Phishing

Emails, text messages and websites might not be what they seem. If you receive an email, text message or phone call and you are unsure whether it is legitimate, you should never provide your personal details. Instead, contact the company directly using a number or method you know is genuine.

What is it? Press to expand/collapse

You receive an email that looks like it comes from us asking you to log on and check your account. It looks real, so you might be tempted to click on the link and enter your personal information, such as user ID / password / security details into the website. Wait a minute. If you do, you will be handing over your details to a fraudster who wants to take your money.

Phishing scams are used by criminals to lure victims, by email, text or phone, into handing over valuable information such as credit card and bank account numbers, passwords and log on details, which can be used to commit fraud. We will never send you an email, text or a website link asking you to enter your Internet Banking or card details.

What to look out for Press to expand/collapse

Impersonal greetings and probing questions

A phishing email will not be personally addressed to you but may begin with 'Dear valued customer'. The fraudster or fraudulent website may ask for lots of sensitive personal information such as passwords, Internet banking log on details, contact details or credit card numbers or even information about the account details of your mobile phone provider.

Urgent warnings

A phishing email may say things like 'we need to verify your account information' or quote 'security issues with your account'. This is designed to create a sense of panic in an attempt to make you respond without thinking.

Bad spelling and formatting

The wording of the email may have poor grammar and spelling. The fake website may look slightly different with an alternative layout or misspelt words, although this isn't always the case.

Genuine emails Press to expand/collapse

We will always:

Quote your last four digits of your account number at the top of the email. By default this will be your primary account. Remember a fraudster does not know these details.
Use links to our official web pages a page on www.tsb.co.uk. - We will never link directly through to our Internet Banking log on page or ask for your personal details.
Greet you personally using your name.
We will only ever use the following sender addresses - tsb@email.tsb.co.uk, donotreply@tsb.co.uk, tsb@tsbinsurance.co.uk or haveyoursay@email.tsb.co.uk
To confirm the email is genuine, make sure all the above apply. If you're not sure, call us using a phone number you know is valid - either on the back of your card or in our 'report it' section.

If you want to update your email address log on to Internet Banking and select Personal details from the left-hand menu.

Tips on avoiding phishing attacks Press to expand/collapse

Limit the amount of personal information you make public on the Internet, including social networks. It could be used against you.
Treat all email with a degree of caution. The sender's or return address can be faked. The email header and website link can also be manipulated.
If you are unsure of any embedded link, hover your mouse over it. This should show you the full web address. If this does not link to a www.tsb.co.uk webpage, it is likely fraudulent.
If you are suspicious, don't click on any link embedded in the message as it may link you to a fraudulent webpage or even contain a virus. If you want to be sure, search for the genuine website using a search engine. Remember, we will never link from an email directly through to your Internet Banking log on page or to a page that asks for your security or personal details.