Which? uses cookies to improve our sites and by continuing you agree to our cookies policy.

Online banking security

Tips to avoid phishing and identity theft

By Chiara Cavaglieri

Article 3 of 4

Put us to the test

Our Test Labs compare features and prices on a range of products. Try Which? to unlock our reviews. You'll instantly be able to compare our test scores, so you can make sure you don't get stuck with a Don't Buy.

Tips to avoid phishing and identity theft

Top tips to keep your online bank account safe from fraud, including phishing attacks and identity theft.

Take our fraud risk quiz

10 ways to protect yourself against fraud and scams

Criminal gangs are constantly inventing new ways to try to get their hands on your money. 

You can help keep the cash in your bank account safe and reduce your chances of becoming a victim of fraud by following some simple steps.

1) Take your time Treat unsolicited phone calls, letters, emails and texts with caution. Fraudsters use pressure tactics to persuade you to share personal and financial details so don’t let anyone rush you and never share your Pin or online passwords (your bank will never ask for these in full).

2) Use a phone number you trust If you’re in any doubt as to who’s calling, hang up. Make sure the line is clear, and then call the organisation on a phone number you trust, such as the one on the back of your payment card. 

3) Use antivirus software Make sure your computer or laptop is protected with a good security software program and antivirus software. Keep them all, along with your browser, up to date. Visit our guide to choosing antivirus software so you can find the best package to keep you safe. 

4) Create strong passwords Different banks have different security measures for online banking but if you have to set up a password, make sure it is a mixture of letters and numbers, and is different from an email password. Don't write your passwords down in full or share them with anyone. Find out how to create the perfect password.

5) Use a secure network If you have a wireless network at home, activate the security settings on your router to prevent others accessing it. Avoid accessing your bank account from a public computer or unsecured wireless network. If you do use a public computer, never leave it unattended and always log out properly when you've finished your banking session.

6) Be wary of links Avoid clicking links and downloading attachments from emails and texts. Type web addresses into the address bar of your browser manually instead.

7) Browse safely Look for a padlock symbol in or next to the address bar in your browser and that the web address changes from starting with 'http' to 'https' – this doesn't guarantee a site can be trusted, but it does mean the website is encrypted, so no one else but that website can read any card details or passwords you enter. Some sites have an extended validation (EV) certificate, shown as a green padlock alongside the company name, also in green. Again, it’s not perfect, but it requires the company to undergo more rigorous checks.

8) Remove personal info from social media Don't leave your email address, date of birth, or phone number on sites such as Facebook and Twitter – it increases your risk of identity theft. Only accept friend requests from people you know. Someone posing as an interesting person asking to become your friend may actually be an ID thief. Check your privacy settings carefully and make sure only people you trust can view your profile. 

9) Scan your statements Regularly check your bank account and credit card statements for suspicious transactions. If you spot something unfamiliar, report it to your bank or card provider as soon as you can.

10) Use ATMs inside the bank Try to shield your Pin in case there are cameras fitted by criminals above the keypad.  Or, stick to in-branch machines, which are less likely to have been tampered with than one on the high street.

What to do if you're a victim of bank fraud

If you think you've been a victim of online banking or ID fraud, notify your bank as soon as possible.

Banking regulations say that a bank can only refuse a refund for an unauthorised transaction if it can prove you authorised the transaction, or that you acted fraudulently or were grossly negligent in failing to protect your Pin and password.

If your bank refuses to refund you, take your complaint to the Financial Ombudsman Service. It will look at each case on its merits.

Know your rights: Think you may have given a fraudster your bank details? We tell you what to do.

  • Last updated: May 2017
  • Updated by: Chiara Cavaglieri

Which? Limited (registered in England and Wales number 00677665) is an Introducer Appointed Representative of Which? Financial Services Limited (registered in England and Wales number 07239342). Which? Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FRN 527029). Which? Mortgage Advisers and Which? Money Compare are trading names of Which? Financial Services Limited. Registered office: 2 Marylebone Road, London NW1 4DF.