How to bank online safely Tips to avoid phishing and identity theft

Cards and padlock on laptop

You can reduce your chances of falling victim to bank fraud by following some simple steps

Criminal gangs are constantly inventing new ways to try and get their hands on your money.

You can help keep the cash in your bank account safe and reduce your chances of becoming a victim of fraud by following these simple steps:

1) First of all, make sure your computer or laptop is protected with a good security software program and anti-virus software. Keep them all, along with your browser, up-to-date. 

Action point: Visit our guide to choosing anti-virus software so you can find the best package to keep you safe. 

2) Different banks have different security measures for online banking but if you have to set up a password, make sure it is a mixture of letters and numbers, and is different from an email password. If you access your email from an insecure computer, scammers could steal your password details and use them to access your account. Also, don't write your passwords down in full or share them with anyone. 

Action point: Create the perfect password - use our guide to help you create a secure password.

Avoiding scam calls and emails

3) Never disclose personal details, such as your password, on email or over the phone unless, of course, it is one you have agreed with your bank for telephone banking.

4) However, if you received a call, or email, from your bank which you weren't expecting, treat it with suspicion, regardless of the apparent name of the organisation contacting you. Never follow a link from an email purporting to be from your bank or open an email from an unknown source as it may contain a virus.

Action point: If you receive a suspicious email, known as a phishing email, purporting to be from your bank report it to Action Fraud using its online tool while you can also inform your bank direct. Our guide tells you how to spot a phishing scam. 

5) Before entering your account details into a website, make sure there is a padlock symbol in your browser and that the web address changes from starting with 'http' to 'https' - this means the connection is secure. 

6) If you have a wireless network at home, make sure you have activated the security settings on your wireless router to make it secure and prevent others accessing it.

7) Avoid accessing your bank account from a public computer or unsecured wireless network. If you do use a public computer, never leave it unattended when logged in and always log out properly when you've finished your banking session.

8) If you experience any problems logging on, telephone your bank, don't send an email.

9) Avoid posting personal information such as your email address, date of birth and phone number on social network websites such as Facebook and Twitter to reduce the risk of identity theft. Only accept friend requests from people you know. Someone posing as an interesting person asking to become friends may actually be an ID thief. Check your privacy settings carefully and make sure only people you trust can view your profile. 

10) Regularly check your bank account and statements for suspicious transactions. If you spot something unfamiliar, report it to your bank or card provider as soon as you can.

Members' tips to avoid phishing and identity theft

Three in five Which? members have experienced fraud. Here, some of them share the ways they now limit their risks. 

Check statements

I'm very careful about receipts and check my account at least once a week, not monthly as before.

Many said they keep a much closer eye on bank statements and take the time to shred address details on envelopes and packaging. A few have now signed up for extra text alerts for low balances and large transactions. 

Others have cancelled cards they don’t use and reduced the credit limits to keep potential losses to a minimum.

Staying safe online

I only use one card online and I never respond to links in emails, but rather type the info in by hand.

Lots of people shared tips for staying safe online, from creating more complicated passwords to looking out for the padlock symbol next to a website's URL.

Sticking with reputable websites or those which require additional security measures such as Verified by Visa confirmation was another idea, while a few cautioned against keeping card details logged and saved on websites.

Staying safe out and about

I don’t use my credit card to buy petrol as my bank said that petrol stations were in their experience vulnerable to skimming.

Which? members are particularly cautious when using their cards abroad, particularly where chip and Pin is not the norm e.g. the USA.

Some told us they feel safer using cash machines inside banks whenever possible and screen the keypad when entering their Pin. A handful even decided to avoid specific retailers that concern them.

What to do if you're a victim of bank fraud

If you think you've been a victim of online banking or ID fraud, notify your bank as soon as possible.

Know your rights: Think you may have given a fraudster your bank details? We tell you what to do.

Banking regulations say that a bank can only refuse a refund for an unauthorised transaction if it can prove you authorised the transaction or that you acted fraudulently or were grossly negligent in failing to protect your Pin and password.

If your bank refuses to refund you, take your complaint to the Financial Ombudsman Service.  It will look at each case on its merits.

More on this…

Which? Limited (registered in England and Wales number 00677665) is an Introducer Appointed Representative of Which? Financial Services Limited (registered in England and Wales number 07239342). Which? Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FRN 527029). Which? Mortgage Advisers and Which? Money Compare are trading names of Which? Financial Services Limited. Registered office: 2 Marylebone Road, London NW1 4DF.