At Tilney we take information and IT security seriously. Our dedicated information security team works to ensure that your personal information and your online account are safe and secure to use.
The threats to your personal information are constantly evolving and fraudsters constantly create new ways to try and steal your information and, ultimately, your money.
We have produced some advice and guidance below - to help you protect yourself and your information from these threats, and what to do if you think you may have been a victim of fraud. We hope you find these useful.
There are a number of steps that you can take to protect your personal information online:
Fraudsters are continually coming up with new ways to get in touch with consumers and trick them into divulging personal information or even handing over cash.
By being aware of the different tricks used by criminals you can help protect your information and finances.
Tilney will contact you periodically regarding your account, for example to ensure you are receiving a good service from us or to discuss other products and services which you may benefit from. However, we will not request sensitive information (such as your password), or apply undue pressure for you to make investment decisions, over the phone or via email.
Fraudsters, however, will often pose as sales staff from financial services firms who will contact you with opportunities to invest money into various schemes. These can include offers to buy shares, commodities, real estate or other items, with very attractive rates of return. These opportunities, however, should be treated with caution as they could be fraudulent.
Be aware of any cold calls, or unsolicited emails, from unrecognised firms offering investment opportunities. In such cases, never commit to anything. Do your own research into the company or the investment itself. Check the Financial Conduct Authority’s website for their warning list for scam investments or check for the firm’s authorisation.
Some of the warning signs to look out for are guaranteed returns being promised, or the investment being described as ‘risk free’. Other signs which should raise suspicions are the investment being ‘time-limited’ with pressure on you to make a quick decision, or being asked not to discuss the investment with friends or family.
the number of reports of ‘hacked’ email accounts has risen over recent years. This involves the fraudster accessing your personal email account (usually by taking advantage of a weak password) and watching who you interact with. They will then impersonate an individual or company you have a relationship with, and will use this to attempt to get you to hand over money. This is usually done by requesting you change the bank details of a Direct Debit, for example, or requesting funds are transferred to a ‘new’ company account, which is in fact operated by the fraudster.
If any firm requests you to change the bank account into which funds are paid, always confirm this directly with a member of staff, either over the phone or by visiting them in person.
since government legislation in April 2015 made it easier for the over-55s to access their pension funds, there has been a rise in fraudsters attempting to steal this money.
Tilney do offer services to help you with your pension arrangements, and may approach you via phone or email to discuss this.
However, be wary of emails or phone calls from companies or telephone numbers which you do not recognise, particularly if they are offering a free review of your current pension status, or if they are offering ways in which to improve the returns on your investment savings. If you do receive such calls do not divulge any personal information. If you have a genuine need to review your pension options you can contact Tilney directly.
If a company has contacted you out of the blue, do your own research and ensure the firm is registered with the Financial Conduct Authority by visiting their website.
This involves fraudsters giving you the opportunity to make quick money by allowing them to deposit large sums temporarily in your account. You are generally then asked to withdraw the cash or transfer it overseas. By doing so you are helping fraudsters launder the money and by acting as a ‘money mule’ you are complicit in their crime. You could also face prosecution.
Always ignore offers which involve the depositing of cash into your accounts in return for a fee.
This fraud involves a telephone caller taking remote control of your computer claiming they can fix a problem with it – usually after claiming that they have evidence it has been infected with a virus or that it is running slow due a technical issue. They will claim that they can help resolve the problem, and will persistently request you grant them remote access to your device. They will then advise that you need to buy software or subscribe to a support service to fix the problem, and request personal information including your debit or credit card.
Should you receive such a call, hang up immediately. No IT support company would ever contact you in this way requesting remote access or payment.
Criminals create malicious websites to impersonate genuine shopping websites in an effort to trick you into ordering and paying for goods or services which don’t exist. Typically you will be sent an email impersonating a known company, with a tempting offer. There will be a web-link which will take you to the fake website where you will be prompted for your payment information.
Be wary of unsolicited emails, for example from companies you know but haven’t interacted with before. Hover over any links in emails (if using a desktop computer) to see if the web address looks genuine. If necessary, visit the official company website directly via your web browser. Additionally, check the web address of the company begins with ‘https://’ – which indicates the connection is secure. Also check the web address does not include subtle misspellings, extra words or characters, or other unusual signs.
Phishing refers to malicious emails which try and coerce you into clicking links/attachments or providing sensitive information. Most cyber-attacks start with a phishing email. Most phishing mails pretend to be from a known source – eg: your bank, HMRC, a company you deal with – but in fact are impersonating these organisations. Phishing emails are becoming increasingly sophisticated using authentic-looking logos and official contact details. However, clicking on the web-links within the email will either direct you to an authentic-looking malicious website and prompt you to divulge personal information, or potentially download malicious software which the fraudsters can use to steal your information.
If you receive an unexpected email don’t click on any links or attachments or reply with personal information.
Smishing is a form of phishing which delivers a malicious text (or SMS) message to your mobile phone. Generally this will come from an unrecognised telephone number and the message, similarly to a phishing email, will prompt you to urgently click on a link or direct you to call a phone number. The web-link or phone message will then attempt to obtain personal information – such as your bank account password – which can be used to steal your money or commit identity fraud. As with phishing emails, don’t click on links or reply to text messages from unknown sources. If it purports to come from your bank, contact them directly yourself using a phone number from their official website.
Vishing refers to malicious telephone calls (ie: Voice + Phishing) from fraudsters which attempt to get you to provide sensitive personal information. Generally, the call will be unsolicited and will claim to be either an organisation you deal with, such as your bank, or an authority such as the police. Recorded cases have involved the use of scare tactics, claiming there is a police investigation involving your account and requesting you provide personal details to help with the process. Remember, the authorities or your bank will never ask you to divulge sensitive information over the phone or transfer money to a specific account. If you receive such a call do not provide any personal information. Hang up and contact the organisation directly using contact details from their valid website.