At Tilney we take information and IT security seriously. Our dedicated information security team works to ensure that your personal information and your online account are safe and secure to use.

The threats to your personal information are constantly evolving and fraudsters constantly create new ways to try and steal your information and, ultimately, your money.

We have produced some advice and guidance below - to help you protect yourself and your information from these threats, and what to do if you think you may have been a victim of fraud. We hope you find these useful.


Protecting yourself online

There are a number of steps that you can take to protect your personal information online:

  • Keep your login details safe – never disclose your username or password to anyone else. Remember that Tilney, nor any other online service providers such as your bank, will never ask you for your username and/or password over the phone or via email.
  • Use strong passwords – the longer the better. Use uppercase and lowercase letters, numbers and special characters. Further guidance on the secure use of passwords is available on the Get Safe Online website. Additionally, don’t save usernames or passwords within your internet browser, and never use the same password across multiple accounts or websites.
  • Use anti-virus software and keep it updated - this will reduce the risk of your device, and the information stored on it, being compromised. Ensure you have enabled automatic updates and ensure you perform regular scans on your computer.
  • Make sure your web browser is up-to-date – common web browsers such as Internet Explorer, Google Chrome, Mozilla Firefox and Safari, contain in-built protection against some internet threats. However, it is important to ensure that your browser is running the latest version of the software as some viruses will target outdated browsers.
  • Don’t use untrusted devices – when accessing financial applications, including Tilney systems, avoid using public computers (eg: in libraries or an internet café).
  • Avoid sharing personal information online – make sure your privacy settings on social networking sites or online forums restrict who can access your personal information. Information such as your telephone number, date of birth, address or bank account number can be used by fraudsters to attempt to steal your identity. Avoid sharing such information via sites such as Facebook, Twitter or LinkedIn.
  • Know how to identify phishing emails and fraudulent websites – email attacks – sometimes called ‘phishing’ attacks – are the most common way fraudsters will attempt to get you to either divulge personal information (such as login details) or click on malicious attachments or web-links which take you to fraudulent websites. Check the language used in the email – is it typical of the sender? Were you expecting the email? Is it asking you to provide personal information? If you are suspicious of the email and what it is instructing you to do, be wary and do not provide any sensitive information or click on any links or attachments.
  • Keep your mobile devices secure – if you use a smartphone or tablet computer make sure you have access controls enabled – such as a PIN code, fingerprint recognition or a password – to restrict access to the device itself. Configure the device to lock out automatically after a period of inactivity, say 5 or 10 minutes. Don’t store passwords or other sensitive information on the device in a way that can be understood by someone else.

Different types of fraud

Fraudsters are continually coming up with new ways to get in touch with consumers and trick them into divulging personal information or even handing over cash.

By being aware of the different tricks used by criminals you can help protect your information and finances.

Investment fraud

Tilney will contact you periodically regarding your account, for example to ensure you are receiving a good service from us or to discuss other products and services which you may benefit from. However, we will not request sensitive information (such as your password), or apply undue pressure for you to make investment decisions, over the phone or via email.

Fraudsters, however, will often pose as sales staff from financial services firms who will contact you with opportunities to invest money into various schemes. These can include offers to buy shares, commodities, real estate or other items, with very attractive rates of return. These opportunities, however, should be treated with caution as they could be fraudulent.

Be aware of any cold calls, or unsolicited emails, from unrecognised firms offering investment opportunities. In such cases, never commit to anything. Do your own research into the company or the investment itself. Check the Financial Conduct Authority’s website for their warning list for scam investments or check for the firm’s authorisation.

Some of the warning signs to look out for are guaranteed returns being promised, or the investment being described as ‘risk free’. Other signs which should raise suspicions are the investment being ‘time-limited’ with pressure on you to make a quick decision, or being asked not to discuss the investment with friends or family.

Compromised email account

the number of reports of ‘hacked’ email accounts has risen over recent years. This involves the fraudster accessing your personal email account (usually by taking advantage of a weak password) and watching who you interact with. They will then impersonate an individual or company you have a relationship with, and will use this to attempt to get you to hand over money. This is usually done by requesting you change the bank details of a Direct Debit, for example, or requesting funds are transferred to a ‘new’ company account, which is in fact operated by the fraudster.

If any firm requests you to change the bank account into which funds are paid, always confirm this directly with a member of staff, either over the phone or by visiting them in person.

Pension fraud

since government legislation in April 2015 made it easier for the over-55s to access their pension funds, there has been a rise in fraudsters attempting to steal this money.

Tilney do offer services to help you with your pension arrangements, and may approach you via phone or email to discuss this.

However, be wary of emails or phone calls from companies or telephone numbers which you do not recognise, particularly if they are offering a free review of your current pension status, or if they are offering ways in which to improve the returns on your investment savings. If you do receive such calls do not divulge any personal information. If you have a genuine need to review your pension options you can contact Tilney directly.

If a company has contacted you out of the blue, do your own research and ensure the firm is registered with the Financial Conduct Authority by visiting their website.

‘Money Mule’ fraud

This involves fraudsters giving you the opportunity to make quick money by allowing them to deposit large sums temporarily in your account. You are generally then asked to withdraw the cash or transfer it overseas. By doing so you are helping fraudsters launder the money and by acting as a ‘money mule’ you are complicit in their crime. You could also face prosecution.

Always ignore offers which involve the depositing of cash into your accounts in return for a fee.

‘Remote Control’ fraud

This fraud involves a telephone caller taking remote control of your computer claiming they can fix a problem with it – usually after claiming that they have evidence it has been infected with a virus or that it is running slow due a technical issue. They will claim that they can help resolve the problem, and will persistently request you grant them remote access to your device. They will then advise that you need to buy software or subscribe to a support service to fix the problem, and request personal information including your debit or credit card.

Should you receive such a call, hang up immediately. No IT support company would ever contact you in this way requesting remote access or payment.

Online shopping fraud

Criminals create malicious websites to impersonate genuine shopping websites in an effort to trick you into ordering and paying for goods or services which don’t exist. Typically you will be sent an email impersonating a known company, with a tempting offer. There will be a web-link which will take you to the fake website where you will be prompted for your payment information.

Be wary of unsolicited emails, for example from companies you know but haven’t interacted with before. Hover over any links in emails (if using a desktop computer) to see if the web address looks genuine. If necessary, visit the official company website directly via your web browser. Additionally, check the web address of the company begins with ‘https://’ – which indicates the connection is secure. Also check the web address does not include subtle misspellings, extra words or characters, or other unusual signs.  

‘Phishing’, ‘Smishing’ and ‘Vishing’

Phishing refers to malicious emails which try and coerce you into clicking links/attachments or providing sensitive information. Most cyber-attacks start with a phishing email. Most phishing mails pretend to be from a known source – eg: your bank, HMRC, a company you deal with – but in fact are impersonating these organisations. Phishing emails are becoming increasingly sophisticated using authentic-looking logos and official contact details. However, clicking on the web-links within the email will either direct you to an authentic-looking malicious website and prompt you to divulge personal information, or potentially download malicious software which the fraudsters can use to steal your information.

If you receive an unexpected email don’t click on any links or attachments or reply with personal information.

Smishing is a form of phishing which delivers a malicious text (or SMS) message to your mobile phone. Generally this will come from an unrecognised telephone number and the message, similarly to a phishing email, will prompt you to urgently click on a link or direct you to call a phone number. The web-link or phone message will then attempt to obtain personal information – such as your bank account password – which can be used to steal your money or commit identity fraud. As with phishing emails, don’t click on links or reply to text messages from unknown sources. If it purports to come from your bank, contact them directly yourself using a phone number from their official website.

Vishing refers to malicious telephone calls (ie: Voice + Phishing) from fraudsters which attempt to get you to provide sensitive personal information. Generally, the call will be unsolicited and will claim to be either an organisation you deal with, such as your bank, or an authority such as the police. Recorded cases have involved the use of scare tactics, claiming there is a police investigation involving your account and requesting you provide personal details to help with the process. Remember, the authorities or your bank will never ask you to divulge sensitive information over the phone or transfer money to a specific account. If you receive such a call do not provide any personal information. Hang up and contact the organisation directly using contact details from their valid website.


What should you do if you have been the victim of fraud?

  • Contact Action Fraud – visit the website to report a case of fraud online, or telephone them directly on 0330 123 2040.
  • Contact your Tilney advisor, Investment Manager of Financial Planner – even if the fraud does not involve your Tilney account.
  • Contact your bank - if the fraud involves your debit or credit cards, online banking or cheques.
  • Change the password on your email accounts – if you suspect your email account has been compromised change the password to something long and complex. Use upper and lower case letters, numbers and special characters. Additionally, change the passwords on any other online accounts linked to that email account – such as online shopping accounts, social media accounts or online banking accounts.
  • Register with CIFASCIFAS is a not-for-profit fraud prevention membership organisation which manages the largest database of instances of fraudulent contact in the county. It offers protective registration to victims of identity fraud or those whose information may be at risk following a data breach.
  • Register with credit reference agencies – such as Equifax or Experian, to check for any unusual activity against your name.

Speak to us

Speak to us to find out how we can help you:

We use cookies to provide the best experience when using our website. See our cookie policy for more information.

Dismiss