Cookies at Which? We use cookies to help improve our sites. If you continue, we'll assume that you're happy to accept our cookies. Find out more about cookies

Online banking security

Tips to avoid phishing and identity theft

By Chiara Cavaglieri

Article 2 of 4

Put us to the test

Our Test Labs compare features and prices on a range of products. Try Which? to unlock our reviews. You'll instantly be able to compare our test scores, so you can make sure you don't get stuck with a Don't Buy.

Tips to avoid phishing and identity theft

Top tips to keep your online bank account safe from fraud, including phishing attacks and identity theft.

Criminal gangs are constantly inventing new ways to try to get their hands on your money.

You can help keep the cash in your bank account safe and reduce your chances of becoming a victim of fraud by following some simple steps.

1) First of all, make sure your computer or laptop is protected with a good security software program and antivirus software. Keep them all, along with your browser, up to date. 

Action point: Visit our guide to choosing antivirus software so you can find the best package to keep you safe. 

2) Different banks have different security measures for online banking but if you have to set up a password, make sure it is a mixture of letters and numbers, and is different from an email password. If you access your email from an insecure computer, scammers could steal your password details and use them to access your account. Also, don't write your passwords down in full or share them with anyone. 

Action point: Create the perfect password – use our guide to help you create a secure password.

Avoiding scam calls and emails

3) Never disclose personal details, such as your password, on email or over the phone unless, of course, it is one you have agreed with your bank for telephone banking.

4) However, if you received a call or email from your bank that you weren't expecting, treat it with suspicion, regardless of the apparent name of the organisation contacting you. Never follow a link from an email purporting to be from your bank and never open an email from an unknown source, as it may contain a virus.

Action point: If you receive a suspicious email, known as a phishing email, purporting to be from your bank, report it to Action Fraud using its online tool. You can also inform your bank directly. Our guide tells you . 

5) Before entering your account details into a website, make sure there is a padlock symbol in or next to the address bar in your browser and that the web address changes from starting with 'http' to 'https' – this means the connection is secure. 

6) If you have a wireless network at home, make sure you have activated the security settings on your wireless router to make it secure and prevent others accessing it.

7) Avoid accessing your bank account from a public computer or unsecured wireless network. If you do use a public computer, never leave it unattended when logged in and always log out properly when you've finished your banking session.

8) If you experience any problems logging in, phone your bank – don't send an email.

9) Avoid posting personal information such as your email address, date of birth and phone number on social networking websites such as Facebook and Twitter to reduce the risk of identity theft. Only accept friend requests from people you know. Someone posing as an interesting person asking to become your friend may actually be an ID thief. Check your privacy settings carefully and make sure only people you trust can view your profile. 

10) Regularly check your bank account and statements for suspicious transactions. If you spot something unfamiliar, report it to your bank or card provider as soon as you can.

Members' tips to avoid phishing and identity theft

Three in five Which? members have experienced fraud. Here, some of them share the ways they now limit their risk. 

Check statements

I'm very careful about receipts and check my account at least once a week, not monthly as before.

Many said they keep a much closer eye on bank statements, and take the time to shred address details on envelopes and packaging. A few have now signed up for extra text alerts for low balances and large transactions. 

Others have cancelled cards they don’t use and reduced the credit limits to keep potential losses to a minimum.

Staying safe online

I only use one card online and I never respond to links in emails, but rather type the info in by hand.

Lots of people shared tips for staying safe online, from creating complicated passwords to looking out for the padlock symbol next to a website's URL.

Sticking with reputable websites or those that require additional security measures, such as Verified by Visa confirmation, was another idea, while a few cautioned against keeping card details logged and saved on websites.

Staying safe out and about

I don’t use my credit card to buy petrol as my bank said that petrol stations were in their experience vulnerable to skimming.

Which? members are particularly cautious when using their cards abroad, particularly where chip and Pin is not the norm, such as the US.

Some told us they feel safer using cash machines inside banks whenever possible and screen the keypad when entering their Pin. A handful even decided to avoid specific retailers that concern them.

What to do if you're a victim of bank fraud

If you think you've been a victim of online banking or ID fraud, notify your bank as soon as possible.

Know your rights: Think you may have given a fraudster your bank details? We tell you what to do.

Banking regulations say that a bank can only refuse a refund for an unauthorised transaction if it can prove you authorised the transaction, or that you acted fraudulently or were grossly negligent in failing to protect your Pin and password.

If your bank refuses to refund you, take your complaint to the Financial Ombudsman Service. It will look at each case on its merits.

  • Last updated: July 2016
  • Updated by: Chiara Cavaglieri