Bank impersonation scams can also be incredibly convincing. Criminals can spoof caller IDs, making it look like they’re calling from the bank’s genuine telephone number. They can also create copycat emails that look almost identical to the genuine emails sent by the banks.
That’s why it’s important to learn about the warning signs of bank impersonation fraud – and what to do if you’re contacted.
Here's how bank impersonation fraud could play out:
A fraudster usually calls the customer pretending to be from their bank, though they may use email or another contact method. It’s likely that they already know information about the customer, including their name and who they bank with, and may use this to convince them that the call is genuine. They could have got the customer’s information from a previous scam or phishing message, or have bought stolen personal data from the ‘dark web’.
Posing as bank staff, the criminal will tell the customer that their account is under threat from fraud and may ask them for their account details or to hand over control of their account. As part of this trick, the criminal may tell the customer that they need to make payments to a “safe account” or set up payments in order to “block the funds”. But actually, the customer is making a payment into an account which the fraudster controls. Whatever the scenario, criminals will try to create a feeling of panic to get the customer to act as quickly as possible.
Fraudsters may also try to take control of the account directly by asking customers to download screen sharing software (such as TeamViewer or AnyDesk). This would allow them to view or control the customer's device, making it easier to take control of the account.
What you can do to protect yourself
Be suspicious of unprompted contact from your bank. Banks will never call you out of the blue telling you to move your money to a safe account. Only criminals will do this.
If someone contacts you unexpectedly to say that there has been suspicious activity on your account or that your account has been hacked, either end the call or delete the email without clicking on anything. Instead, contact your bank using a telephone number you’ve found on their website.
- Never give out your personal or account details to someone who has called you unexpectedly.
- Don’t assume that a call or email is genuine just because the contact already knows your personal information or account details. They may have accessed it illegally.
- Never download any software onto your PC or mobile phone when asked by someone over the phone or by email – even if you think you are speaking to a trusted organisation.
- If you are unsure about someone who has called you claiming to be from the bank or another company, hang up and call back on the company’s published telephone number.
- Don’t click on links in emails or messages that seem suspicious as this could release malware on your device. Perform an antivirus check if you think your device could be at risk
What Triodos Bank will never do
We will never try to panic you, and we’ll NEVER do any of the following.
- We’ll never ask you for security details like your Triodos Mobile Banking App passcode, digipass number, or digipass PIN. Never read out a One Time Passcode to someone over the phone.
- We’ll never ask you to download any software onto your PC or mobile phone. If someone asks you to download screen sharing software, call the company back on their published telephone number.
- We’ll never call you to tell you to log into internet banking or to make a payment to a “safe account”. If we believe your account to be under threat from fraud, we can block the account ourselves and do not need you to do anything from your end.
- We won’t ask you to click a link in an email or text message to our Internet Banking. You should access this yourself via our website or the Triodos App.
If someone contacts you asking you to do any of the above, contact us immediately.
Essential information for digipass users
The digipass is a device that can be used to generate One Time Passcodes to authorise payments and to register new devices. You should never reveal your digipass number or PIN to anyone.
Don’t let someone else use your digipass – even a colleague or family member. Your digipass is assigned to you as an individual and must only be used by you. If you have a company digipass and leave your place of work, please let us know and we can arrange for your digipass to be cancelled.
If you’ve got a smartphone, you might want to consider using the Triodos Mobile Banking App and setting up a Mobile Secure Key instead. It’s an alternative to the digipass which lets you log in and authorise payments using your smartphone. As well as being more convenient, it’s also more secure.