Cybersecurity essentials : How to spot a scammer

While we do everything we can to keep your Cashplus Bank Account secure from cybercrime, we are aware that fraudsters are constantly identifying new ways to access your online identity. To help you stay one step ahead of the fraudsters there are some simple things you can do to avoid common, but ever more advanced, scams.

If you’re worried about something fraudulent in your Cashplus Bank Account or think you may have been a victim of cybercrime, contact us straight away on 0330 024 0924. 

If you’re looking for help and advice to keep your business safe from cybercrime, take a look at our dedicated business cybersecurity page.

An important reminder that we will never

• Ask for your login details like username and password outside of our banking app or Online Banking
• Ask you to reveal your personal or card information like your card number, account number, expiry date, PIN, One Time Passcode (OTP), or security number (that’s the one on the back of your card). Remember your OTP code is to authorise a payment or transfer. Please read the FULL OTP message before you enter the OTP code.
• Ask anyone else to contact you on our behalf asking for any account or personal details
• Ask you to urgently move funds from your account to another account
• Offer to help you remotely and get you to install software/share your screen
• Ask you to download any software other than our banking app
• Ask you to call us on a number that isn't listed on our Contact Us page
• Ask you to forward any emails that you've received from Cashplus
• Ask you to provide any details in order to cancel a transaction

Safety tip: if you’re ever unsure about whether an email has come from us, don’t open any attachments or links in the email and instead forward it to our Cybersecurity experts.

Types of scams

It can be tough to recognise what’s real from what’s not, so we’ve broken it down based on the type of scam.

Email scams

Among the most common ways scammers steal personal information like usernames, passwords and banking account details is through fake emails. As with phone scams, be cautious of scammers impersonating trusted sources such as the NHS or HMRC contacting you unexpectedly. Here are some tell-tale signs to look out for:

1. Any emails asking for any personal information, whether that’s your name and address or your bank or login details. Never click through from an email to confirm your account details.
2. A sense of urgency – beware of any requests with a fast approaching deadline, particularly around your accounts or payments, and threatening extreme consequences. It always pays to contact an entity directly to confirm whether it’s a legitimate request – don’t reply to the email.
3. Bad spelling and grammar and poor punctuation.
4. Pixelated or low-quality images and brand logos.
5. Impersonal greetings and salutations (such as, ‘Hello customer’) – Cashplus Bank will always call you by your first name in every email we send.
6. Strange looking or incorrect links and URLs – you can always hover your cursor over the link to see it in full and check its validity. If you’re ever in any doubt, never click on a link in an email and instead just type the address manually into your web browser (or hold the link with your finger to view the link on your phone).
7. Unfamiliar attachments – especially if they have strange looking or double extensions (like docx.docx). Never ever click on an attachment from a sender you don’t know.
8. Email aliases – it can be easy for scammers to mask an email address to make it look like it’s from us or another trusted source. If anything looks out of place in an email, click on the sender’s email address to see it in full and check they’re not using an alias to make it look legitimate.

Phone scams

Fraudsters often try to disguise themselves as trusted agencies like The Police, utility and telecommunications providers, HMRC, the NHS and banking/insurance providers to try and get your personal details over the phone, so if something doesn’t seem right or you are being put under pressure by the caller, please take the time to stop and think before you take any action being asked of you. Was the call received out of the blue or unexpectedly? Have you been asked to share personal information?

Here are some of the more common and more successful phone scams to watch out for:

The bank scam – someone calls pretending to be from your bank saying there’s an urgent problem with your account and you need to provide account details like your card number and PIN, or even transfer your money to a ‘safe account’. 

If you receive a call from someone claiming to be from Cashplus Bank and you’re unsure if it’s genuine, call back using the number on the back of your card or visit our Contact us page – don’t use the number the caller may have given you.   

The compensation scam – a company calling to offer compensation for a car accident you may or may not have been involved in. Whether you’ve had a crash or not, never engage with these callers but instead call your own insurance company on the number in your policy.

The HMRC scam – when the tax man calls most of us sit up and listen, which helps make scams about tax refunds and unpaid tax bills all the more intimidating. HMRC will never call you to ask for account details, whether it’s to take or make a payment, and won’t leave a message asking you to call them back either. If in doubt, log in to the HMRC website and call them direct on the number provided.

The IT scam – scammers are capitalising on people’s computer hacking concerns by pretending to be IT helpdesk callers from major companies like BT, Sky and Microsoft. They’ll often urge you to download new anti-virus software because your computer is infected (may be your phone, too) – which almost always turns out to be spyware designed to steal your personal and financial details. They may even have the cheek to charge you for the privilege.

The number spoof scam – technology now allows scammers to mimic official phone numbers on your phone’s display or even mimic the call centre recording for the company, lending them credibility that they are who they say they are. If they ask you for anything out of place, just hang up. If you’re unsure, call the company in question using the official number on its website. 

The NHS covid App scam - scammers are sending imitation text messages and making phone calls pretending to be from the NHS and offering fake vaccine certificates for sale on and through social media.

Safety tip: a good way to avoid the perils of phone scams is to stop as many as possible before they call you. Registering free with the Telephone Preference Service can reduce (but not eliminate) your phone number’s exposure to cold and scam callers.

SMS scams

Text message alerts are also susceptible to scams, their brevity often making them easier to accept as genuine rather than question. As always, if you’re ever in any doubt then contact the alleged sender company directly through their official channels. Here are a few things to look out for:

A request to call an unfamiliar number – if you don’t know the number, don’t call it. These can be high cost lines that charge incredibly high rates to connect you.

If you’re not sure about how to contact us, you’ll find our phone numbers on our Contact Us page.

A request for personal information – never send personal or financial information via text or through any links you’ve clicked on or calls you’ve made in response to a SMS.

A request from what seems to be a "family member or friend in need" - if you receive a message from a family member or friend with an urgent and out of the blue request for financial assistance, make sure to stop and check the message is legitimate. 

Safety tip: if you receive a text message claiming to be from Cashplus but you’re unsure it’s genuine, just contact our Customer Services and we’ll verify if it is for you.

Web scams and passwords

A big reason to not click on links in emails, text messages or Facebook/social media ads is because they can direct you to websites that look entirely genuine and legitimate when in fact they’re forged copies of the real thing. Enter your log in information on such a site and it goes straight to the scammers to use and exploit as they see fit. Here are some ways to stay safe:

1. Never log in to a website through a link provided to you either in an email or text message. Instead, manually enter the URL in your web browser.
2. Make sure any site you’re using is secure – you can tell because the URL will start with https:// and feature a padlock icon next to it.
3. Create better passwords – instead of a quick and easy password, try creating a passphrase of three to five random words (and symbols if you can remember them) instead. Try something that’s easy enough to remember but long enough to be really hard to crack. The number of letters you use may vary depending on the password character limit – it’s 8-20 characters with a Cashplus Bank login. And it should go without saying, but don’t use old favourites like maiden, child and pet names, important dates or favourite sports teams. Be creative!

Safety tip: create a new and unique password or passphrase for every site you log in to. Then if one website is hacked or your login details compromised, your other website accounts will stay secure.

If you’re ever concerned about whether a Cashplus Bank profile on social media is legitimate, check our Service status page to see if it's listed as one of our official profiles. 

From time to time there are profiles that pop up on social media trying to impersonate Cashplus Bank, if it is not listed as an official profile on our Service Status page, for your security do not engage with the profile. 

Don't forget to download the Cashplus Bank App. 

The simplest and most secure way to use Cashplus is via our app. With it you can:

• Turn on app notifications so we can send account updates and transaction alerts securely to your device
• Safely access your account details, balance and statements wherever and whenever you want
• Update your personal and login information and notifications settings – it’s important that you keep your contact details up to date so we can contact you if we spot anything suspicious on your account
• Temporarily block your card or report it lost or stolen

And, if you’re sharing your phone with family members, it’s important to never share your login details so that you are the only one accessing your account.

Whenever you are downloading apps, always make sure it’s from the official App Store or Google Play and not any other location.

For trusted and expert guidance on all aspects of your cybersecurity, we recommend the National Cyber Security Centre

This content was created on 21st February 2020