Security Hub

Overview
How to stay safe

How to stay safe

Be aware of specific threats and the different types of potential fraudulent attacks online.

Top tips to stay safe online

  • Protect your identity when you're online - Create strong passwords, change them regularly, don't use the same password for different sites, don't write them down and don't give them to anyone else.
  • Don't open emails from suspicious senders - If you receive a suspicious email, don't click on any links or download any attachments.
  • Keep your computer software up to date - Set your computer to receive automatic updates and the latest versions of operating systems, anti-virus software and internet browsers. A lot of updates include important security fixes.
  • Turn your computer off when you're not using it - It sounds simple, but it's often overlooked. By turning your computer off, not only will you save on your energy bills but you'll also prevent any unauthorised access while you're away.
  • Only download software from trusted websites - If you need to download software, use trusted sources and go directly to their websites instead of downloading from a third party.
  • Secure your wifi connection - Make sure your wireless broadband router is secured with a strong password, and disconnect it if you don't need it for long periods. Be wary of using free public WIFI services if you're entering personal information.
  • Keep your mobile secure - Log out of Apps when you have finished using them. Make sure the password function for your smartphone requires you to input this every time you use your phone and don’t leave your mobile unattended.
  • Beware of unsolicited investment advice - Don't hesitate to contact us or the FCA for advice if you receive unexpected investment tips, or are placed until pressure to invest your money.

Ways to stay safe

Be aware of the different types of potential fraudulent attacks.

Pension Scams

Pension scams

Phone Scams

Phone Scams

Someone who is very good at pretending to be a finance professional for the purpose of fooling you into handing over confidential information.

Find out more

Romance Scams

Romance Fraud

Romance scams involve people being duped into sending money to criminals who go to great lengths to gain a victim's trust, and convince them that they are in a genuine relationship.

Find out more

Trading scams

Fraudsters target investors with false information and advice – this could be via text message, social media or in search results on Google or Bing.

Fraudsters can also pretend to be from established and well-known trading platforms such as ii, through impersonating emails, having fake online adverts, or may even phone you and try to convince you to invest and hand over money into a fraudulent bank account to be invested on your behalf.

The aim of the scam is to convince investors to purchase shares that the fraudsters already hold. 

Since the scam involves enticing customers into buying a real share through a legitimate broker, it suggests that a level of protection exists.

The fraudsters then sell out their holding at a profit, crashing the share price back down and leaving the investors with huge losses. 

This is sometimes referred to as a "Pump and Dump" scam.

What to look out for:

  • Unsolicited contact with investment advice
  • Pressure to invest with a suggestion that investors will miss out if they don’t act quickly
  • Suggestions of high or guaranteed returns

ii will never give you bank account details to pay money into.  If in doubt or if you wish to report a potential fraud, please email phishing@ii.co.uk or phone ii on 0345 607 6001.

For more information about online trading scams, the Financial Conduct Authority have two valuable guides:

If you believe you’ve been affected by a trading scam, you can report this to the FCA here: https://www.fca.org.uk/consumers/report-scam-us

Boiler room scams

What are they?
The term ‘boiler room’ is used to describe illegal, aggressive mis-selling of shares that are worthless, vastly overpriced or ones traded in very limited volumes/markets. The purpose of the sales pitch is to defraud investors and it is typically done with a high-pressure approach.

What happens?
These frauds typically start with a phone call from a person posing as a salesperson for shares in companies you are unlikely to have heard of.

Shares sales fraudsters tend to be very persistent and can be very convincing – even providing authentic-looking websites and information for the company shares they are selling. They will frequently offer gifts and free reports and will often succeed by wearing down the investor until they eventually agree to invest.

If you fall foul of this particular type of fraud there is unfortunately little chance of compensation and you are almost certain to lose any money invested. These scams are almost always operated from foreign countries (whatever the salesperson says). This means the fraudsters are not regulated by an authority which might protect or provide compensation for the victim.

What you can do to protect yourself
You should be particularly cautious if any approach to sell investments directly to you is unsolicited, you are being offered unrealistically high returns on investments, and/or you are asked to keep the approach confidential.

You should always check the validity of any scheme you intend to invest in. Pay particular attention if you find it difficult or impossible to get hold of any real evidence of the scheme’s legitimacy, or find that telephone numbers are untraceable mobile/cell numbers.

If you think you may have been approached by a fraudulent sales person you can check on the FCA website to see if the company they claim to be from is legitimate. If you have any suspicions, you should check with the relevant authority that the company the salesperson claims to represent is on a regulator’s register - and that it is allowed to give financial advice and to make investment sales. If it is not, of you are unable to find this information, you should ignore or terminate any future calls.

Even if the company is on a register, you should not assume that the salesperson actually works for that company. Do your own independent checks and call the firm the salesperson claims to work for on a number not given by the salesperson. Any genuine salesperson will not mind a customer undertaking their own checks.

Identity theft

What is it?
Identity theft is when someone uses your personal details to pretend to be you, often using them for financial gain.

You can be vulnerable to identity theft on social networking sites and when using other online services, as well as in the real world.

What happens?
Once an identity fraudster has your personal details they can access some or several of your accounts, removing money or buying services or goods which you are charged for but, never see.

What you can do to protect yourself
There are a number of precautions you can take, both online and offline, to make sure no one gets hold of your personal details.

Protecting yourself online and on the phone

  • Create strong passwords – with numbers and lower and upper case letters
  • Use different details for different account logins and never disclose them to anyone
  • Verify who you’re speaking to on the phone or online
  • Check your bank and trading statements regularly and report any transactions you don’t recognise
  • Don’t be afraid to say ‘no’ if you think someone is trying to trick you out of information
  • Avoid using the auto-complete option when filling in forms online – your browser stores your details to do this and that information is easy for thieves to access.
  • Don’t post personal details on chat rooms, forums or social networking sites

Password Management

  • Don't choose words or dates obviously associated with you - people can often find out a lot about you online – from your date of birth to your pet's name.
  • Don’t rely on words that can be found in a dictionary – hacking algorithms usually use dictionary entries as the first line of attack.
  • Use a mixture of unusual characters - you can use a word or phrase that you can easily remember but with replaced characters.
  • Keep your passwords safe - writing them down can be highly insecure.
  • Consider changing your passwords on a regular basis – many experts recommend a monthly password change.

Protecting yourself offline

  • Check any statements carefully and securely store statements, bills and confidential letters.
  • Shred personal information you want to throw away – a common way fraudsters get hold of people’s details isn’t online, but by going through their rubbish.
  • Redirect your post using the Royal Mail Redirection Service if you move home.
  • Consider obtaining credit reference reports from providers such as Experian.

Malware 

What is it? 
Malware is the term used for any kind of software that is designed to be used by attackers to gather your personal information (for malicious intent) or cause disruption to your computer or systems in some way.

Even with anti-virus software and firewalls, malware can sometimes get through to cause damage to your computer, track what you do online and give criminals access to your security details. Types of malware include:

  • Computer viruses – software programmes which have the potential to damage your computer and, in some cases, track what you do online passing back information and security details to hackers. You might notice a virus on your computer if it starts behaving uncharacteristically, or you notice changes you can’t account for. For example it may slow down significantly, you may notice that files have been changed or deleted, or you may see messages and pop ups (or even music playing) that you haven’t initiated. Anti-virus software is specifically designed to protect your computer against viruses.
  • Trojans – are software programmes that pretend to be something they are not. Essentially they are harmful programs, often disguised as downloadable files such as screensavers, tools or applications.
  • Spyware - secretly tracks what you do online to get information about your browsing habits, and might display unwanted advertising, while Adware installs pop-ups and advertising on your computer. Spyware and adware can be relatively harmless, but they can scan your hard disk to get your personal details and can slow down your computer.
  • Scareware – is designed to trick you into installing malware. Typically by delivering pop ups which tell you your computer is infected and inviting you to buy software to remove the issue. In reality the software you buy is likely to contain malware

What you can do to protect yourself?
To protect you from any type of computer virus you should always be cautious about sites you visit, links you click on, and any files you download or install – especially if you haven’t requested them.

  • Ensure you have up-to-date anti-virus software installed
  • Use the latest version of any software you use, such as your internet browser
  • Avoid clicking on links or downloading files from sources you don’t know, haven’t requested or aren’t confident about
  • Only buy software from sources you trust.

Phishing 

Phishing is when fraudsters use emails and calls to try to get you to disclose personal information. Phishing attempts can be generic, with the same email sent to millions of people hoping for a handful of responses, or more targeted, using recognisable information to make the email seem more trustworthy. 

In either case, there are often warning signs to watch out for:

  • Generic greetings with little personal information
  • Spelling and grammar mistakes
  • Rewards for responding, or threats of consequences if you do not respond - e.g. the loss of money or closure of an account
  • Information mismatch - e.g. an email claiming to be from your bank but sent using a Gmail account
  • Asking for something - the goal of phishing is always to get something from you

We are continually updating our security procedures to protect your accounts but it is still important that you remain aware of potential threats. Here are some steps you can take to stay safe.

What can you do?

Think

  • Any email asking you to log in or provide your details is almost certainly going to be a phish. Most businesses will specifically not ask you for these details. That is why they cannot tell you what your forgotten password is and why you have to reset it. 
  • If the email is from a business you deal with or someone you know, is the content in line with your previous dealings? Is this a normal request? Even if it is normal, should you be giving them this information? 

Check

  • If you want to check up on an email just to be sure, never use any of the data in the email, it could be compromised or fake. Go to a search engine and find the website of the company. Is there anything on their homepage in line with the email you just received?
  • Log in to your accounts using the method above. Never put your details into a link from a suspicious email. 
  • Contact the sender to clarify or query the email. But use a different method of communication, as it could be possible their account has been compromised and captured. 

Secure

  • Protect your ii account at all times. Be careful what you sign up for with it. Never share your password details and avoid storing them on your desktop or in documents titled "passwords".
  • Pick a good password. Try to avoid dictionary words, think of something memorable but random. Do not make it sequential. A strong password becomes weak if all you are doing is adding 01 on the end and changing it to 02 when prompted. 
  • Be aware of your social presence on the internet. We all have social media accounts but have you checked to see who can see what? Are you careful with what you post? Facebook and Google recently highlighted some of the risks of our internet presence.
  • Consider using a password manager to store your passwords. For any site or application on your phone that you log in to, consider a strong, separate password.  Especially if that site or app stores financial information (card details for online purchasing), or sensitive personal information. Where possible, consider activating two-factor authentication. 

If you are in any doubt whether a call is genuine please hang up and call us on 0345 607 6001.

If you are suspicious about an email that appears to be from us please report it to us at phishing@ii.co.uk. We will never;

  • include attachments unless you have asked us for information or updates
  • include a link in an email which takes you directly to a log in page.
  • ask you for your password in an email.

Phone Scams

People who're very good at pretending to be finance professionals for the purpose of fooling you into handing over confidential information, can also use your phone and social engineering to contact you pretending to be from your bank, HMRC, the FCA or other such organisations. This is known as vishing, or 'voice phishing'. To appear genuine, sophisticated scammers might also use technology to hide their real phone number and display it as a legitimate number (known as spoofing) to get you to answer their call.

These scams often work as they use scare tactics to get you to act quickly. The fraudsters may claim your bank account is at risk, or that you owe money that must be paid immediately. They may also say that they’re calling from your bank’s fraud team to check your account.

The call might be from a real person, or it might be an automated message. Either way, the scammers will try to get you to share important information, such as your account or login details.

If in doubt or if you wish to report a potential fraud, phone ii on 0345 607 6001.

Romance Fraud

Romance scams involve people being duped into sending money to criminals who go to great lengths to gain a victim's trust, and convince them that they are in a genuine relationship. They use language to manipulate, persuade and exploit so that requests for money do not raise alarm bells. These requests might be highly emotive, such as criminals claiming they need money for emergency medical care, or to pay for transport costs to visit the victim if they are overseas. Scammers will often build a relationship with their victims over time.

If you feel you are being manipulated in this way or have any concerns please call ii on 0345 607 6001.

More about your security with ii: 

Security Hub | Our security policy | How to stay safe

The value of your investments may go down as well as up. You may not get back all the money that you invest. If you are unsure about the suitability of an investment product or service, you should seek advice from an authorised financial advisor.