Phishing & other scams
Familiarise yourself with some of the most common types of fraud – and know what to do if you think someone’s trying to trick you.
Phishing is a common type of fraud where a fraudster tries to trick people into revealing their online security passwords. The passwords will then be used to gain access to online accounts and commit theft.
The attacks are simple
A fraudster sends out a fake email that has been designed to look like a legitimate one from a financial organisation. The email directs or encourages people to visit a website to revalidate or reactivate access to their online accounts.
The website is fake. It has been designed to look like the target organisation's real website so may look very realistic. The website will contain a form for people to enter their passwords and other personal information. Once some passwords have been collected, they will be used to try to commit fraud. For more information look at our Email Fraud FAQs.
What to do
If you receive a Phishing email, DO NOT REPLY and DO NOT FOLLOW any of the instructions in it, even if the tone of the email suggests that action is required urgently.
- We will NEVER ask for the whole of your password (except when you want to change it), we will only ask for three characters from it.
- We will NEVER send you an email with a link that directs you to any kind of login page.
- Always check the URL (address) of the web page you are viewing. All Accord Mortgages web pages addresses start with one of the following:
- When you want to log on to our website, its best to type the whole address yourself, or click on a link saved as a Favourite or Bookmark. This will help you to make sure that you really are visiting www.accordmortgages.com and not a fake website.
- Always check the security of the site before you log on by looking for the padlock. If you receive a suspicious email, please forward it to us at email@example.com. This is a service provided by a specialist third party company; your report will be investigated and action will be taken to close down any fake websites to protect you and other customers who may have been targeted. Please note that you will not receive a response to your email.
Email fraud FAQs
In recent years fraudsters have targeted a number of major UK banks and other organisations in an attempt to trick customers into revealing their usernames and passwords for Internet banking services.
Frauds of this type, sometimes called 'phishing', involve fraudsters sending fake emails to an organisation's customers. These emails are carefully crafted to make them look as real as possible, as if the organisation themselves have sent it, not the fraudster.
How widespread is this?
This is a problem that has affected organisations around the world.
Why have I received an email?
You haven't been singled out. The fraudsters obtain a large number of email addresses through various means - someimes even guessing them - and blanket email all these addresses. As so many are sent out, they will probably reach many people who have online accounts with the financial organisation they are targeting by chance.
Accord Mortgages does not share email addresses with anyone outside the Yorkshire Building Society Group.
How does the fraud work?
The approach is similar in all cases:
- An individual receives an email, apparently from their bank or building society, suggesting that the access to their online account may have been compromised, and requesting that they click on the link provided to confirm the details.
- When the link is clicked, they are taken to a web page which looks very much like the genuine bank or building society website.
- On the website they are asked to complete a form with their name, address, date of birth, account number, login details (PIN, password, memorable word, etc) credit card and/or debit card information and click a 'submit' button to send this information. Having obtained this information the fraudsters quickly use it to access the account and transfer money from it.
What should I do if I have received an email and clicked the link?
- Contact us immediately by phoning 0345 1200 872. We can then change your login details to keep your account secure.
- If you have passed on information about other accounts, credit cards, etc, contact the providers of those facilities immediately as well.
Note: Accord Mortgages will never ask you for confidential information in an email. In addition, our staff will never ask you to reveal your password or memorable word. If you receive an email asking you for confidential information that appears to come from Accord Mortgages, please contact us on the above number immediately.
What can Accord Mortgages do about this type of attack?
We are confident that our systems are secure but if users give their login information to someone else there is always a risk of financial loss.
Once we know of a problem we will:
- Change login information
- Check the affected accounts and, if necessary, freeze them to prevent loss.
- Contact the police and other related authorities in an attempt to find the fraudsters and shut down their operations.
Share fraud and boiler rooms scams
Share fraud scams sell worthless or overpriced shares and are often run from 'boiler rooms' full of salespeople using high pressure, unfair and dishonest cold calling sales techniques. These scams can also come by email, post, word of mouth, at seminars, in the press, or online. If people already own shares in a company they may receive a call from someone offering to buy them, usually at a higher price than their market value. This might sound like a great deal, but it will likely come with a request for money upfront as a bond or other form of security, which the fraudsters say they will pay back if the sale does not go ahead. In reality the victim never hears from them again.
Victims are told that they are due inheritance from a long lost relative who lived abroad and to receive it they just need to attend a hearing the next day. When the victim can't attend due to the short notice, the fraudster asks them to send money to pay for an official to attend on their behalf. In reality the inheritance doesn't exist and the victim loses their money.
Dating scams are when victims think they've met their perfect partner online when in reality they are fraudsters.
Once the fraudsters are confident that they've gained the victim's trust, sympathy and desire for them, they will tell them about an emotive problem they are experiencing and ask the victim for money to help. For example: They're arranging to visit the victim but need money to pay for travel costs, visa costs etc. Or they've paid for a plane ticket which is then stolen. A family member or someone else they are responsible for is ill and they need money for medical treatment. Once the victim sends them money, the fraudster will keep coming back with more reasons to send them money.
Telephone scams (Vishing)
A victim receives a call from a fraudster pretending to be either their building society/bank or the police. They tell the victim that their card is at risk of being used fraudulently or that there is a problem with their account, and advise them to call their building society/bank. The fraudster will then hold the line open by not ending the call. When the victim calls their building society/bank, they unwittingly speak to the fraudster who may persuade them to transfer funds, withdraw money, or reveal security information.
This is similar to a vishing scam but after gaining the victim's trust, the fraudster will advise them that they will send a courier to their home to collect the card and take it to their building society/bank or to the police. The fraudster may use the card and pin to withdraw funds from the victims account or to make purchases.
In this scam the fraudster contacts people to tell them they've won a large sum of money in an international lottery, sweepstake or other prize draw. In order to claim their non-existent winnings, the victim is asked to send money to cover various fees such as taxes, legal fees, banking fees, etc. Often victims are not given time to think or ask for advice as they are pressured into responding quickly to avoid missing out. The result is that victims lose their money rather than winning a prize. If victims respond to the fraudster, they may be asked to supply personal information and copies of official documents, such as their passport, as proof of identity. The fraudsters can then use this information to steal the victim's identity
Work at home and business opportunity scams
A business opportunity which claims to offer a quick way to make a lot of money from home without having any qualifications, skills or expertise, is advertised in local newspapers, magazines, shop windows, on lamp posts, on the web or in a letter. Before starting any work the victim has to pay money upfront, usually in the form of a registration fee or to enable the 'employer' to buy goods. After this money has been paid, the victim either finds that there is either no work to do or that they will not be paid for any work they have done.
Victims are offered the chance to work as a mystery shopper evaluating international money transfer outlets such as Western Union. The victim receives a cheque to deposit into their account and then pay cash to the fraudster via Western Union to test the Western Union service. However, after the victim has sent the funds, the cheque is identified as fraudulent and bounces meaning they are never paid back. Victims can also unwittingly commit the offence of money laundering on behalf of the fraudster by opening an account, accepting money in and then transferring back to fraudster.
Smishing - the term combines "SMS" and "phishing"
Smishing is basically a phishing scam that is sent via Short Message Service (SMS) text messages. Fraudsters send people an SMS text message, claiming to be from their building society/bank or service provider, asking them to do something. While most people are familiar with email phishing scams, they're less aware of smishing scams and are less wary of these text messages. Smishing scams often direct people to visit a website or request that they call a phone number. If the victim visits the website, it may attempt to infect their computer with Malware (malicious software). If they call the number, they may be asked for sensitive information, like a credit card number, which the fraudster may use or sell on.
Advance fee fraud
Advance fee fraud is when fraudsters target victims by asking them to make advance or upfront payments for goods, services and/or financial gains that never actually materialise.
Please contact us immediately if you are concerned that:
You may have disclosed any confidential information to an unknown third party. You believe a transaction on your account is fraudulent. You are a victim of identity theft. You have any concerns about security.
For more information on current fraud scams, please visit the following websites
- actionfraud.police.uk - a service run by the National Fraud Authority - the Government agency that helps to co"ordinate the fight against fraud in the UK
- content.met.police.uk/Site/fraudalert - the Metropolitan Police website
- fca.org.uk/consumers/scams - regulators of all providers of financial services in the UK.