To help prevent fraudsters tricking people into giving away their details in banking scams, the British Bankers’ Association has pledged that banks will never send emails linking to pages that ask for login details.
For some time fraudsters have been sending ‘phishing’ emails to online banking customers. They’re designed to look like official messages, often with an urgent request to make contact.
The emails include a link to a genuine-looking page which invites the victim to enter online banking login details or other sensitive information. The fake page sends the information back to the con artist, who can then use it to steal funds or commit identity theft.
Links to log in to online banking
As the fraudsters become savvier, the most sophisticated of these banking emails can be difficult to tell apart from real ones.
To help prevent fraudsters tricking people into giving away their online banking details, the British Bankers’ Association (BBA) recently launched a publicity campaign (featured in a guest post on our site too) to remind us that banks will never send emails linking to pages that ask for login details.
I was glad to see the BBA’s advice, but disappointed to find a number of major banks were muddying the waters. We’ve seen genuine emails from Barclays, HSBC, Metro Bank and NatWest which appear to undermine the BBA’s advice. These invite customers to log in to online banking and include a link to their website.
Even following a link from an email to a bank’s homepage, and then through to online banking, can be risky. Fraudsters can easily send emails that appear genuine, but lead to a banking scams website.
Banking scams: is that email legitimate?
After a previous Conversation on the subject, Em told us of her strategy for making sure emails from her bank are legitimate:
‘If I have any doubt about the authenticity of an email, I right-click and select ‘View source’. If you know what to look for, you can check the real URLs behind the clickable links and other tell-tale signs of a fake.’
If you’re a techie sort, this is an option. But it shouldn’t be this hard to spot banking scams – and some banks aren’t helping.
To ensure you don’t get conned into visiting a phishing site, our advice is to only access online banking by typing the website address directly. Or perhaps by using a bookmark.
When we raised our concerns NatWest said it was ‘actively reviewing’ its approach. Metro Bank has removed links to its website from emails. HSBC and Barclays said they only included links to their homepage or marketing pages. But we don’t think this really addresses the issue.
Longer term, it would be great to see banks and email providers working together on tech fixes to make email more secure. Gmail is testing a feature which displays an icon next to emails that are genuine. But this needs to be widely adopted and understood if it is to make life harder for fraudsters – and easier for us.
What safeguards do you take when banking online? Have you received genuine emails from your bank that have caused you concern?