What is identity theft?
Phishing, vishing, and smishing – as strange as they may seem, these odd-sounding names are a few of the ways scammers try to get your details to commit fraud. They all involve criminals posing as real people or companies to trick you into revealing your password, PIN, or other account information. Because scammers are always changing their methods, anyone can get caught out. However, if you know the commons signs of a scam and what to do if you spot them, you can make sure you’re always one step ahead.
You don’t need a degree in fraudology to stay protected against scammers. Just remember that, regardless of how they go about it, fraudsters almost always want key pieces of information from you to commit their crimes, such as your passwords, PINs, secret answers or bank cards.
‘Phishing’ (a hacker’s way of spelling ‘fishing’) is a term used to describe criminals tricking people into giving away personal details. Phishing attacks can come in many forms:
Phone (voice phishing, or vishing)
Text (SMS phishing, or smishing)
Social media and fake sites that are designed to look like real web pages you use on a regular basis.
Sometimes two types of phishing are combined. For example, by including a link in a text message from your ‘bank’ (smishing) to a fake online banking login page (phishing through website forgery).
While all phishing attempts involve the fraudster pretending to be someone they’re not, it’s worth knowing a bit more about what warning signs to look out for in each case. Want to know what a scam looks like? We’ve outlined some common examples including holiday scams and investment and pension scams.
Genuine banks will never send you a link that takes you straight to the online banking section of their site. Also, real online banking pages will always show the secure padlock symbol in the address bar.
A bank email that asks you to do any of the following things could be a phishing attack designed to steal your information:
Verify your account information
Provide your card details
Provide your passwords.
Phishing emails are often sent from addresses that are either completely unrelated to the company they claim to represent, or an unofficial looking variation of the real website address. There are signs you can look out for to help protect yourself:
Check that the spelling of the site name in the ‘from’ part of the email exactly matches the official site.
Your bank may include the last four digits of your account number at the top of the email to show it’s really them getting in touch. If this information isn’t included, it could be a scam.
Look for bad spelling and grammar in the email – real banks know how to cross their T’s and dot their I’s.
Sometimes all it takes to stop a scam is thinking things over for a few minutes before going any further. Find out more at Take Five – a national awareness campaign that’s all about taking a moment to consider if what you’re being told makes sense.
Scam phone calls or voice phishing – vishing for short – is when fraudsters attempt to get your personal data over the phone. This is often by pretending to be from a reputable company such as your bank or mobile network. They can be a real nuisance, especially when they continue to call even after you’ve hung up. Don’t hesitate to keep hanging up, though – it’s better to be safe and call the company back to be absolutely certain you’re speaking to the real deal than accidentally give out your private banking details.
Not all vishing scams involve fraudsters asking you to pay over the phone. Sometimes they’ll try to arrange a meeting in person to collect the cash they’ve requested.
Some scammers even try to send a courier to your home to pick up your debit or credit cards. Real companies that handle cards and payments will never ask you to do anything like this. Because it’s sometimes hard to know who’s calling, it’s best to always be careful with the details you share over the phone.
Real companies sometimes ask you to prove you’re the account holder by confirming a few letters or numbers from a secret answer or password.
If you’re asked for your full password or secret answer, it could be an attempt at vishing.
If you’re a Barclaycard customer, you can put any phone number into our number checker to confirm it’s really us calling you.
Most of us have received a dodgy-looking text at some point or another. Smishing, short for ‘SMS phishing’, is another way fraudsters can try to get your personal information. Here’s a few ways fraudsters use texts to scam people:
Links in smishing texts can take you to sites that ask for your bank details.
Some links in smishing texts make you download a harmful virus onto your mobile phone or tablet that steals your information.
Marketing messages are quite common, but be suspicious of any that ask for your financial details or send you to a site that tries to collect them.
If you do call – or click – and you’re asked for personal details, end the call and block the number, or close the webpage.
Scammers sometimes use social media, but not in the same way as the rest of us. For example, some put a lot of time and effort into creating fake pages on social media sites to commit online fraud. Some of these pages even have convincing looking company logos, photos and terms and conditions.
Here’s how scammers sometimes use adverts on social media:
1. The hook. To encourage people to visit their pages and send sensitive personal information to them, fraudsters create fake ads to try and catch you out.
2. The bait. The ads are designed to tempt you into clicking, for example, offering the chance to make some easy money, or prompting you to check your security settings.
3. The trap. Clicking on the fake advert could take you to another site that asks for your full email address and password. It may even be designed to look like the site you’ve just come from.
If in doubt, close the page and go back to the genuine site by re-typing its address into your browser.
To boost your knowledge of digital security, try our Fraud Fighter tool, which gives expert advice on passwords, personal data and more.
Watch out for unusual messages from friends or strangers. Fraudsters are known to use psychological techniques, including pulling at heartstrings, to get the information they need. For example, scammers have been known to use dating sites to create a romantic connection with someone who they later guilt-trip into sending them money. Learn more about financial scams and how to avoid them.
If you receive a message from someone you don’t know that asks to borrow money, it’s probably best to ignore and report it.
If it’s a friend asking for a financial favour, it could be the real deal, or it could be from a scammer who’s gained access to their account. There’s a simple way to avoid getting caught out – check with your friend either on the phone or in person. If it’s not your friend, report the message. If it is, at least you’ve found a chance to catch up.
Use your social media account settings to control who can see your complete profile. If possible, it’s worth leaving extra details such as your phone number and home address out of your social media profiles. Sharing portions of your life on social media can be fun, but when it involves sensitive information that could give criminals the upper hand, it’s best to keep it for your eyes only.
If you spot the signs of a scam, you can report it to Action Fraud – the national fraud and crime reporting centre. Your report is reviewed by experts to decide if there’s enough information to send to the police for further investigation. You’ll also get a message from them by letter or email letting you know what action has been taken. You can also let the Citizens Advice Consumer Service know. It’s a free service that offers confidential and independent advice to help consumers with their problems.
If money has been taken from your account or you’re worried a scammer might have enough of your details to do so, let your bank know right away. They can then protect your account from further issues.
The Barclaycard security team works around the clock to protect you from fraudsters. Here’s just a few of the ways we keep your account safe:
● Our fraud protection means you’ll be refunded for any fraud carried out on your account.
● Your account is monitored 24/7. If we spot something that doesn’t look right, we’ll either call you in person, or alert you with an automated call in under 60 seconds.
If you’ve received a suspicious email from someone pretending to be a Barclaycard representative, you can contact our fraud team over the phone on 0800 318 665 or forward the email to email@example.com. To check what a genuine call from Barclaycard sounds like, you can listen to a real automated voice call.
It’s a good idea to flag all emails you suspect to be phishing attempts as spam and block the sender so you don’t get more from them in the future. On social media, if you get a message you don’t trust or see an advert or profile you think is fake, use the Report button to flag it for review.
From choosing strong passwords to keeping your personal data safe and spotting scams, our Fraud Fighter tool boosts your knowledge on how to stay one step ahead of the bad guys. Check it out now.