Cookies at Which? We use cookies to help improve our sites. If you continue, we'll assume that you're happy to accept our cookies. Find out more about cookies

Online banking security

Tips to avoid phishing and identity theft

By Chiara Cavaglieri

Article 2 of 4

Put us to the test

Our Test Labs compare features and prices on a range of products. Try Which? to unlock our reviews. You'll instantly be able to compare our test scores, so you can make sure you don't get stuck with a Don't Buy.

Tips to avoid phishing and identity theft

Top tips to keep your online bank account safe from fraud, including phishing attacks and identity theft.

Take our fraud risk quiz

10 ways to protect yourself against fraud and scams

Criminal gangs are constantly inventing new ways to try to get their hands on your money.

You can help keep the cash in your bank account safe and reduce your chances of becoming a victim of fraud by following some simple steps.

1) Make sure your computer or laptop is protected with a good security software program and antivirus software. Keep them all, along with your browser, up to date. 

Visit our guide to choosing antivirus software so you can find the best package to keep you safe. 

2) Different banks have different security measures for online banking but if you have to set up a password, make sure it is a mixture of letters and numbers, and is different from an email password. 

If you access your email from an insecure computer, scammers could steal your password details and use them to access your account. 

Don't write your passwords down in full or share them with anyone. Find out how to create the perfect password.

3) Never disclose personal details, such as your password, on email or over the phone unless, of course, it is one you have agreed with your bank for telephone banking.

4) However, if you received a call or email from your bank that you weren't expecting, treat it with suspicion, regardless of the apparent name of the organisation contacting you. 

Never follow a link from an email purporting to be from your bank and never open an email from an unknown source, as it may contain a virus.

If you receive a suspicious email, known as a phishing email, purporting to be from your bank, report it to Action Fraud using its online tool. You can also inform your bank directly. 

5) Before entering your account details into a website, make sure there is a padlock symbol in or next to the address bar in your browser and that the web address changes from starting with 'http' to 'https' – this means the connection is secure. 

6) If you have a wireless network at home, make sure you have activated the security settings on your wireless router to make it secure and prevent others accessing it.

7) Avoid accessing your bank account from a public computer or unsecured wireless network. If you do use a public computer, never leave it unattended when logged in and always log out properly when you've finished your banking session.

8) If you experience any problems logging in, phone your bank – don't send an email.

9) Avoid posting personal information such as your email address, date of birth and phone number on social networking websites such as Facebook and Twitter to reduce the risk of identity theft. Only accept friend requests from people you know. 

Someone posing as an interesting person asking to become your friend may actually be an ID thief. Check your privacy settings carefully and make sure only people you trust can view your profile. 

10) Regularly check your bank account and statements for suspicious transactions. If you spot something unfamiliar, report it to your bank or card provider as soon as you can.

What to do if you're a victim of bank fraud

If you think you've been a victim of online banking or ID fraud, notify your bank as soon as possible.

Know your rights: Think you may have given a fraudster your bank details? We tell you what to do.

Banking regulations say that a bank can only refuse a refund for an unauthorised transaction if it can prove you authorised the transaction, or that you acted fraudulently or were grossly negligent in failing to protect your Pin and password.

If your bank refuses to refund you, take your complaint to the Financial Ombudsman Service. It will look at each case on its merits.

  • Last updated: April 2017
  • Updated by: Gareth Shaw

Which? Limited (registered in England and Wales number 00677665) is an Introducer Appointed Representative of Which? Financial Services Limited (registered in England and Wales number 07239342). Which? Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FRN 527029). Which? Mortgage Advisers and Which? Money Compare are trading names of Which? Financial Services Limited. Registered office: 2 Marylebone Road, London NW1 4DF.