Watch out - some emails look surprisingly genuine
The internet provides convenient access to online services such as shopping and banking.
Unfortunately, it can also create new opportunities for fraud and crime. This guidance offers
practical advice on how to identify and avoid typical internet based frauds:
How scams work
You’ll first notice scams when you get an unsolicited email requesting an urgent response. The email usually claims to be from a bank, credit card company or some other financial service you might use. It usually asks you to send your account details and sometimes your password, either by return email or through a website.
These scams are known as 'phishing'. This is the process by which you are tricked into disclosing your password, pin number or bank account details to criminals using the internet.
They often use the excuse that a large transaction has recently passed through your account and they require your details to verify its validity. Other tricks are used to lower your guard, such as 'security and maintenance upgrades', 'investigation of irregular account activity' or 'bills or charges due'. Here are some real life examples.
PLEASE REMEMBER – WE WILL NEVER ASK YOU TO DISCLOSE ALL YOUR SECURITY AND PERSONAL DETAILS BY EMAIL.
a) Fake security alerts and maintenance upgrades
- 'Your account has been randomly selected for maintenance and placed on 'Limited Access' status, please enter your account details to re-activate your service'
- 'Please provide your account details to re-activate your account following the introduction of a new security system which will help you avoid fraudulent transactions and keep your investments safe'
- 'Urgent, system problems. Please go to <web address> and re-enter your details'
b) False investigations
- 'You are subject to a tax audit and must submit the following information within 48 hours to avoid assessment of penalties and interest. Please provide, bank account information'
c) False bills and charges
- 'According to our records your payment for your Internet access account is late. Please contact us at <web address> to update your details'
- 'Your domain name registration is due for renewal; please enter the following information exactly as it appears on your credit card statement. This will be compared to the information your bank has on file for your card to verify your payment'
'You have won a free gift (or prize), simply complete your credit card details for postage and handling costs and we'll send it out to you.'
d) Money has been withdrawn from your account
- '£9,000 was withdrawn from your account last Friday'
Why these frauds look genuine
Fraudsters scan the internet for email addresses or generate them at random. They don't need an online service provider's mailing lists. They may send just a few dozen emails but sometimes thousands. Even if only a few unsuspecting people respond, it can be worth the effort. These attempted frauds can look genuine by using:
- the names of real people
- the right logos and branding
- links to pages from the real website
- official-looking fine print
- a site that mimics the real thing. Technically, it's quite easy to copy and paste genuine pages to a new fake address
How to spot a fraud
The success of each fraudulent email depends entirely on fooling the recipient. However with closer attention, you can easily pick out warning signs:
- Website address: this can be easily faked. Is the address spelt accurately and is it for a UK site? You should only access our official website.
- Contact details: does the email address look legitimate? Bear in mind anything before the ’ @’ sign can be faked.
- Shipping address: frauds often originate from areas such as Western Africa so avoid any requests to ship goods there.
- General appearance: fraud emails will often have poor spelling, bad grammar, generally look sloppy and state a false sense of urgency to follow their instructions.
International and local examples
Some of the biggest names on the internet have been targeted.
Auction sites – this scam involved a series of fake emails used to steal users' credit card numbers and to commandeer customers' accounts and then defraud buyers using the auction site service.
Auction Site Payment Systems – users received e-mails masquerading as official payment system alerts that asked recipients to submit bank and credit card details after the user's account has been randomly selected for maintenance and placed on "Limited Access" status.
Internet Auction Frauds
Users of internet auction websites have reported receiving fraudulent emails claiming to be from Butterfield Private Bank. These include counterfeit emails asking for account details, money transfer scams and the sale of counterfeit or non-existent goods. Typically, the emails are sent following a successful purchase. The fraudster asks for items to be sent to them in the following stages: -
- The fraudulent email claims that a transfer from a Butterfield Private Bank account has been approved.
- The seller is requested to make arrangements for shipping the purchased item. The email then requests the seller to send the tracking number of the item in question in order to confirm that the item has been shipped to the buyer.
- The fraudulent email also states that if the tracking number of the item is not provided it will cause the Butterfield Private Bank transfer to be delayed.
- The email then states that as soon as the tracking number is sent to the fraudster, Butterfield Private Bank will transfer your money immediately.
- No money is transferred by the fraudster - but they receive the auction item from the seller who becomes the next victim of fraud.
- Butterfield Private Bank is not responsible for these fraudulent emails. They are sent by imposters attempting to appear legitimate. If you have received an email of this type in relation to a transaction it will be a fraud and should not be relied upon.
Safety checks to protect yourself
a) Stay calm
It's natural to be alarmed by an email claiming your account has been frozen or your credit card information has been stolen. Resist your first impulse to reply. Never follow the instructions in the email. Stay up to date on common scams by visiting www.banksafeonline.org.uk
b) Suspect a scam if you're asked for your account details or your passwords by email.
We will never ask for your account details or passwords by email.
c) Only go to the official Butterfield Private Bank website using your bookmark or by typing its URL in the address bar of your web browser.
- Never click any hyperlink in an email, as you cannot be certain where it will direct you to.
d) Keep your computer secure.
Some frauds can lure you into opening an email or attachment that secretly installs "trojan" software. Trojan software allows fraudsters to monitor your computer and access your accounts. Install effective protection on your computer and keep it up to date. You can keep your computer secure by:
- Ensuring your computer software has the latest security updates
- Getting an effective virus protection program and update it regularly
- Getting a 'firewall' to protect your computer from unauthorised access
- Deleting suspicious emails without opening them. Avoid opening dubious attachments, even if the email seems to come from someone you trust
To learn more about protecting your computer, visit www.getsafeonline.org.uk
e) Take a few privacy precautions
Avoid personal transactions at Internet cafes, community centres and libraries. In some places, criminals have loaded software that records keystrokes. Check that nobody is looking over your shoulder and keep private information out of chat rooms or email. Where possible use a secure website address starting with "https". Protect your email address accordingly.
f) Act quickly if you think you've been conned
If you get a suspicious email contact us directly via our contact details posted on the website. Do not respond to any contact details in the email as they are probably false. If you're still uncertain or if you have sent any details through an email or website you're a bit worried about, contact us and ask to confirm the email's authenticity. Monitor your account statements for any suspicious activity.
What to do if you receive a fraudulent email
If you have received a fraudulent email purporting to come from us or have a query on a potential fraud please email us.