Protecting yourself from common scams and fraud

Knowing the common scams and how to spot a genuine email, texts and calls from us will help you protect yourself from fraud.

What to look out for

Be cautious with any email, text or call you receive about your accounts, especially when it comes out of the blue. Fraudsters use these ways to contact you to try and trick you into sending them your personal information or money.

  • Unexpected contact from someone asking for your PINs or Passwords is sure to be a scam. We’ll never ask for this information in full.
  • Never share personal information with someone who cannot prove who they say they are. If this happens end the phone call, or don’t reply to texts or emails. If the person says they’re from a company, look for their official contact details online and get back in touch that way.
  • Does the deal seem to be good to be true, or are you being pressured to do something quickly? It’s probably a scam - these are common tricks used by fraudsters.

Common tricks fraudsters use

1. Bank transfer (APP fraud) scams

Authorised Push Payment fraud (APP fraud) happens when someone tricks you into sending money to them under false pretences. Fraudsters may contact you by phone, email or social media, pretending to be someone else.

These scams can be complex and very convincing. APP fraud payments are requested by bank transfer or other types of online payment, so they can’t be reversed once you realise you’ve been a victim.

How to protect yourself:

If you are contacted and asked to send money, stop and think – ask yourself if this could be a scam?

  • We’ll never contact you out of the blue and ask you to send money to another account.
  • If someone from a company or well-known organisation asks to you make a payment, take whatever time you need to check they are who they say they are.
  • Have you been told you need to make an urgent payment? Be wary, this is a common APP fraud trick. Fraudsters try to rush you into acting before you’ve had time to think things through.

Find out more on our dedicated APP fraud page.

    2. Email scams

    Fraudsters try to take advantage of emails to trick you into sharing personal information or access to your accounts. Their fraudulent emails can be very convincing.

    What is Phishing?

    Phishing emails are a confidence trick. They appear to be from your bank or legitimate organisations and can look genuine. However, they contain links or attachments that can take you to dangerous fake websites or download malware.

    How to protect yourself:

    • Click to look at the email address of the sender of any suspicious messages. The email may say it’s from HMRC or TV Licensing, but the address won’t match this.
    • Be wary of messages offering you free vouchers or alerting you to a notification or problem with your account or security.
    • Don’t click any links in an email that you suspect. Especially if it is a link that asks you to log in to your account - these links usually lead to a fake site that it is used to steal your personal information.

    If you’ve received a suspicious email that you think might be a scam, send it to us at phishing@tescobank.com

      3. Phone scams

      Be vigilant when someone you don’t know calls you. Fraudsters will aim to trick you into giving them your details or transferring money into a bank account they have control over.

      What is Vishing?

      Vishing is just like phishing, but it happens over the phone. Fraudsters may call pretending to be your bank or your internet/phone provider or even the police.

      How to protect yourself:

      • Ask the caller for their name and where they are calling from. Then hang up and call the company back on a number that you know and trust.
      • Always call back from another phone to the one you received the call on. If you can't access another phone, wait five minutes, or call a friend before making the call.
      • If the caller tries to rush you, stop and think. This is a tell-tale sign of a scam.
      • Never give out your any of your banking or personal details to anyone who calls you unexpectedly.
      • Never allow anyone who calls you unexpectedly to remotely access your computer.

      Text scams

      Texts can be used just like phishing emails, appearing to be an official message from your bank. Fraudsters often copy the security alert or offer messages banks send to their customers.

      What is Smishing?

      Smishing messages are texts that contain a link to a dangerous site, or a fake phone number to call. The messages look authentic, often telling you that a refund is ready for you, or there’s a problem with your account. They usually have a sense of urgency, telling you to ‘act fast’.

      How to protect yourself:

      • Look out for texts with a generic greeting, that don’t address you by name.
      • If you see poor grammar, punctuation or layout it’s likely to be a smishing text.
      • Never use a link to login to your account that’s sent to you by text. Same goes for phone numbers – don’t call a number texted to you.
      • Fraudsters can spoof the number they’re texting from - so don’t trust texts that come out of the blue even if they appear to be from your bank.

      If you receive a suspicious text, report it to your network operator. Simply forward the text to 7726. This won’t cost you anything.

        4. Online fraud

        We have specialised multi-layered security to protect your accounts with our computer systems. Fraudsters may instead attack your computer using malware.

        What is Malware?

        Malware is harmful software designed to infect your computer without your consent or knowledge. Malware can take control of your computer and steal your security or bank details.

        How to protect yourself:

        Being careful is the best defence, especially when clicking on attachments and links that are sent to you by email or text.

        • Be cautious when downloading files and attachments, do you trust the source?
        • Be wary of companies that ask you to download software that allows them access to your computer or device.
        • We only distribute our Mobile Banking App from Google Play Store or the App Store. Don’t download our Mobile Banking App from anywhere else.
        • Use anti-virus and security software, firewalls and anti-spyware and keep them updated.

        Identifying emails from us

        If an email is from Tesco Bank:

        • Any links to the Tesco Bank site will include tescobank.com in the address. If you have any suspicions, visit our website directly instead of using the link in the email.
        • We’ll never ask you to login to Online Banking via a link in an email or text message.
        • We’ll never ask you for your full 6-digit PIN, either by phone or online.
        • We’ll never email you links that direct you to your account login page.
        • If you haven’t opted out of receiving marketing emails, we may occasionally send you offers about other Tesco and Tesco Bank offers.

        Help with any suspicious contact

        If you doubt the authenticity of a phone call, text message or letter then please call the number on your statement or card. Or find a relevant security and fraud number:

          Additional support from Cifas

          Cifas is a not-for-profit fraud organisation. It provides information and tools to help you understand fraud and financial crime, and advice on how to protect yourself.

          If you’ve been a victim of identity fraud, or are worried your personal data is at risk, they offer Protective Registration. You might be at a higher risk of identity theft if:

          • Your personal documents have recently been lost or stolen
          • You’re the customer of an organisation that has recently lost or leaked data
          • You’ve been advised by the police that you’re at risk of identity theft

          To help protect you, Cifas’ Protective Registration adds a warning flag against your name on a register that’s shared with other organisations. That means they know to pay close attention if your details are used to purchase products or services. Visit Cifas.org.uk for more information.

          The following information may also be helpful: