Common scams
Protecting yourself from fraud is easier with a little know-how of the type of scams out there. Here's how to spot them and what to do.
Bank transfer (APP fraud) scams
Authorised Push Payment fraud (APP fraud) happens when someone tricks you into sending money to them. You may be contacted by phone, text message, email or social media and they may sound very convincing, pretending to be your bank, the police, an energy company, a retailer or holiday company. If you’re suspicious, hang up and contact the company on a trusted number, or report the messages and texts.
Remember:
We’ll never contact you out of the blue and ask you to send money to another account. Find out more on our dedicated APP fraud page.
Phone scams
If someone you don’t know calls to ask for personal details or to transfer money into a bank account, it’s probably a vishing scam. Vishing is like phishing, but happens over the phone. The scammer may pretend to be from your bank, internet/phone provider or even the police.
How to protect yourself:
- Ask the caller for their name and where they are calling from. Then hang up and call the company back on a number you know and trust.Ask the caller for their name and where they are calling from. Then hang up and call the company back on a number you know and trust.
- Always call back from a different phone to the one you received the call on. If you can't access another phone, wait five minutes or dial a different number before making the call.Always call back from a different phone to the one you received the call on. If you can't access another phone, wait five minutes or dial a different number before making the call.
- If the caller tries to rush you, stop and think. This is a tell-tale sign of a scam.If the caller tries to rush you, stop and think. This is a tell-tale sign of a scam.
- Don’t give your banking or personal details to anyone who calls you out of the blue.Don’t give your banking or personal details to anyone who calls you out of the blue.
- Don’t allow anyone who calls you unexpectedly to remotely access your computer.Don’t allow anyone who calls you unexpectedly to remotely access your computer.
Text scams
Text scams, otherwise known as smishing, can be just like email scams, appearing to be an official message from your bank or phone provider – examples are a security alert or special offer for customers. These texts contain a link to a fraudulent site or a fake phone number to call. They often tell you to act fast, so you don’t have time to stop and think
How to protect yourself:
- Look out for texts with a generic greeting rather than addressing you by name.Look out for texts with a generic greeting rather than addressing you by name.
- Poor grammar, punctuation or layout indicate it’s likely to be a smishing text.Poor grammar, punctuation or layout indicate it’s likely to be a smishing text.
- Never use a link that’s sent to you by text to log into your account. Same goes for phone numbers – don’t call a number texted to you.Never use a link that’s sent to you by text to log into your account. Same goes for phone numbers – don’t call a number texted to you.
- Fraudsters can spoof the number they’re texting from so don’t trust texts that come out of the blue, even if they appear to be from your bank.Fraudsters can spoof the number they’re texting from so don’t trust texts that come out of the blue, even if they appear to be from your bank.
Remember:
If you receive a suspicious text, report it to your network operator. Simply forward the text to 7726. This won’t cost you anything.
Online fraud
Our computer systems have specialised multi-layered security to protect your accounts, but fraudsters may instead try to access your computer using malware.
What’s malware?
It’s harmful software designed to infect your computer without you realising. It can take control of your machine and steal your security or bank details.
How to protect yourself:
- Be cautious when downloading files and attachments. Do you trust the source?Be cautious when downloading files and attachments. Do you trust the source?
- Be wary of companies that ask you to download software that allows them access to your computer or device.Be wary of companies that ask you to download software that allows them access to your computer or device.
- We only distribute our Mobile Banking App from Google Play Store or the App Store. Don’t download our Mobile Banking App from anywhere else.We only distribute our Mobile Banking App from Google Play Store or the App Store. Don’t download our Mobile Banking App from anywhere else.
- Use anti-virus and security software, firewalls and anti-spyware, and keep them updated.Use anti-virus and security software, firewalls and anti-spyware, and keep them updated.
Email scams
Fraudulent emails, often called phishing emails, trick you into sharing personal information or access to your accounts. They can be very convincing, and anyone can be fooled by them.
How to protect yourself:
- Look at the email address of the sender. The email itself may say it’s from, say, HMRC or TV Licensing, but the address won’t match this.Look at the email address of the sender. The email itself may say it’s from, say, HMRC or TV Licensing, but the address won’t match this.
- Be wary of messages offering you free vouchers or alerting you to a notification or problem with your account or security.Be wary of messages offering you free vouchers or alerting you to a notification or problem with your account or security.
- Don’t click any links in an email that you suspect isn’t genuine - especially if it is a link that asks you to log into your account or asks for credit card details. These links usually lead to a fake site that takes your personal information.Don’t click any links in an email that you suspect isn’t genuine - especially if it is a link that asks you to log into your account or asks for credit card details. These links usually lead to a fake site that takes your personal information.
Remember:
If you've received a suspicious email you think might be a scam, forward it to us at phishing@tescobank.com
Identifying emails from us
- If an email is from Tesco Bank, any links to our site will include tescobank.com in the email address. If you’re not sure, visit our website directly instead of using the link in the email.If an email is from Tesco Bank, any links to our site will include tescobank.com in the email address. If you’re not sure, visit our website directly instead of using the link in the email.
- We’ll never ask you to log into Online Banking via a link in an email or text message.We’ll never ask you to log into Online Banking via a link in an email or text message.
- We’ll never ask you for your full 6-digit PIN, either by phone or online and we’ll also never call to ask you for your full 6-digit one-time pass code. This should be treated just like your PIN and never shared with anyone.We’ll never ask you for your full 6-digit PIN, either by phone or online and we’ll also never call to ask you for your full 6-digit one-time pass code. This should be treated just like your PIN and never shared with anyone.
- If you haven’t opted out of receiving marketing emails, we may occasionally send you other Tesco and Tesco Bank offers.If you haven’t opted out of receiving marketing emails, we may occasionally send you other Tesco and Tesco Bank offers.
We're here if you need us
If you're not sure whether a phone call, text message or letter is genuine, call the number on your statement or card or feel free to get in touch.
Additional support from Cifas
Cifas is a not-for-profit fraud organisation. It provides information and tools to help you understand fraud and financial crime, and advice on how to protect yourself.
If you’ve been a victim of identity fraud, or are worried your personal data is at risk, they offer Protective Registration. This is a paid-for service with Cifas that aims to protect against identity fraud for two years. You might be at a higher risk of identity theft if:
- Your personal documents have recently been lost or stolenYour personal documents have recently been lost or stolen
- You’re the customer of an organisation that has recently lost or leaked dataYou’re the customer of an organisation that has recently lost or leaked data
- You’ve been advised by the police that you’re at risk of identity theftYou’ve been advised by the police that you’re at risk of identity theft
To help protect you, Cifas’ Protective Registration adds a warning flag against your name on a register that’s shared with other organisations. That means they know to pay close attention if your details are used to purchase products or services.
Top tip:
The following information may also be helpful:
Citizens Advice: Check if something might be a scam
Age UK: Support for scam victims