Stop! Think Fraud.

It's really great when you get an email like this it can help people who are very vulnerable to online crime even people who think they can't be misled sometimes our victims of crime also so any information is good.

Generally you shouldn’t click links in your email (mentioned in this article). And this was emailed out to people via a link to click. Not ideal! Companies (including banks) could do much better by practicing what they preach when it comes to educating the less informed about how to protect themselves online.

So why did you click the link?

Possibly because they shared digits from your account and phone number, showing the email was very likely to be genuine. And, it led to an information page requesting no personal details.

Rather than simply criticise, what would you have done differently?

TLDR - my last paragraph.

Thank you for asking me for more information. (The reason I didn’t include everything originally is because it would take longer. Well here’s some extra info - and yes I am still omitting some of my life experience so that it’s not even longer)

I didn’t click the link - I found the page via searching for it on Google (after seeing the email) which is generally safer than clicking links in email (albeit slightly complicated to explain what is and isn’t safe to click on in a Google search - basically don’t click on ads or anything deep into the search results without extra checks).

I’m (above average) aware of online safety and this article provides some very good information. Anyone who is not confident (and some who are) about protecting themselves online should read this article. It’s a great start! I’m not criticising the article but the fact they sent it via a massive “click this big blue link”. That is the kind of conditioning that helps the scammers trick the most vulnerable. I would simply have sent this info by email and not send the traffic to this page (is there a financial motive to sending us here?). They alternatively could have advised people to come to our website to see our new “Stop! Think Fraud.” article (a less good option imo).

They did provide extra (albeit small and not the most visible part of the email) account information to provide those in the know that it’s much more likely to be genuine. But this article is not targeting experts (I would not call myself one, btw) and therefore targeted at people who may not know to double check before clicking on email links (“maybe it’s not from who you think it is”). I did specifically say it is GENERALLY not advised (I’m emphasising the word - not shouting). And when they super easily could have given this info in the email instead of via a link - I facepalm.

Finally, my only other point was that many companies employ bad practice which helps the fraudsters. Once (only once), my bank called me (unsolicited) for a survey and asked for my date of birth to confirm it was really me. That’s just awful practice - that’ll make people think that it’s normal to give out these details to random callers. When they set up the system, they were not giving enough thought to “what if fraudsters use this against our customers”?

I hope this extra info helps clear up my view on the article (it’s good!) and the point I was trying to make about companies encouraging online safety (think from the point of view of a scammer and how they will take advantage of our practices).

Nice reply - I think we are on the same side :)

Agreed - they could have put the information in the email.

I use a second ID mobile sim just for my Bank. I don’t use the number for anything else and no one else knows it. Most phones are dual sim these days so no need for Two phones. You can also use the extra data if required.