takes you to a spoof website that looks similar, or identical to, your bank’s genuine site. By inputting your confidential information, the fraudster is able to capture your personal data, including your online banking passwords. Clicking on the link will also allow the fraudster to download malware onto your computer and record even more information about you, which can then be used to compromise your online bank accounts.

2. Malware – short for ‘malicious software’, this covers a variety of intrusive software programmes including viruses, worms, Trojan horses and spyware. Malware works by infiltrating your computer without your consent and includes key stroke capturing, where fraudsters capture passwords and other personal details by installing software, which runs invisibly on your PC. Malware can also enable fraudsters to gain remote control of infected systems, thereby enabling them to use the infected devices to process transactions out of view.

3. Vishing – short for ‘voice phishing’, this covers situations where a fraudster will imitate a caller from your bank. The caller will usually tell you about a fake ‘fraudulent’ transaction to get you to divulge information about your online banking details, including your username and PIN. Once the fraudster has this information, they will use it to gain access to your bank account to make fraudulent payments. Alternatively, recognising that individuals may be cautious about divulging their banking details over an inbound call, the caller may instead ask you to call your bank on what looks like its usual number in order to discuss the fake fraudulent transaction. The fraudster will then leave the line open in order to intercept the call and obtain all of the information that you believe you are giving to your bank. Whilst on the phone, the fraudster may also advise you to move money to a fake ‘safe’ account.

Top Tips to prevent you from being a victim of banking fraud


  • Hover over links to reveal the full email address; it will often look similar to an email address from your bank, but there will be a subtle change in spelling which leads you to believe on a quick glance that it has been sent by your bank;
  • Look out for poorly worded emails; this is an indication that the email is from an untrustworthy source. For example “Dear Custome”;
  • Always be suspicious of emails where you are asked to click on a link to your online banking log-in page. Your bank will never ask you to do this;
  • Do not open any links or attachments unless you are sure you can trust the sender;
  • Do not disclose passwords, log-in details or your card PIN details when responding to an email; and
  • Companies in particular should apply dual authorisation settings so at least two people are needed to approve an online banking transaction.


  • The main warning signs that malware may be being installed on your PC and which should alert you to close down your internet browsing windows are:
  • – Unfamiliar prompts when using online banking which do not normally occur;
    – Numerous windows popping up which do not usually appear;
    – Your computer crashing frequently; and
    – Your computer opening unwanted websites which you have not asked for.
  • To avoid malware attacks:
    – Install high quality internet security software and run regular scans;
    – Ensure you have the firewall turned on and configured properly; and
    – Use a dedicated computer for your online banking, and avoid accessing your online banking in public or on a public Wi-Fi.


  • Always ensure inbound calls are genuine;
  • Where possible, call your bank back on a number known to you and used previously, and not on the number provided to you by the caller;
  • Be suspicious if you are asked to provide your full log-in details for your online banking or PIN code Your bank will never ask you to do this; and
  • If the caller asks you to phone your bank, then either use a different phone to call them, wait at least 5 minutes before calling them, or phone someone you know before calling your bank to ensure that the line is clear.

Related Blogs

View All