Fraud is big business and unfortunately an ever-increasing number of people are being tricked into parting with their money through a variety of sophisticated scams.
Our Security Centre provides guidance on the type of scams a fraudster may use and how you can help protect yourself from becoming a victim of fraud.
-
Select category
-
(Common scams)
-
Courier card scam
-
Phishing
-
Vishing
-
Overpayment fraud
-
Plastic card fraud
-
Malware
-
Online shopping
-
Cryptocurrency
-
(Protecting yourself from fraud)
-
Card Fraud
-
Cheque Fraud
-
Identity theft
-
Investment fraud
-
Security Disclosure Policy
-
Online and social media fraud
-
Telephone fraud
-
Useful links
Courier
card scam
This scam involves fraudsters tricking clients into handing over their bank card(s) and PIN(s) by pretending to be either a bank or law enforcement official.
Often this type of scam will start with an unexpected phone call from an individual who claims to be from the bank’s fraud department or the Police. The caller will advise that they have identified fraudulent transactions on your account and that your card has been compromised.
To gain your trust, the caller will prompt you to verify the call by phoning the telephone number printed on the back of your card or providing you with an unverified telephone number.
However, fraudsters often use techniques to hold your phone line open, so that when you try to dial out they can intercept and re-answer the call.
The fraudster will advise that your bank card(s) must be collected in order to protect your card/account and assist with any investigation. They will normally ask you to put your card into an envelope and then ask you to either key your PIN via the phone keypad or to write it down and insert it into the envelope with the card.
The fraudster will then arrange for a courier or someone dressed as a law enforcement officer, to come to your home and collect the card and provide you with a fake reference number. Once the fraudster obtains your card(s) and PIN(s), they can gain access to your account and carry out fraudulent transactions.
Please note that from time to time, the bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine.
However, we will NEVER ask to collect your card as part of a fraud investigation or ask you to disclose your PIN, card details or any online banking credentials.
Phishing
Phishing is where a fraudsters sends an email which looks like it's from a trusted source so they can trick the recipient into providing valuable personal details, such as usernames and passwords which can have a monetary value.
Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices (this is known as malware - malicious software). Very often these appear to be authentic communications from legitimate organisations. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.
Once your personal details have been accessed, criminals can then record this information and use it to commit fraud such as identity theft.
SPEAR-PHISHING
This technique is used by criminals to use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
Reporting suspicious emails
If you have received a fraudulent or suspicious email please forward it to phishing@adambank.com
However, if you have already responded a suspicious e-mail, and/or you believe that your accounts may have been accessed online by someone else, please contact our dedicated fraud team immediately on 020 7770 0015.
Vishing
Vishing is when criminals attempt to obtain sensitive and personal information, such as user names, passwords and card reader codes over the telephone.
Fraudsters use many techniques to obtain password and security credentials. Often a fraudster will call the victim and pretend to be the bank or a police official and ask for bank account details, card details, three-digit security numbers, PINs, online banking passcodes or telephone banking security passwords.
- Never give out any online passcodes/PINs or card details to anyone who phones you. If we phone you, we will never ask for this information.
- If you receive a call about your bank account or a transaction and have any doubts about the person’s true identity, hang up and call us on a known telephone number.
0131 225 8484 - General enquiries
0131 278 3777 - Adam 24
Overpayment
Fraud
This type of fraud predominantly targets businesses but individuals may still be targeted, especially those who buy and sell items online. Overpayment fraud is when a fraudster pays for goods or services by a fraudulent cheque. The cheque is made for a higher amount than the actual value.
The business reimburses the fraudster with the excess amount of money that was apparently paid to it in error, before the cheque gets returned unpaid.
Not only does the business not get paid for the goods or services, but also loses further money because of the ‘excess payment’ it paid the fraudster.
Cheque overpayment fraud is often used in employment opportunity scams or transactions for goods and services sold through classified adverts.
Plastic card
Fraud
Plastic card fraud
- Plastic card fraud involves the compromise of any personal information from credit, debit or store cards.
- The personal information stolen from a card, or the theft of a card itself, can be used to commit fraud.
- Fraudsters might use the information to purchase goods in your name or obtain unauthorised funds from an account.
- Plastic card fraud can also include ‘card not present’ fraud, such as the use of a card online, over the phone or by mail order, and counterfeit card fraud.
Malware
Malware is malicious software that consists of programming, for example code or scripts, designed to disrupt the performance of desktop computers, laptops, handheld devices etc.
Malware can also collect information or data from infected devices and pass them on to another device. Malware is often referred to as viruses, worms, trojan horses, spyware, dishonest adware, scareware, and crimeware.
Remote access can be a concern and can be obtained via rootkits. Most rootkits are used safely and securely to provide support to users, but some can be used for fraudulent purposes. Be certain that when you allow someone to remotely access your computer they are from a trusted source, for example, your internet service provider.
What malware can do:
- Spyware can track users, alert them to display advertising. When the user clicks on the link they can be taken to a website which is likely to install a virus or other malicious programming.
- Keyloggers can track users’ input on their keyboards. This is usually in an effort to commit bank fraud or to access personal login details.
- Scareware imitates valid software, e.g. antivirus packages to convince users that an upgrade is needed. This upgrade will have a fee attached to it and will not exist.
- Ransomware copies personal files or photos. A demand is then issued for money in return for the images or files. The consequence will be the online release of the images and files to third parties with the intention to embarrass the victim.
Mobile malware
Malicious software can also infect your smartphone. There are a number of ways this can be done:
- Fake/Malicious Apps
One method to distribute malware is under the guise of a fake application that masquerades as a genuine or useful program.
- Quick Response (QR) codes
QR codes are a type of barcode that store data such as text or a URL. They can direct a user to a website or launch an application (including email and SMS services). The codes are interpreted using the device’s camera and a scanning application. The major risk associated with a QR code is that it is not possible to know what it contains, or links to, before it is scanned. They could be used to redirect you to a malicious website or prompt you to download a malicious app.
To protect yourself:
- Install the latest updates and security patches
- Enable device PINs/passwords to restrict access to a lost or stolen device
- Install an anti-malware application and software to assist recovery of your device or remotely wipe its data
Online
Shopping
Shopping and auction fraud involves fraudulent shopping scams that rely on the anonymity of the internet.
As the popularity of internet shopping and online auction sites grow, so do the number of complaints about online transactions. Some of the most common complaints involve:
- Buyers receiving goods late, or not at all.
- Sellers not receiving payment.
- Buyers receiving goods that are either less valuable than those advertised or significantly different from the original description.
- Failure to disclose relevant information about a product or the terms of sale.
cRYPTOCURRENCY
What is cryptocurrency?
Cryptocurrency is a digital asset that can be traded online and may be used to buy products and services from people or companies who accept this form of payment.
Cryptocurrency isn’t protected by the UK’s Financial Services Compensation Scheme (FSCS) and most exchanges aren’t regulated by the Financial Conduct Authority (FCA). However, it’s attracting more attention as a potentially lucrative investment opportunity due to the fluctuations in value seen over the past few years.
Cryptocurrency is often bought via currency exchange platforms. These are websites where you can buy, sell, or exchange cryptocurrencies for other digital currency or traditional currency like US dollars or Euros. For anyone wanting to trade professionally, you’ll probably need to use an exchange that requires you to verify your ID and open an account or a ‘wallet’ and ideally select one approved by the FCA.
Cryptocurrency scams
Scammers are capitalising on the growing attention cryptocurrency is attracting by offering fake investments that don’t really exist or aren’t worth the money. They may do this by:
- advertising investment opportunities on social media – sometimes using fake endorsements and images of celebrities or public figures. The adverts link to professional-looking websites to trick you into investing using cryptocurrencies or traditional currencies.
- manipulating software to distort prices and investment returns and may even scam people into buying non-existent crypto-assets. The firms operating these scams are usually based outside the UK but will claim to have a UK presence.
How to protect yourself
Before investing in cryptocurrency, we recommend that you:
- follow advice from the Financial Conduct Authority (FCA) regarding cryptocurrency providers, which can be found at fca.org.uk/consumers/cryptoassets
- consider the warnings from the FCA that investors in cryptocurrencies should be prepared to lose all their money and are unlikely to have access to the Financial Ombudsman Service or Financial Services Compensation Scheme if things go wrong
- make sure you understand everything, and you only invest money you can afford to lose
- always have sole control of your cryptocurrency ‘wallet’ and give nobody else access - if you didn’t set the wallet up yourself or you can’t access the money it’s likely to be a scam.
If you have any concerns that you’re being scammed, please contact Adam 24 on 0131 278 3777 as soon as possible.
Card
Fraud
How to protect yourself against card fraud
- Always shield your PIN when using a cash machine or while making purchases.
- Try to use cash machines inside bank branches where possible.
- If your card is taken by a cash machine call Adam 24 straight away on 0131 278 3777. Your card may have been taken by a cash machine due to a fault but occasionally fraudsters will attach card trapping devices to cash machines. Once you leave the machine the fraudster will remove the card from the slot. Adam 24 will cancel your card straight away, order your new card and endeavour to ensure that you have access to cash if needed.
- When purchasing online only use secure websites – those with an address beginning with ‘https://’ where the padlock symbol is displayed and be careful if products are being offered at a huge discount.
- If you are experiencing any issue with your card call Adam 24 on 0131 278 3777. It may be that your card has been damaged or there is another reason why your card is not working as expected.
Cheque
Fraud
- Don’t accept cheques from anyone unless you know and trust them, especially if the cheque is of a high value.
- Consider alternative means of accepting payment for high-value items – electronic payments are ideal and be especially wary if a buyer is unwilling to pay or split the relatively small cost involved in sending electronic payments.
- Before releasing any goods ensure you are fully aware of the cheque clearing timescales and if you are in any doubt about whether a cheque has cleared then call Adam 24 on 0131 278 3777.
- Keep your cheque book in a safe place and report any missing cheques immediately.
- If posting cheques consider asking the beneficiary to confirm receipt or send by secure post.
Counterfeit cheques
Counterfeit cheques are manufactured or printed on non-bank paper to look exactly like genuine cheques. Usually the bank details quoted are correct. Fraudsters may send the cheque to you, or directly to the bank requesting that it be credited to your account without you ever seeing the physical cheque.
A common method used by fraudsters is known as ‘overpayment’. This is when you are paid for more than the agreed value using a fraudulent cheque. The fraudster will likely provide an excuse for the additional amount and request that the difference is sent back to them before the cheque has cleared, leaving you potentially out of pocket. This type of scam has targeted business and individuals, especially those who buy and sell items online.
Identify
Theft
- Never write down or divulge your security identification answers or passwords to anyone.
- If in doubt hang up and call us back on an independently sourced number or a known Adam & Company telephone number
0131 225 8484 - Switchboard
0131 278 3777 - Adam 24 - ideally from a different phone.
- If you provide us with new contact details, our security team will contact you to validate them.
- If you provide us with a payment instruction you may receive a security call back.
- Always securely store your banking, financial and valuable personal documents, such as your passport.
- Shred all financial documents before you throw them away, ideally with a cross cut shredder.
- Be wary of sharing personal information, such as your date of birth, on social networking sites.
- A variety of ‘harmless’ communications in different formats can be used together to steal your identity or commit fraud.
If you are concerned about someone using your identity, here are some useful links.
Checking your credit file
Fraud Prevention Service
Investment
Fraud
- Goods offered can include shares, fine wine, gemstones, art, antiques and other rare high value items.
- In reality, the investment opportunity is a scam and what is offered is often over priced, very high risk and difficult to sell on, or non-existent.
- Sometimes the investment can appear to be reassuringly expensive, and still a scam.
- Even traditional safe investments such as property can pose a risk – plots of agricultural land sold for development can in reality have virtually no development potential.
How to protect yourself against investment fraud
- Always seek reputable independent or legal advice before you commit to any investment.
- Before you hand over any money, ensure the firm you use is on the FCA register, and is therefore allowed to give financial advice.
- The FCA also maintains a regularly updated list of unauthorised businesses detailing those believed to be involved in fraudulent activities.
- If you need independent advice or are unsure what to do in the case of suspected fraud, call the FCA’s consumer helpline on 0845 606 1234
- You can also contact your Private Banker or Adam 24 on 0131 278 3777 if you have any concerns.
Security Disclosure
Policy
Our dedicated team of security professionals work vigilantly to help keep client information secure, and we recognise the important role that security researchers and our client also play.
Security Disclosure Submission Terms
We run an amnesty for security researchers who, in good faith, identify vulnerabilities our online systems.
A Security Disclosure is something you want to tell us about which impacts the confidentiality, integrity, or availability of bank or client data or systems.
If you have identified a potential vulnerability you can email us after reading the Security Disclosure Submission Terms, which contain all the information you need to be aware of before making a submission.
If you discover or submit a vulnerability you should:
- Not break any laws.
- Make the Security Disclosure voluntarily
- Be aged 16 or over, unless you have a Parent or Guardian’s permission.
Staff or their family members should follow the published internal process.
Email us at: security.disclosures@adambank.com
Important information
Disclosure Scope
We want to hear from you if you discover a site, application or system with a vulnerability on:
- adambank.com
- *.adambank.com
Including this IP range:
- 193.8.48.0 - 193.8.53.255
Do's and Dont's
Do:
- Act in a responsible way
- Provide complete details so we have maximum opportunity to resolve any issues
- Assume penetration testing experts will be reviewing your submission
- Report common vulnerabilities but don’t explain the problem and the impact, just point out where it lies.
- Report esoteric or very new issues and fully explain the problem.
- Cite references or sources
Don’t:
- Put any Client or Adam & Company data at risk, degrade any of our system’s performance, or conduct any type of Denial of Service attack
- If our security operations centre identify your actions this will be treated as an attack and not a Security Disclosure submission. We may take action against any attacks, including reporting them to the police.
What to include in your submission
We want to get as much information from you so we can validate and fix any potential vulnerability quickly. Please try to provide as much information as possible, including:
- A description of the vulnerability including the exploitability and impact if not a common attack type
- Steps required to exploit the vulnerability including: URL(s)/application(s) affected Prior conditions required (for example, logged in, not logged in, previous actions ) and how to demonstrate the problem
- IPs used when the vulnerability was discovered
- If post authentication, the user ID used when the vulnerability was discovered
- A Proof of Concept
- Names of any files uploaded to our systems
If you do not include everything in this list, this could delay or prevent us from validating and fixing the vulnerability. Responses to Low/Informational issues will be de-prioritised. Save all your logs as we will ask you to make them available to us.
Submissions we won't respond to
We won’t respond to or analyse submissions covering:
- Vulnerabilities dependent upon social engineering techniques (e.g. shoulder attack, stealing devices, phishing, fraud, stolen credentials)
- Denial of service (DOS)
- Self-XSS (User defined payload)
- Vulnerabilities which require a jailbroken mobile device
- Most vulnerabilities within identified test, UAT, lab, bankofapis or staging environments
- Outdated web browsers: vulnerabilities contingent upon outdated or unpatched browsers, including Internet Explorer versions prior to version 8
- Vulnerabilities involving active content such as web browser add-ons
- Disclosure of public information or information that does not present risk to us or our clients (for example, web server type disclosure)
- Vulnerabilities contingent on a client system previously being compromised
Recognition and thanks
We may highlight anyone who has made a submission which has significantly helped us keep our clients safe and secure. We will always ask for your consent before doing this.
Confidentiality
Information relating to our technology and information security arrangements is confidential. Any information you receive or collect about us or any Adam & Company user as part of your research prior to making a Security Disclosure submission as detailed in this Policy and these Terms must therefore be kept confidential and only used in connection with the Security Disclosure. You may not use, disclose or distribute any such information without our prior written consent. Any such information should be deleted once your submission has been received.
* We may change this Security Disclosure Policy and the Security Disclosure Policy Terms from time to time. We may also cancel them and our Security Disclosure programme at any time. We’ll let you know on this page if we do this.
Online and
Social Media Fraud
To protect yourself from online fraud:
- Never provide your personal details, including your card details, online username or passcodes in response to an email or telephone call.
- Install anti-virus and anti-phishing software on your computer and ensure they are kept up to date.
- Ensure your operating system is kept up to date.
- When purchasing online only use secure websites – those with an address beginning with https:// where the padlock symbol is displayed.
- Be cautious if you receive an email you are not expecting. Not all phishing e-mails are sent to large groups of random people. Spear-phishing is a term used when fraudsters target a specific individual with an email and attachment that the target is more likely to open as it will typically contain something of interest. For example, an email purporting to be from your gym with changing opening times, or a parcel that could not be delivered to you.
For mobile devices:
- Install the latest software updates and security patches
- Enable device PINs/passwords to restrict access to a lost or stolen device
- Install an anti-malware application and software to assist recovery of your device or remotely wipe its data.
Social Media
To protect yourself when using social media:
- Be wary of sharing personal information, such as your date of birth, on social networking sites.
- Children can be easy targets as they can unwittingly reveal personal information, such as birthdays, schools, holidays and pet names to ‘friends’.
- Media and press interviews combined with information available through social media can be used to quickly build up a picture of an individual.
- Don’t let your audience know if you’re going away on business or holiday.
- Be aware of what friends post about you and your family’s activities.
- Be aware that sites such as Instagram, Pinterest and YouTube can carry the same risks as Facebook and Twitter.
- Understand your security settings and who you're sharing your information with.
A variety of ‘harmless’ communications in different formats can be used together to steal your identity or commit fraud.
If you are concerned about someone using your identity, here are some useful links.
Checking your credit file
Fraud Prevention Service
Telephone
Fraud
Fraudsters use many techniques to obtain password and security credentials. Often a fraudster will call the victim and pretend to be the bank or a police official and ask for bank account details, card details, three-digit security numbers, PINs, online banking passcodes or telephone banking security passwords.
- Don’t assume anyone who has called you or left you a voicemail message is who they say they are.
- Never give out any online passcodes/PINs or card details to anyone who phones you. If we phone you, we will never ask for this information.
- Remember that caller display cannot always be trusted and callers may not be who they say they are. If in doubt, hang up and call us back on a number you recognise (such as Adam 24 on 0131 278 3777) from a different phone.
- If you receive a call about your bank account or a transaction and have any doubts about the person’s true identity, hang up and call us on a known Adam & Company telephone number.
0131 225 8484 - Switchboard
0131 278 3777 - Adam 24
Useful
Links
Fraud websites
- Action Fraud
The UK's national fraud and internet crime reporting centre. They provide a central point of contact for information about fraud and financially motivated internet crime. Report fraud through them and receive a police crime reference number. - Get Safe Online
UK government security service to help protect computers, mobile phones and other devices from malicious attack. - Bank Safe Online
Advice from a UK banking industry group about phishing, money mules and Trojans.
Credit check agencies
- Equifax
Obtain a copy of you credit report to understand, manage and control your credit score. - Experian
Obtain a copy of you credit report to understand, manage and control your credit score.
Other
- CIFAS
Provides comprehensive UK databases of confirmed fraud data, as well as a range of fraud prevention services, using the latest technology to protect organisations from the effects of fraud. - Citizens Advice
Offers free, impartial and independent advice about fraud or another topic. - Financial Services Register
A public record of all the firms, individuals and other bodies that the Financial Conduct Authority regulate. - Financial Conduct Authority (FCA)
The FCA regulate the financial services industry in the UK. - UK Finance - It's Your Money
UK Finance shows how financial services firms can help if you are a victim of financial abuse.
REPORTING SUSPICIOUS ACTIVITY
Call us straight away on 020 7770 0015 if you’ve been targeted by a fraudster or to report anything suspicious.
If you receive a suspicious email, please forward it to phishing@adambank.com.
If you receive a suspicious text, please forward it to 88355.
If you’ve responded or clicked any links, please call us immediately.

Scammers trick people in lots of ways
Think twice before giving out details
Always hang up if you think a caller is fake
Your PIN and logins should never be shared
Always check your statements
Listen to your instincts
Email addresses and phone numbers can be faked
Read all warnings before making payments online
Think twice before clicking on links
Protect your payments from scams
Scams can have a devastating impact on victims and it is important you understand the risks of making payments to scammers.
Please read our advice before proceeding with any payments
I have been asked to transfer money unexpectedly | Who has asked you to transfer money? Fraudsters may contact you pretending to be from the Bank, the Police or other organisations you trust and ask you to transfer money to another account. Remember: A bank or genuine organisation will never contact you out of the blue asking you to move your money to keep it safe. If this sounds familiar, do not make the payment and end contact with the individual immediately. |
I am making an investment | Before you make the payment, consider whether this opportunity is genuine. |
I am paying for a service or making a purchase | Always double check the bank details of the person you are paying by contacting them on a number you can trust. Fraudsters can intercept emails and invoices and change payment details. If you send money to a different account than the one you intended it can be very difficult for us to recover it and you may lose your money. When buying goods or services from someone you do not know consider using your debit card or credit card, or a payment method which offers additional protection against scams, like PayPal or Google Pay. Only pay for goods and services via bank transfer if you know the person you are paying or are satisfied the business is genuine. |
I am sending money to someone I have never met | Always ask yourself how well you truly know the person and how reliable they are. Dating and romance scams can have a serious financial and emotional effect on victims. The scammer will build a relationship with you before asking you to transfer money due to a personal emergency or to cover travel expenses. Remember, never send money to someone you have not met in person. |
Are you amending payment details?
|
Fraudsters may contact you and ask you to change details of a saved payee. Only change the details if you know the person or business and they have proof that their bank details have recently changed. A simple phone call to the person on a number you trust could protect you from losing your money. |
Further information and support | Never be pressured into transferring money. If you are unsure, we suggest you take a day or two to think about what's being asked and talk it through with someone you can really trust. If you think you're the victim of a scam, contact us immediately. If you want more information use the menu above to review further advice about how to stay safe online. |
Stay safe
online
Online fraud is becoming increasingly sophisticated, with malware and phishing allowing cyber criminals to access computers, account numbers and other personal information. Antivirus software is vital for your security, but criminals are constantly seeking new and smarter ways to steal your identity and take money from your bank account.
- Installing Antivirus – helps to stop threats by scanning your device and looking for suspicious files. Install reputable anti-virus software on all of your devices (eg computers, tablets and phones) and update it regularly
- Installing a Firewall – hides your computer from attackers and helps stop criminals getting data in and out of your computer
- Be wary about personal information you or your family post on social media and ensure you check all privacy settings.
- Create passwords using three random words and use numbers and special characters so it’s easy to remember but hard to guess.
- Have a unique password for every website you use.
- Back up your data regularly using an external device or cloud storage service.
- Secure your devices with a screen lock.
News and
Insights
-
The private bank of Mum and Dad
15 Jun 2018 -
Could an offset mortgage be right for you?
04 May 2018 -
How to protect yourself from fraud
23 Mar 2018