Whilst you might not be familiar with the term 'Social Engineering' it is one of the most common tactics used by Fraudsters today. Social Engineering is the attempt to manipulate an individual into willingly transferring their funds or surrendering full access to their Digital Banking over to the fraudsters under the belief that this is a genuine action when it is not.
Fraudsters will pose as genuine companies, such as Microsoft, the police, or even your own bank or utility company / internet service provider in an attempt to have you willingly transfer funds to them. This could be disguised as a 'refund', returning part of an overpayment or transferring money to a 'safe account' to prevent fraud. It is becoming more and more common for fraudsters to trick their victims into downloading 'remote access' software (such as Teamviewer), usually under the guise of fixing an issue on the computer or internet. Once the software has been downloaded and the fraudster has full access to the machine, the fraudster will then have their victim log into Digital Banking before turning the screen blank - this leaves the criminal with full and open access to your Digital Banking via your own machine. No genuine company would ever require access to Digital Banking following a remote access.
These particular criminals can sound genuine; however there are a few key things to remember:
The call will always be unexpected and involve some form of incentive. This could be a claim that you are due a refund for goods you purchased some time ago, perhaps computer software.
If the fraudster poses as a member of our fraud team, you may be asked to move your money to a holding account - of course this is not a holding or 'safe' account, it is the criminal's account.
They will often suggest that you hang up and call back (either using the number on the back of your bank card or even dialling 999!) however, some fraudsters have the ability to forcefully keep a phone line open for up to 2 minutes, meaning that you will just reconnect to the fraudster who will confirm that they are genuine. This loophole in some phone lines is actively being closed down by the telecoms companies but is currently a live issue that you must be aware of.
If the fraudster advises that you are due a refund they may ask you to tell them or directly input the 4 digit security code from your internet banking, into our automated authentication call - remember, our authentication calls are only used to make payments, never to receive a refund. Inputting this code will be sending money out of your account NOT receiving it.
Some fraudsters will seek your permission to access your computer remotely, this may be to 'remove software' or perform a 'system clean'. Never allow access to your machine by people you don't know.
We will never ask you to transfer your own money as a result of confirmed or potential fraud.
If you receive a suspicious phone call, hang up and wait for over 2 minutes before calling us or simply dial from another phone number (fraudsters can only hold a landline open, this isn't currently possible on a mobile).
If you receive an automated call with a 4 digit security number - you are paying money out of your account, this action is never used as part of a refund.
Never allow remote access to your computer to anyone you don't know or whilst logged into Internet Banking.
If you think you are a potential victim of fraud, please contact us as soon as possible.
For all credit card and debit card related fraud, please call 0345 835 7922. (Lines are open between 8am - 9pm Monday to Sunday)
For disputed transactions, please call 0345 835 7926. (Lines are open between 9am-5pm Monday to Friday)
For all internet banking, mobile app or telephony related fraud, please call 0800 096 8669. (Lines are open Monday to Friday 8am - 8pm, Saturday to Sunday 9am - 5pm)
To report a lost or stolen card outside of these hours, please call us on 0800 015 0030.
Some customers have made us aware they're receiving emails, phone calls, texts and tweets claiming to be from TSB. We'd never ask you for security details such as PIN, username or full password. Fraudsters might. If you have received anything suspicious, don’t reply, don’t click any links or open any attachments. Forward it to firstname.lastname@example.org and let us take it from there. And, so you know, we won't call you using this number either.
For more information on how to keep yourself secure online, you might find the following useful.