Security Centre
Protecting you against fraud is our priority. We work tirelessly to keep your money and identity safe and to help you spot anything suspicious.
If you suspect fraud or have any concerns, call our Fraud team any time 24 hours a day on 020 7770 0011. You can also speak to your Coutts adviser.
If you receive a fraudulent or suspicious email, please forward it to phishing@coutts.com. If you have responded or clicked any links call us immediately.
If you receive a suspicious text message, please forward it to 88355. Again, if you have responded or clicked any links, call us straight away.
Common
card scam
Courier card scams involve fraudsters tricking clients into handing over their bank card(s) and PIN(s) by pretending to be either a Bank or Law Enforcement official. Coutts, or any other bank and the police, will never request to collect your card or ask you for your PIN.
Often this will start with an unexpected phone call from an individual who claims to be from the Bank’s fraud department or law enforcement. The caller will advise that they have identified fraudulent transactions on your account and that your card has been compromised.
To gain your trust, the caller will prompt you to verify the call by phoning the telephone number printed on the back of your card or providing you with an unverified telephone number. However, fraudsters often use techniques to hold your phone line open, so that when you try to dial out they can intercept and re-answer the call.
The fraudster will advise that your bank card(s) must be collected in order to protect your card and/or account and assist with any investigation. They will normally ask you to put your card into an envelope and then ask you to either key your PIN via the phone keypad or to write it down and insert it into the envelope with the card.
The fraudster will then arrange for a courier or someone dressed as a law enforcement officer, to come to your home and collect the card and provide you with a fake reference number. Once the fraudster obtains your card(s) and PIN(s), they can gain access to your account and carry out fraudulent transactions.
Please note that from time to time the bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. However, we will NEVER ask to collect your card as part of a fraud investigation or ask you to disclose your PIN, card details or any online banking credentials.
Phishing
Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords which can have a monetary value to criminals.
Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices (this is known as malware - malicious software). Very often these appear to be authentic communications from legitimate organisations. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.
Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.
Phishing messages generally try to convince the recipient that they are from a trusted source.
Spear-phishing
This technique is used by criminals to use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
Reporting suspicious emails
If you have received a fraudulent or suspicious email, and not responded to it please forward the email to phishing@coutts.com
However, if you have responded to the e-mail, and/or you suspect that any of your accounts with us have been accessed online by someone other than yourself, please contact our dedicated fraud team immediately on 020 7770 0011.
What is the purpose of your payment?
Scams can have a devastating impact on victims and it's important you understand the risks of making payments to scammers. Select the reason for your payment and consider our advice before proceeding.
| I've been asked to transfer money unexpectedly | Who has asked you to transfer money? Fraudsters may contact you pretending to be from the Bank, the Police or other organisations you trust and ask you to transfer money to another account. Remember: A bank or genuine organisation will never contact you out of the blue asking you to move your money to keep it safe. If this sounds familiar, do not make the payment and end contact with the individual immediately. |
| I'm making an investment | Before you make the payment, consider whether this opportunity is genuine. |
| I'm paying for a service or making a purchase | Always double check the bank details of the person you’re paying by contacting them on a number you can trust. Fraudsters can intercept emails and invoices and change payment details. If you send money to a different account than the one you intended it can be very difficult for us to recover it and you may lose your money. When buying goods or services from someone you don't know consider using your debit card or credit card, or a payment method which offers additional protection against scams, like PayPal or Google Pay. Only pay for goods and services via bank transfer if you know the person you're paying or are satisfied the business is genuine. |
| I'm sending money to someone I've never met | Always ask yourself how well you truly know the person and how reliable they are. Dating and romance scams can have a serious financial and emotional effect on victims. The scammer will build a relationship with you before asking you to transfer money due to a personal emergency or to cover travel expenses. Remember, never send money to someone you haven't met in person. |
Are you amending payment details?Fraudsters may contact you and ask you to change details of a saved payee. |
Fraudsters may contact you and ask you to change details of a saved payee. Only change the details if you know the person or business and they have proof that their bank details have recently changed. A simple phone call to the person on a number you trust could protect you from losing your money. |
| Further information and support | Never be pressured into transferring money. If you're unsure, we suggest you take a day or two to think about what's being asked and talk it through with someone you can really trust. If you think you're the victim of a scam, contact us immediately. If you want more information use the menu above to review further advice about how to stay safe online. |
Overpayment
Fraud
This type of fraud predominantly targets businesses but individuals may still be targeted, especially those who buy and sell items online. Overpayment fraud is when a fraudster pays for goods or services by a fraudulent cheque. The cheque is made for a higher amount than the actual value.
The business reimburses the fraudster with the excess amount of money that was apparently paid to it in error, before the cheque gets returned unpaid.
Not only does the business not get paid for the goods or services, but also loses further money because of the ‘excess payment’ it paid the fraudster.
Cheque overpayment fraud is often a method used in employment opportunity scams or transactions for goods and services sold through classified adverts.
What is cryptocurrency?
Cryptocurrency is a digital asset that can be traded online and may be used to buy products and services from people or companies who accept this form of payment.
Cryptocurrency isn’t protected by the UK’s Financial Services Compensation Scheme (FSCS) and most exchanges aren’t regulated by the Financial Conduct Authority (FCA). However, it’s attracting more attention as a potentially lucrative investment opportunity due to the fluctuations in value seen over the past few years.
Cryptocurrency is often bought via currency exchange platforms. These are websites where you can buy, sell, or exchange cryptocurrencies for other digital currency or traditional currency like US dollars or Euros. For anyone wanting to trade professionally, you’ll probably need to use an exchange that requires you to verify your ID and open an account or a ‘wallet’ and ideally select one approved by the FCA.
Cryptocurrency scams
Scammers are capitalising on the growing attention cryptocurrency is attracting by offering fake investments that don’t really exist or aren’t worth the money. They may do this by:
- advertising investment opportunities on social media – sometimes using fake endorsements and images of celebrities or public figures. The adverts link to professional-looking websites to trick you into investing using cryptocurrencies or traditional currencies.
- manipulating software to distort prices and investment returns and may even scam people into buying non-existent crypto-assets. The firms operating these scams are usually based outside the UK but will claim to have a UK presence.
How to protect yourself
Before investing in cryptocurrency, we recommend that you:
- follow advice from the Financial Conduct Authority (FCA) regarding cryptocurrency providers, which can be found at fca.org.uk/consumers/cryptoassets
- consider the warnings from the FCA that investors in cryptocurrencies should be prepared to lose all their money and are unlikely to have access to the Financial Ombudsman Service or Financial Services Compensation Scheme if things go wrong
- make sure you understand everything, and you only invest money you can afford to lose
- always have sole control of your cryptocurrency ‘wallet’ and give nobody else access - if you didn’t set the wallet up yourself or you can’t access the money it’s likely to be a scam.
If you have any concerns that you’re being scammed, please contact Coutts 24 on 020 7957 2424 as soon as possible.
Card
Fraud
How to protect yourself against card fraud
- Always shield your PIN when using a cash machine or while making purchases.
- Try to use cash machines inside bank branches where possible.
- If your card is taken by a cash machine call Coutts 24 straight away. Your card may have been taken by a cash machine due to a fault but occasionally fraudsters will attach card trapping devices to cash machines. Once you leave the machine the fraudster will remove the card from the slot. Coutts 24 will cancel your card straight away, order your new card and endeavour to ensure that you have access to cash if needed.
- When purchasing online only use secure websites – those with an address beginning with ‘https://’ where the padlock symbol is displayed. Also be careful if the product is being offered at a huge discount.
- If you are experiencing any issue with your card call Coutts 24 on 0207 957 2424. It may be that your card has been damaged or there is another reason why your card is not working as expected.
Online Verification
One of the main benefits of Internet shopping is the extra time it gives you to enjoy life offline.
We have introduced additional layers of security for your Coutts cards that will make online shopping less obtrusive but no less safe. The new service will also be easier to use as there is no need to register or remember a password.
Coutts Online Verification uses the latest technology to help protect you against fraud and confirm it is really you making an online payment with your Coutts cards. For more details on how this service works, please visit our dedicated page
There's no need to sign up for a new card or to download any new software.
Cheque
Fraud
How to protect yourself against cheque fraud
- Don’t accept cheques from anyone unless you know and trust them, especially when of a high-value. Consider alternative means of accepting payment for high-value items – electronic payments are ideal.
- Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved involved in sending electronic payments are ideal.
- Before releasing any goods ensure you are fully aware of the cheque clearing timescales and if you are in any doubt about whether a cheque has cleared then call Coutts 24 on 020 7957 2424.
- Keep your cheque book in a safe place and report any missing cheques immediately.
- If posting cheques consider consider confirming receipt with the beneficiary or send by secure post.
Scams Involving Cheques
Counterfeit cheques are manufactured or printed on non-bank paper to look exactly like genuine cheques. Usually the bank details quoted are correct. Fraudsters may send the cheque to you, or directly to the bank requesting that it be credited to your account without you ever seeing the physical cheque.
A common method used by fraudsters is known as ‘overpayment’. This is when you are paid for more than the agreed value using a fraudulent cheque. The fraudster will likely provide an excuse for the additional amount and request that the difference is sent back to them before the cheque has cleared, leaving you potentially out of pocket. This type of scam has targeted business and individuals, especially those who buy and sell items online.
Identity
theft
- Never write down or divulge your security identification answers or passwords to anyone, unless you are certain that you are talking to a Coutts member of staff.
- If in doubt hang up and call us back on a known Coutts telephone number:
0207 957 2424 - Coutts 24 - If you provide us with new contact details, you will receive a call from our security team to validate the details.
- If you provide us with a payment instruction you may receive a security call back.
- Always securely store your banking, financial and valuable personal documents, such as your passport.
- Shred all financial documents before you throw them away, ideally with a cross cut shredder.
- Be aware what personal information you share on social networking sites, for example, date of birth.
- A variety of ‘harmless’ communications in different formats can be used together to steal your identity or commit fraud.
If you are concerned about someone using your identity, here are some useful links.
Checking your credit file
Fraud Prevention Service
Investment
fraud
Investment fraud involves the purchase of an item taht seems to offer a return that is more attractive than a conventional investment.
- Goods offered can include shares, fine wine, gemstones, art, antiques and other rare high value items.
- In reality, the investment opportunity is a scam and what is offered is often over priced, very high risk and difficult to sell on, or non-existent.
- Sometimes the investment can appear to be reassuringly expensive, and still a scam.
- Even traditional safe investments such as property can pose a risk – plots of agricultural land sold for development can in reality have virtually no development potential.
How to protect yourself against investment fraud
- Always seek reputable independent or legal advice before you commit to any investment.
- Before you hand over any money, ensure the firm you use is on the FCA register, and is therefore allowed to give financial advice.
- The FCA also maintains a regularly updated list of unauthorised businesses detailing those believed to be involved in fraudulent activities.
- If you need independent advice or are unsure what to do in the case of suspected fraud, contact the FCA directly.
- You can also contact your Wealth Manager or Coutts 24 on 0207 957 2424 if you have any concerns.
Social
Media
How to protect yourself when using social media
- Be aware what personal information you share on social networking sites, for example, date of birth.
- Children can be targets who unwittingly reveal personal information, such as birthdays, schools, holidays and pet names to ‘friends’.
- Media and press interviews can be used to quickly build up a picture of an individual, when taken with information available through social media.
- Don’t let your audience know if you’re going away on business or holiday.
- Be aware of what friends post about you and your family’s activities.
- Be aware that sites such as Instagram, Pinterest and YouTube can carry the same risks as Facebook and Twitter.
- Understand your security settings and who you're sharing your information with.
A variety of ‘harmless’ communications in different formats can be used together to steal your identity or commit fraud.
If you are concerned about someone using your identity, here are some useful links.
Checking your credit file
Fraud Prevention Service
Telephony Fraud
And Vishing
Fraudsters use many techniques to obtain password and security credentials. Vishing is when criminals attempt to obtain sensitive and personal information, such as user names, passwords and card reader codes over the telephone.
Often a fraudster will call the victim and claim to be from the bank or a police official and ask for bank account details, card details, three-digit security numbers, PINs, online banking passcodes or telephone banking security passwords.
- Don’t assume anyone who has called you or left you a voicemail message is who they say they are.
- Never disclose online passcodes, security codes, PINs or card details to anyone who phones you. We will never, ever ask you for them by phone, text or email.
- Remember that caller display cannot always be trusted and callers may not be who they say they are. If in doubt, hang up and call us back on a number you recognise from a different phone.
- If you receive a call about your bank account or a transaction and have any doubts about the person’s true identity, hang up and call us on a known Coutts telephone number.
020 7957 2424 - Coutts 24
020 7770 0011- Coutts fraud team
General Online
Fraud Advice
- Ensure that your operating system and software are kept up to date.
- Anti-malware application/software are able to assist recovery of your device or remotely wipe its data.
- Always enable PINs or password to access your device in the event that it is lost or stolen.
- When purchasing online only use secure websites – those with an address beginning with https:// where the padlock symbol is displayed.
- Be wary of clicking on links or attachments in emails, particularly if you are not expecting to receive it
- Not all phishing e-mails are sent to large groups of random people.
- Spear-phishing is a term used when fraudsters target a specific individual with an email and attachment that the target is more likely to open as it will typically contain something of interest.
- For example, an email purporting to be from your gym with changing opening times, or a parcel that could not be delivered to you.
- Never provide your personal details, including your card details, online username or passcodes in response to an email or telephone call.
- CouttsID offers an easier and more efficient way of logging into Coutts Online, authorising payments and making changes to your contact details. CouttsID replaces the need for you card and card reader. To find out more on how to register please visit coutts.com/digital
Useful
Links
FRAUD WEBSITES
Action Fraud
The UK's national fraud and internet crime reporting centre, Action Fraud provides a central point of contact for information about fraud and financially motivated internet crime. Should you become a victim of fraud, incidents reported to Action Fraud will be designated a police crime reference number.
Take Five to Stop Fraud
Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations. Led by Financial Fraud Action UK Ltd. (FFA UK), it is being delivered with and through a range of partners in the UK payments industry, financial services firms, law enforcement agencies, telecommunication providers, commercial, public and third sector.
Get Safe Online
Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety.
Friends Against Scams
Friends Against Scams is a National Trading Standards (NTS) Scams Team initiative, which aims to protect and prevent people from becoming victims of scams by empowering communities to "Take a Stand Against Scams".
Bank Safe Online
The UK banking industry group serves as a good source of information about phishing, money mules and trojans.
CREDIT CHECK AGENCIES
Equifax and Experian
Credit check agencies provide reports which consumers can use to understand, manage and control their credit score.
OTHER
CIFAS
Provides fraud prevention services to individuals and organisations using the latest technology
Citizens Advice
Offers free, impartial and independent advice relating to fraud and other topics.
Financial Services Register
A public record of all firms, individuals and other bodies that are regulated by the Financial Conduct Authority.
Visit Financial services register
Financial Conduct Authority
The FCA regulates the financial industry in the UK.
Visit the Financial Conduct Authority
UK Finance
UK Finance shows how financial services firms can help if you are a victim of financial abuse.
Security Disclosure Policy
The Coutts’ dedicated team of security professionals work vigilantly to help keep client information secure, and we recognise the important role that security researchers and our clients also play.
Security Disclosure SUBMISSION TERMS
We run an amnesty for security researchers who, in good faith, identify vulnerabilities our online systems.
A Security Disclosure is something you want to tell us about which impacts the confidentiality, integrity, or availability of bank or client data or systems.
If you have identified a potential vulnerability you can email us after reading the Security Disclosure Submission Terms, which contain all the information you need to be aware of before making a submission.
If you discover or submit a vulnerability you should:
· Not break any laws.
· Make the Security Disclosure voluntarily
· Be aged 16 or over, unless you have a Parent or Guardian’s permission.
Staff or their family members should follow the published internal process.
Email us at: security.disclosures@coutts.com
Important information
Disclosure Scope
We want to hear from you if you discover a site, application or system with a vulnerability on:
· coutts.com
· *.coutts.com
Including this IP range:
· 193.8.48.0 - 193.8.53.255
Do's and Dont's
Do:
· Act in a responsible way
· Provide complete details so we have maximum opportunity to resolve any issues
· Assume penetration testing experts will be reviewing your submission
· Report common vulnerabilities but don’t explain the problem and the impact, just point out where it lies.
· Report esoteric or very new issues and fully explain the problem.
· Cite references or sources
Don’t:
· Put any Client or Coutts data at risk, degrade any of our system’s performance, or conduct any type of Denial of Service attack
If our security operations centre identify your actions this will be treated as an attack and not a Security Disclosure submission. We may take action against any attacks, including reporting them to the police.
What to include in your submission
We want to get as much information from you so we can validate and fix any potential vulnerability quickly. Please try to provide as much information as possible, including:
· A description of the vulnerability including the exploitability and impact if not a common attack type
· Steps required to exploit the vulnerability including: URL(s)/application(s) affected Prior conditions required (for example, logged in, not logged in, previous actions ) and how to demonstrate the problem
· IPs used when the vulnerability was discovered
· If post authentication, the user ID used when the vulnerability was discovered
· A Proof of Concept
· Names of any files uploaded to our systems
If you do not include everything in this list, this could delay or prevent us from validating and fixing the vulnerability. Responses to Low/Informational issues will be de-prioritised. Save all your logs as we will ask you to make them available to us.
Submissions we won't respond to
We won’t respond to or analyse submissions covering:
· Vulnerabilities dependent upon social engineering techniques (e.g. shoulder attack, stealing devices, phishing, fraud, stolen credentials)
· Denial of service (DOS)
· Self-XSS (User defined payload)
· Vulnerabilities which require a jailbroken mobile device
· Most vulnerabilities within identified test, UAT, lab, bankofapis or staging environments
· Outdated web browsers: vulnerabilities contingent upon outdated or unpatched browsers, including Internet Explorer versions prior to version 8
· Vulnerabilities involving active content such as web browser add-ons
· Disclosure of public information or information that does not present risk to us or our clients (for example, web server type disclosure)
· Vulnerabilities contingent on a client system previously being compromised
Recognition and thanks
We may highlight anyone who has made a submission which has significantly helped us keep our clients safe and secure. We will always ask for your consent before doing this.
Confidentiality
Information relating to our technology and information security arrangements is confidential. Any information you receive or collect about us or any Coutts user as part of your research prior to making a Security Disclosure submission as detailed in this Policy and these Terms must therefore be kept confidential and only used in connection with the Security Disclosure. You may not use, disclose or distribute any such information without our prior written consent. Any such information should be deleted once your submission has been received.
* We may change this Security Disclosure Policy and the Security Disclosure Policy Terms from time to time. We may also cancel them and our Security Disclosure programme at any time. We’ll let you know on this page if we do this.
The basics
- Never disclose your PIN or online security codes to anyone. We will never, ever ask you for them by phone, text or email
- Be wary of clicking on links or attachments in emails, particularly if you are not expecting to receive it
- Install anti-virus/firewall software on all of your devices (eg computers, tablets, phones, etc) and update it regularly
- Remember that caller display cannot always be trusted and callers may not be who they say they are. If in doubt, hang up and call us back on a number you recognise from a different phone
- Choose strong passwords and do not use the same PIN and password for everything
- Keep your bank updated with new contact details
- Check your statements and report anything you do not recognise
- Securely store financial and other valuable documents, such as your passport
- Ensure you dispose of documents diligently (for example, use a cross cut shredder to destroy statements when no longer required)
Protect your payments from scams
Scams can have a devastating impact on victims and it's important you understand the risks of making payments to scammers.
Please read our advice before proceeding with any payments
| I've been asked to transfer money unexpectedly | Who has asked you to transfer money?
Fraudsters may contact you pretending to be from the Bank, the Police or other organisations you trust and ask you to transfer money to another account.
Remember: A bank or genuine organisation will never contact you out of the blue asking you to move your money to keep it safe. |
| I'm making an investment | Before you make the payment, consider whether this opportunity is genuine.
Scammers will do their homework and make it their business to know as much about you as possible, this doesn't mean the offer is genuine. |
| I'm paying for a service or making a purchase | Always double check the bank details of the person you’re paying by contacting them on a number you can trust.
Fraudsters can intercept emails and invoices and change payment details. If you send money to a different account than the one you intended it can be very difficult for us to recover it and you may lose your money. |
| I'm sending money to someone I've never met | Always ask yourself how well you truly know the person and how reliable they are.
|
| Are you amending payment details? | Fraudsters may contact you and ask you to change details of a saved payee.
|
| Further information and support | Never be pressured into transferring money. If you're unsure, we suggest you take a day or two to think about what's being asked and talk it through with someone you can really trust.
|
Staying safe online
Online fraud is becoming increasingly sophisticated, with malware and phishing allowing cyber criminals to access computers, account numbers and other personal information. Antivirus software is vital for your security, but criminals are constantly seeking new and smarter ways to steal your identity and take money from your bank account.
- Installing Antivirus – helps to stop threats by scanning your device and looking for suspicious files. Install anti-virus software on all of your devices (eg computers, tablets and phones) and update it regularly
- Installing a Firewall – hides your computer from attackers and helps stop criminals getting data in and out of your computer
News and insights
