Fraud – How to Spot a Potential Scam
Being a regulated financial advice and investment management firm, we have to store certain information about you that forms part of our record of your overall financial position. All businesses are at risk of fraudulent activity and must protect their clients and themselves as best they can. This is especially true of a business like ours that manages money on others behalf and hold the type of personal data that we do.
The frequency of fraud attempts has increased in recent years and we’re seeing scams become more and more sophisticated. Below, we have covered a brief overview of the measures we have in place to ensure the security of your data and minimise the risks of fraud, as well as giving you some general tips on how to spot a scam and avoid it.
The vast majority of financial firms (advisers, lenders and banks) must be registered with the Financial Conduct Authority (the FCA). You can search their register to check a firm is genuine, to review if they have any sanctions, see who works for them (all financial advisers, directors and other significant roles are on the register) and even if they have reported a cloned website. You can also check Companies House to ensure the business/individual is listed.
Every firm you deal with will have slightly different procedures – one bank may call you to verify transactions whilst another might state they will never call you. Some banks never ask for part of your passwords or log in codes, but others may ask for random digits to verify your identity. Never give out your bank details to anyone when you aren’t sure who they are. If you’re dealing with a company that already has your details, they won’t ever ask to repeat things in full (they may ask for characters from passwords or the random digits of bank account numbers etc but never the whole word or number). It’s a good idea to read the policies for every financial company you have contact with. This includes banks but also any company that keeps your bank details as scammers can target any service (such as utility companies) where you might be tempted to give payment details out. Get familiar with what they will and won’t ask from you. If you’re ever unsure, hang up the phone and find a number online to contact the company back. You can always ask for the name or extension number of who you’re speaking with, to get back through to them. That way you know you’re definitely speaking to a genuine source.
Be careful what you divulge via email – you shouldn’t include anything specific about your position. For example, the amount outstanding on a loan or where your savings are held or invested. Doing so could give a scammer sufficient information to later fool you into thinking they are genuine. We would encourage you to never put information such as your whole plan numbers or values or address or bank details into an email, or attach any documents that show these details or any photo ID. It can be tempting to do so, as it is more convenient than post. Many firms (including Wise) will have a secure messaging service that can be used safety as an alternative to email and post.
Be suspicious of urgent requests – some scams rely on a knee jerk reaction to access your data and eventually your money. They may try and convince you that you need to make an immediate withdrawal, as the financial company you are invested with is in financial difficulty. Or that your account has been compromised and you need to move your money to a new ‘safe’ account immediately. Scammers utilise urgency to try and fool you into making the transaction. Often you will be told not to alert the company that you know they are in financial difficulty, or to give a false reason to them for wanting to make the withdrawal. You should never act on a request like this. Instead, contact the firm directly using a number you already know or find one yourself online. Don’t take a number from the potential scammer as you will just get back through to them. If in any doubt, contact your local Police on their non-emergency number 101.
Never be fooled into buy an online gift card – some scammers will make you think you owe them money because they have accidentally issued a refund to you or cancelled an online subscription service (such as Amazon Prime or Netflix). The scammers will often try and make you believe that they will be personally held responsible for the error, and be withheld wages as a result. They will ask you to purchase a gift card for the accidentally cancelled or refunded service to rectify the situation. They will then use the serial number from the gift card to steal the money. These types of scams are often completely untraceable. Banks struggle to refund the victims as they have willingly made the payment.
Ultimately – If someone calls you and you aren’t convinced that they are who they say they are then simply hang up. If they are genuine, they won’t mind you calling them back on an alternative number. If you’re using a landline to make and receive calls, ensure the line is clear before placing your outgoing call. Some scammers will sit on a call even if you’ve hung up. This blocks the line, and they will then pretend to be the genuine company when you ring back. Most companies call tell you immediately if it was them who called you, and continue the conversation from where it left off. The same goes for emails – if you aren’t sure, don’t reply and either use the usual firms email address, messaging service or call them to check (especially if you think your email may have been hacked).
A legitimate request would very rarely ask you to:
- Withdraw money.
- Make an immediate payment.
- Move money to another account.
- Buy a gift card.
- Hand over your physical bank cards or bank details.
- Give out your card’s PIN.
- Read out a verification code from a text message or app.
- Give your full password (some companies may ask for specific digits).
- Grant remote access to your computer.
- Tell you not to tell anyone (including friends or family) what they have asked to you.
You should always be suspicious of any request that:
- Sounds urgent or threatening.
- Doesn’t feel like a usual communication you receive from that company.
- Uses generic greetings for specific requests (such as Dear Client).
- Has spelling or grammar mistakes.
- Email addresses or phone numbers that you don’t recognise.
- Emails with links or attachments you aren’t expecting.
- Recorded messages that ask you to press buttons.
- Ask you for full account numbers or passwords.
Our long-term personal relationships with our clients go a long way towards protecting you – we often know you by voice alone, and certainly whether something sounds out of character for you. We also have internal security measures to help reduce fraudulent activity. We will always contact you by phone to check the validity of an email from you requesting a withdrawal, for example. We rarely use temporary staff and will always notify you if your direct points of contact are changing for any reason. All our staff have a criminal record check.
Things Wise will never do….
- Ask for your bank details over the phone, by email or on the portal.
- Put personal details (other than your name) into emails.
- Take instructions from you by email (we will confirm through another channel).
- Ask you to add new money to your account, make a withdrawal or transfer money to another account (we only do these things at your request).
- Ask you for your client portal password or multifactor authentication details.
- Get you to log in your My Wise Investment portal (unless you are calling us for support on portal and we are helping you with that)
- Request you make a payment to our company bank account unless you are paying an invoice.
- Make automated phone calls or use a recorded message system other than our answer phone picking up when we are unavailable.
- Give out any information to anyone who isn’t the account owner or has proper authority (such as signed declaration or Power of Attorney document).
- Be offended if you hang up on us if you aren’t sure we are who we say we are!
Things Wise will do…
- Ask security questions to verify your identify before giving out personal details or taking instructions. We do this if you call us or if we call you.
- We do sometimes need your bank details on application forms or to verify to make payments to you – we will explain why we need this information and will ask you to provide a voided cheque or your debit card to prove the account is yours.
- We post letters or use the My Wise Investment portal for anything that contains personal data.
- We may send generic information or documents from various Wise email addresses (always @wiseinvestment.co.uk).
- Contact you by phone, post or through the My Wise Investment portal to confirm any instruction you have given us by email.
- Require evidence if you are changing your details – such as a marriage certificate for a change of name or utility bill for change of address.
- Only pay withdrawals into a bank account owned by you (the account owner) or to an executor.
- We do use links to website articles if you have signed up to receive them and we may occasionally send attachments, but if you are ever unsure about something, please call us to confirm.
A government agency that keeps a record of every limited company, including naming it’s directors and sometimes holding records of their business accounts.
Financial Conduct Authority
The UK Financial Services regulator where every single business that provides financial advice (including investments, pensions, mortgage and banks) is listed. The record includes a list of all people authorised to give financial advice as well as the names of people who run the business.
A government agency that provides useful advice and a way to report possible fraud.
National Cyber Security Centre
The NCSC is a government agency and this section of their website provides useful guidance including how to set up secure passwords for online services.
This article is intended for information only, and does not constitute advice. All information is based on our understanding of current law and practice, which may be subject to change in the future. Wise Investments Limited is authorised and regulated by the Financial Conduct Authority, FCA no. 230553.