in this section:


Site Security
Privacy policy
Phishing
Technical questions

Phishing

Phishing is a common type of fraud where a fraudster tries to trick people into revealing their online security passwords. The passwords will then be used to gain access to online accounts and commit theft.

The attacks are simple

A fraudster sends out a fake email that has been designed to look like a legitimate one from a financial organisation. The email directs or encourages people to visit an internet site to revalidate or reactivate access to their online accounts.
The internet site is fake. It has been designed to look like the target organisation’s real internet site so may look very realistic. The website will contain a form for people to enter their passwords and other personal information. Once some passwords have been collected, they will be used to try to commit fraud. For more information look at our Email Fraud FAQs.

What to do

If you receive a Phishing email, DO NOT REPLY and DO NOT FOLLOW any of the instructions in it, even if the tone of the email suggests that action is required urgently.

  • We will NEVER ask for the whole of your password (except when you want to change it), only three characters from it.
  • We will NEVER send you an email with a link that directs you straight to any kind of logon page.
  • Always check the URL (address) of the web page you are viewing. All Accord Mortgages pages start with one of the following:
    http://www.accordmortgages.com
    https://online.accordmortgages.com
  • When you want to logon to our site, its best to type the whole address yourself, or click on a link saved as a Favourite or Bookmark. This will help you to make sure that you really are visiting www.accordmortgages.com  and not a fake site.
  • Always check the security of the site before you logon by looking for the padlock.
    If you receive a suspicious email, please forward it to us at phishing@ybs.co.uk. We may not be able to respond to each message individually, but each message we receive will be looked into and we will take steps to close down any fake websites we identify.

Email fraud FAQs

In recent years fraudsters have targeted a number of major UK banks and other organisations in an attempt to trick customers into revealing their usernames and passwords for internet banking services.

Frauds of this type, sometimes called 'phishing', involve fraudsters ending fake emails to an organisation's customers.  These emails are carefully crafted to make them look as real as possible, as if the organisation themselves have sent it, not the fraudster

How widespread is this?

This is a problem that has affected organisations around the world.

Why have I received an email?

You haven't been singled out.  The fraudsters obtain a large number of email addresses through various means - even guessing them - and blanket email all these addresses.  As so many are sent out, they will probably reach many people who have online accounts with the financial organisation they are targeting by chance.
The Yorkshire does not share email addresses with anyone outside the Yorkshire Building Society Group.

How does the fraud work?

The approach is similar in all cases:

  • An individual receives an email, apparently from their bank or building society, suggesting that the access to their online account may have been compromised, and requesting that they click on the link provided to confirm the details.
  • When the link is clicked, they are taken to a web page which looks exactly like the bank or building society website.
  • On the website they are asked to complete a form with their name, address, date of birth, account number, login details (PIN, password, memorable word, etc) credit card and/or debit card information and click a 'submit' button to send this information.
    Having obtained this information the fraudsters quickly use it to access the account and transfer money from it.

What should I do if I have received an email and clicked the link?

  • Contact us immediately by phoning 0845 1 200 805.  We can then change your login details to keep your account secure.
  • If you have passed on information about other accounts, credit cards, etc, contact the providers of those facilities immediately as well.
    Note: Accord Mortgages will never ask you for confidential information in an email.  In addition, our staff will never ask you to reveal your password or memorable word.If you receive an email asking you for confidential information that appears to come from the Yorkshire, contact us immediately.

What can Accord Mortgages do about this type of attack?

We are confident that our systems are secure but if users give their login information to someone else there is always a risk of financial loss.
Once we know of a problem we will:

  • Change login information
  • Check the affected accounts and, if necessary, freeze them to prevent loss 
  • Contact the police and other related authorities in an attempt to find the fraudsters and shut down their operations
Visit our security area for details about how you can keep your data secure.

 

site map | security & privacy | legal notices

Association of Mortgage Intermediaries Supporting intermediaries in treating customer fairly

Information on this site is for use by authorised intermediaries only and should not be relied upon by anyone else

Accord Mortgages Limited is authorised and regulated by the Financial Services Authority. We are entered in the FSA register and our FSA registration number 305936.

Accord Mortgages Limited is registered in England No: 2139881 Registered Office: 1 Filey Street, Bradford, BD1 5AT. Accord Mortgages is a registered Trade Mark of Accord Mortgages Limited.