Fraud awareness
We're dedicated to protecting your account and personal details - learn how to keep your business safe by recognising and reporting fraud
We're dedicated to protecting your account and personal details - learn how to keep your business safe by recognising and reporting fraud
Phishing is a common type of internet fraud. Phishing emails are designed to appear as though they are from a legitimate source, but intend to steal personal information that can be used to access your account.
Do not respond to any email that asks for any information in relation to your internet banking log in details. If you have received a suspicious email, do not respond and call us if you need any further information.
Our opening hours are published on our help and support page.
Money mules are people used to help launder money, often without realising that’s what they’re doing. They help move illegitimate funds (money gained illegally) between accounts so that the money then appears to be legitimate. They may be asked to receive money into their account, then withdraw it and put it into another account, sometimes in another country. Sometimes the money mules are offered compensation or commission.
Even if money mules don’t know the money they’re transferring is fraudulent, they are still committing fraud and money laundering, and could be sentenced to time in prison or to pay a fine.
Money mules are often recruited into this activity through false job adverts, or social media posts that promote quick money-making opportunities. Sometimes they are duped by fake social media profiles that pretend to want a romantic relationship with the victim to gain their trust and affection before asking this favour or blackmailing them. This is also known as romance fraud.
Never move money between accounts you don’t know and trust, especially because someone else has asked you to, or if you don’t know where that money has come from. If you are suspicious of money laundering, call us immediately on 0330 355 0355.
Fraudsters often look for data on people that they can use to impersonate or defraud them.
They may research you or your colleagues, so we advise that you educate your staff about protecting their data and ensure they are fraud aware too.
What kind of data might a fraudster steal?
Ways fraudsters might get hold of your data:
Do not respond to any email that asks you for information about your internet banking log in details. If you have received a suspicious email, do not respond and call our Contact Team as soon as you can during our opening hours on 0330 355 0355 to check if it is a genuine email.
Our opening hours are published on our help and support page.
Vishing is where a fraudster uses voice messages or phone calls to try to steal identities, and financial information like your PIN, card details and Digipass code.
The term comes from the combination of ‘phishing’ and ‘voice’. Phishing is where fraudsters use email, regular phone calls and fake websites to dupe people into giving them personal details and financial information.
Vishing is specifically the use of a VOIP service (Voice Over Internet Protocol, or an internet phone service), which enables fraudsters to communicate with their potential victims via automated voice messages and the phone keypad.
Vishers can create fake caller ID profiles so that their phone number seems legitimate, and vishing requests sound urgent, to panic the victim into acting without thinking.
Examples of vishing:
What you can do
If you receive an unexpected phone call with an automated response, hang up, search for the company’s genuine contact details online and check whether the call was legitimate. If it was, the company will be able to help you, and if it was a vishing attempt, letting the company know enables them to take action, and you will have protected yourself from fraud.
If the call relates to an investment opportunity, check the FCA register to see if the investor is regulated, and confirm the company exists by checking Companies House.
How to report a vishing scam
If you think you have been a victim of a vishing attack, call us immediately on 0330 355 0355. Then report to the FCA using their reporting form.
If you have lost money to suspected investment fraud, report it to Action Fraud on 0300 123 2040.
Bank impersonation fraud is when a fraudster impersonates someone from the bank in order to trick a victim into making payments to a fraudulent account.
What a fraudster might do:
What Triodos Bank will never do
What you can do to protect yourself
If the text is from a sender you know, or from a shortcode (five to eight digits long):
If the spoof text message (sometimes known as smishing) is from an unknown sender, or from an organisation you’re not familiar with:
If someone accesses your business account without your authorisation, we’ll refund the full amount of money taken from your account, as long as you:
If you receive a call from Triodos, we’ll be happy for you to question who we are and call us back on the number published on our website, just to make sure. If you can, call us back from a different phone, as an extra safety precaution. Fraudsters can clone numbers, so it may look like the number we use to call you.
We will never call you to ask you to transfer money or for your Digipass codes, and we will never ask you to download software onto your device. If someone calls pretending to be from Triodos, and they ask you to do these things, hang up immediately and report it to us on 0330 355 0355.
Fraudsters try getting money from organisations by sending fake emails and texts to gain access to their internet banking details. It can be difficult to spot a fraudulent email, but there are things you can check for clues it’s a fraudulent email.
Common email and text scams to look out for:
It can be very difficult to spot a fraudulent call. The best thing you can do if you get an unexpected call – especially if the person is asking you to make a payment or move funds, or rushing you to make a decision – is to call the organisation back on the number published on their website.
Fraudsters may call you or someone in your team and pretend to be a well-known business like BT, the bank, HMRC, the police, a supplier or even another person in your business.
Examples of what a fraudster might ask you to do:
CEO Fraud is when cyber criminals hack into company email accounts to impersonate the CEO, Managing Director or senior staff and ask an employee to make payments to an account managed by the fraudster. They’ll typically target a company's finance department, but may also target other employees who have authority to make payments.
Usually the request sounds urgent, to panic the employee into acting without thinking and going through the usual checks and balances. The kinds of payments they’ll ask you to make are invoices for a supplier, utility or service, or products the company needs.
Contact us immediately on 0330 355 0355 (or if abroad on +44 (0)1179 739339) if:
For fraud related queries, we're available 8am-6pm Mon-Fri (9am-6pm Thu), and 10am-4pm weekends.
Once you've contacted us we'll ask you for all information you have about the loss or theft and may require you to report it to the police
We also advise you to report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:
Social media fraud can be many things. It could look like:
This is when fraudsters send fake invoices claiming to be from a real business you work with. Sometimes they hack the emails of your supplier to send the invoice, so the email address is genuine, but the payment details are changed to those owned by the fraudster. It’s sensible to call your suppliers on the number on their website to verify their payment details before you pay new account details for the first time.
Steps you can take to protect against invoice fraud:
We take all incidents of fraud or suspected fraud seriously and understand it can be very worrying for our customers. We have systems in place to help monitor and protect against fraud but in some instances you may be concerned about a transaction. If so please contact us as soon as possible. For further information on safeguarding yourself against fraud please see the Take 5 campaign information.
We’ve created this online resource to help you protect your business from fraud.
Share it with your team and regularly review it to help you protect what’s important to you.
We recommend that you:
You can also find in-house training at:
Business (or corporate) identity theft is a type of fraud that involves a criminal stealing a company’s identity and using it to buy goods and services by establishing lines of credit with banks or retailers.
Organisations are often targeted because:
How to protect yourself:
We undertake monitoring on customer accounts and transactions to identify suspicious activity that could potentially be fraudulent. If we identify suspicious activity on any of your accounts, we will contact you to verify whether it is genuine. We may delay or decline transactions, or block your account until we can confirm the authenticity of requests received. When we contact you, we will ask you security questions but these will not include any information about your internet banking log in details. If you receive a call claiming to be someone from Triodos Bank and you are suspicious call us back on 0330 355 0355 and our Contact Team will be able to confirm if it was a genuine call.
We recommend you check that you have the necessary secure (SSL) connection with Triodos Bank.
How to check your secure connection with Microsoft Internet Explorer:
To prevent unauthorised access and viruses being downloaded onto your computer, you should use a firewall and anti-virus software.
A personal firewall is software that protects your computer against abuse from hackers and warns you if someone tries to gain access to your computer.
This type of protection is very important for computers that have a permanent internet connection, e.g. with an (A)DSL (broadband) or cable connection.
Here are some tips for using your firewall and anti-virus software effectively:
Do not save encrypted pages on your hard drive. It is standard practice not to save encrypted pages in your browser. This ensures that other users of the same computer cannot access these pages when you are finished with them. You can check and if necessary change the security setting for your browser. With Microsoft Explorer proceed as follows:
No-one wants to imagine that one of their employees would commit fraud, but sometimes this happens. There are a few things you can do to protect your organisation:
Read about the latest fraud trends and tips to keep your business safe