These scams can be incredibly convincing. Fraudsters may spoof caller IDs, so it appears they are calling from the bank’s genuine number. They may also send copycat emails that look almost identical to legitimate bank communications.

That is why it is important to understand the warning signs of bank impersonation fraud – and know what to do if someone contacts you unexpectedly. 

How bank impersonation fraud works:

A fraudster will usually call a customer pretending to be from their bank, although they may also use email or other contact methods. They may already know personal information such as the customer's name and their bank, and use this to make the contact sound genuine. They may have obtained these details through a scam, a phishing message, or stolen personal data.

Posing as bank staff, the fraudster may say the account is at risk and ask the customer to share account details, hand over control of their account, or move money to a "safe account". They may also tell the customer to set up payments to "block" funds. In reality, the payment goes to an account controlled by the fraudster. Whatever the story, the aim is usually the same: create urgency and panic so the customer acts before they realise it is a scam.

We also often see fraudsters use debit cards as part of an attack. The fraudster may already have compromised debit card details, and calls the victim about a supposed ‘pending’ fraudulent transaction that needs to be ‘cancelled’ or ‘refunded’. In reality, the victim is being manipulated into authorising a payment. Genuine refunds will never require authorisation in the Triodos app.

Fraudsters may also try to take direct control of an account by asking customers to download screen-sharing software (such as TeamViewer or AnyDesk). This would allow the fraudster to view or control the customer's device and gain access to their account.

What you can do to protect yourself

Be cautious of any unexpected contact claiming to be from your bank. A genuine bank will never call you out of the blue to tell you to move your money to a "safe account" or authorise refunds or 'cancellations' in your app. 

If someone contacts you unexpectedly to report suspicious activity or say that your account has been hacked, end the call or delete the email without clicking anything. Then contact your bank using a number from their official website.

Top tips:

  • Never share your personal or account details with someone who contacts you unexpectedly.
  • Do not assume a call or email is genuine just because the contact already knows your personal information.
  • Never download software onto your device at the request of someone who contacts you by phone or email.
  • If you are unsure whether a call is genuine, end the call and contact the organisation using it's published telephone number.
  • Do not click on links in suspicious emails or messages. If you think your device may be compromised, run an antivirus check.

What Triodos Bank will never do

We will never try to panic you, and we will NEVER do any of the following.

  • Ask you for security details such as your Triodos Mobile Banking App passcode, digipass number, or digipass PIN. You should never read out a One Time Passcode to anyone over the phone.
  • Ask you to download software onto your computer or mobile phone. If someone does, hang up and contact us using our published telephone number.
  • Ask you to authorise a pending “refund” or debit card transaction “cancellation” in your mobile banking app or through Internet Banking. Genuine refunds do not require customer authorisation.
  • Call you and tell you to log into internet banking or to make a payment to a “safe account”. If we believe your account is at risk, we can block it ourselves.
  • Ask you to click a link in an email or text message to access Internet Banking. You should always access this directly through our website or the Triodos App.

If someone contacts you asking you to do any of the above, contact us immediately.

How to report suspected fraud

If you suspect fraud, call us immediately on 0330 355 0355. We're here 8am-6pm weekdays (Thurs 9am-6pm) and 12pm-4pm weekends for fraud queries. If you're abroad, call +44 (0)1179 739339.

Once you’ve let us know, you should also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre. You can call them on 0300 123 2040 or report it online: actionfraud.police.uk

Essential information for digipass users

Green device with numbers 0-9 and Triodos logo, calculator-style screen, left and right buttons, backspace and OK (on/off button)
Here's an example of the digipass

The digipass is a device that can be used to generate One Time Passcodes to authorise payments and to register new devices. You should never share your digipass number or digipass PIN with anyone.

Do not let anyone else use your digipass – including colleagues or family members. Your digipass is assigned to you individually and must only be used by you. If you have a company digipass and leave that company, please let us know so we can cancel it.

If you have a smartphone, you may want to set up the Triodos Mobile Banking App with an identity check. By confirming your identity with a photo of your ID and a recording of your face, you will no longer need a digipass. Instead you will be able to use a passcode or biometrics to approve transactions and log into the Triodos App and Internet Banking. This is both more convenient and more secure.

Learn more about the Triodos App.

Watch out for other types of impersonation fraud

Bank impersonation fraud is not the only type of scam to be aware of. Criminals may also pretend to be from well-known companies such as like BT, Microsoft, or Amazon to steal personal or financial information. In some cases, they may even impersonate organisations such as HMRC or the police. 

Read our article on impersonation fraud