Protect yourself against frauds and scams

Authorised Push Payment fraud is when you are deceived into transferring money from your account to a fraudster’s account. They often do this by contacting you via phone, email or social media and pretending to be someone else such as your bank, solicitor, a contractor, an estate agent or the police, for example.

On 28 May 2019, a number of banks and one building society, Nationwide, signed up to a new voluntary protection scheme, the ‘Contingent Reimbursement Model Code’, which now falls under the responsibility of the Lending Standards Board. The members of this scheme offer current accounts and process millions of transactions every day.

The Family Building Society, along with all other Building Societies with the exception of Nationwide, is not part of this voluntary Code. This is because we do not operate current accounts or allow payments to be made to 3rd party accounts. Only payments made to a customer’s own nominated account are allowed.

What we do to help protect you against Authorised Push Payment Fraud

Although the Society is not part of the voluntary Code, you can be assured that any case of fraud that is reported to us is investigated thoroughly and promptly.

Anti-fraud measures are already in place to help combat fraud, from our own electronic security systems that protect your data, to our branch staff who are trained to spot when someone is about to fall victim to a scam.

Phishing refers to emails that attempt to fraudulently obtain your sensitive information. These emails will often direct you to a website requesting you to enter your personal information such as bank log in details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

Common features of phishing emails are:

• Appear to be too good to be true (they often are)
• Have a sense of urgency
• Address you in an unusual way
• Contain multiple grammatical errors
• Contain hyperlinks or attachments which may be from an unusual sender

If you receive an email from us that you are suspicious about, simply forward the email to besecure@familybsoc.co.uk and we will investigate it.

Fraudsters can also make unsolicited telephone calls encouraging individuals to provide sensitive data such as personally identifiable information. This is known as Vishing. 

If you’re unsure about a call you receive from any financial organisation, call them back but from another phone line such as a mobile or landline. We would recommend waiting about five minutes before doing so as sometimes the fraudster on the other end doesn’t hang up so when you make another call, they’re still on the line.

When we make an outgoing call e.g. to check something on an application or letter, please be aware that we will ask for personal data to identify you. We encourage you to follow the steps above if you are at all suspicious about any aspect of the call.

Furthermore, with online accounts, sometimes scammers will try to get access to your account by using a one time code or one time password. They will fill in the website with all the information they have for you like name, email etc. They will then call you pretending that they work for the company that you have your account with. Usually, the scammer will explain that they are calling to offer you an incentive such as a bonus or an extra for free in your account.

They will sound believable and they will explain to you that you will now receive a one time code so that they can ‘proceed’ to verify your account. At that moment the scammers will still be on the website and the website will send you a 1 time password (OTP) which they will ask you to read out to them. They will then enter the one time password and gain access to your account. 

Pharming is another scam whereby a fraudster installs malicious code on a personal computer or server. This code usually redirects any clicks you make on a website to another fraudulent website without your consent or knowledge. 

Be especially careful when entering financial information on a website. Look out for the ‘s’ in https and the key or lock symbol in the browser. Don’t click on the website unless you’re absolutely certain that the website is secure.

As you would expect, we take looking after our customer data and money very seriously. 

We’re proud to have received Cyber Essentials Plus accreditation. This means the Society has the necessary technical security and controls in place to ensure customer data is safe and secure.

For more information on what we do to protect your data and how you can keep your data secure please click here.

To help keep your data and personal information safe you should ensure you set a strong password on your account. To help set a strong password see the useful points below.

• Don’t use personal information
• Don’t use easily recognisable numbers
• Avoid using the word ‘password’
• Use a mixture of letters and numbers
• Use a mixture of capital and non-capital letters
• Use symbols such as an asterix or exclamation mark
• Make sure you have a long password
• Modify easy to remember phrases
• Try using three completely random words

It’s important that you change your password regularly and use different passwords to those you’ve already used for other accounts. Also, don’t write passwords down or share them.

In order to benefit from the latest security features that Google and Microsoft introduce as a matter of course, it is important that your web browser is up to date. 

We have created step by step instructions on how to check and upgrade your browser which you can view here.