It’s not just technology that’s getting smarter. Online banking is now a part of life and has become a magnet for fraudsters. They’re always inventing new tricks to get their hands on our hard-earned money. From phishing emails to deceptive phone calls, learning how bank scams work is a key part of your defence. Join us as we explore what online banking fraud is, the common types, how to help protect yourself, and what to do if you ever suspect you’ve been targeted. Get help with Avira Prime. Our premium security and privacy solution blends multiple tools, including a VPN.
What is online banking fraud?
We’re delighted you asked. Learning how these types of attacks work can help protect your finances. These fraudsters have a clear goal: money. That’s understandable. Yet unlike many of us, they count stealing personal and financial details as “all in a day’s work” and posing as a bank manager as gainful employment.
Online banking fraud is defined as the unauthorised use of your banking information, with the aim of stealing money, other financial assets or sensitive information. Scammers try to trick you into revealing account details, PINs, or passwords and may even use spyware to steal your information or access your accounts remotely. It’s a growing problem. As we increasingly congregate online and more transactions than ever happen on apps and websites, it’s only natural that financial predators will follow the herds.
Scams nearly always start with impersonation, so a fraudster pretends to be someone else, usually someone from a large, reputable organisation. This could be a member of your bank’s online security team, calling or messaging you regarding “suspicious activity” on your account—or a customer service rep offering to fix “account errors.” They might seem helpful, but these knights in shining armour are really online thieves ready to manipulate you into revealing sensitive information.
From fake websites to devious apps, scammers deploy a range of props in their online theatre of deception. Let’s explore them in more detail. And if you’re tempted to abandon your online banking for good, and head back to a high street branch in the rain…remember that banks work hard to deploy a range of measures to help keep online banking secure.
Bank scams: The tricks and tools of the trade
Scammers are always adding to their technical arsenal. Look out for the following so you’re better prepared:
- Phishing
Phishing scams are emails that are cunningly designed to impersonate legitimate communications from your bank and other financial institutions. You’re urged to click on a link and provide personal information. Click at your peril as you’ll be redirected to a fake website designed to hoover up your details. Phishing attempts often include phrases like “Your account has been compromised” or “Please verify your account information”. They often have a sense of urgency, so you’re encouraged to act without thinking.
Pro tip: Always check the sender’s email address by hovering over it to reveal the whole address. Look closely! Phishing emails often use addresses that look real but contain slight misspellings or extra characters. A capital “I” can easily look like a 1, for example.
- Smishing
Smishing is phishing over text messages; hence the name “SMS phishing”. You might see a short, urgent message that says something along the lines of “Your account has been locked due to suspicious activity,” plus a link to verify your info. These texts can be scarily convincing and are often sent from numbers that look similar to official bank numbers.
Watch for: Texts with links, generic greetings, and messages that demand immediate action.
- Vishing
Vishing is phishing by voice call. Scammers call you, claiming to be from your bank’s fraud or security department, and say they need your account information to “verify” recent transactions. Don’t trust them even if they have some of your personal details to hand. That doesn’t make them legitimate—just prepared. They may have stolen your information in a brute force attack (a password cracking method which tries a possible combination of characters until, hey presto! The right one is found) or bought your login details on the dark web.
Remember: Legitimate callers will never ask for confidential details, such as a PIN or account number, over the phone. Hang up fast and block anyone asking for them.
- Fake websites and apps
Fake websites usually work hand in hand with phishing attempts but even a malicious ad can redirect you to a fraudulent site that’s been designed by scammers. Don’t be fooled by official-looking logos and a familiar design. Fake apps swim in online seas too, waiting to be downloaded.
How to avoid: Head only to official sources for web apps. Set bookmarks for online banking and other websites you frequently use. Never allow yourself to be redirected by clicking on a link. It’s fast and easy, but who knows where you’ll end up…
- SIM swapping
When smartphones became our number one digital companions, it was inevitable that fraudsters would share our enthusiasm. SIM swapping is a more complex scam whereby the criminal convinces your mobile carrier to transfer your phone number to a new SIM card in their possession. If you’re wondering “Why would they bother?”, spare a thought for what havoc they’ll wreak if they gain access to the two-factor authentication codes sent to your phone. Suddenly your mobile becomes a magic universal key to your banking apps and emails.
Top tip: Contact your mobile provider to set up a PIN or password for any SIM changes. This helps prevent scammers from taking control of your number.
- Card skimming
Strictly speaking, this isn’t a form of online fraud but skimming still happens at ATMs and payment machines, so it’s worth a mention. Scammers tamper with the card slot and attach a device which reads and stores card information when you insert your card. A skimmer can also be someone who handles your card, like a server in a restaurant. It takes mere seconds to make a note of the card details and credit card security code (CVV).
Help protect yourself: Look for anything unusual at ATMs and payment terminals and, if possible, use machines within banks as these are less likely to have been tampered with. Watch out for suspicious behaviour, like people loitering nearby. And never hand your card to anyone—swipe or tap it yourself.
Spot and avoid financial scams: The “code red” checklist
Being able to spot a red flag at a hundred paces makes you a more difficult target. Look for these classic warning signs so you’re ready to run (or press delete/block):
- Generic, poorly written emails and messages: Are you not referred to by name? Are the sentences littered with grammar errors? Run. Attackers that aren’t armed with your personal information resort to these general phishing tactics.
- Requests for personal details: Banks won’t ask for account numbers, PINs, and passwords out of the blue. Be very cautious if you receive an unsolicited message or call requesting this kind of info. It’s most likely social engineering (of which phishing is a prime example), whereby attackers target human weakness rather than technical vulnerabilities.
- Unusual links and attachments: Scam emails and texts often contain links to fake sites or files that install malware. If a link looks suspicious, leave it alone! Hover over it to see the full URL, and check for strange characters or unfamiliar domains.
- A sense of urgency: If you’re required to “act now!”, don’t. High-pressure tactics are designed to scare you, so you’re more likely to throw caution to the wind.
- Unexpected requests for money: A legitimate employer or employee won’t suddenly ask you to transfer money or send cryptocurrency to pay fees.
- Too-good-to-be-true offers: Can you really book an all-inclusive Caribbean cruise with an 80% discount? If it sounds unbelievable, it’s most likely a scam. Banish the rose-tinted glasses and delete the offer, or at the very least, do your research.
- Fraud alerts, and unfamiliar transactions and charges: If an attacker has accessed an online account, they may be making online purchases in your name. Closely monitor your shopping accounts and bank/credit card statements and act promptly if you receive a fraud alert from your bank (just make sure it’s genuine!).
Bank scams in action: We line up the usual suspects
Now that you know what financial scammers are after, how they operate, and what typical scams look like, see these common examples. If you’ve been reading this blog, you wouldn’t fall for any of these anymore (would you)? And if you already have, skip straight to our section “Have you been scammed?” so you can take appropriate action quickly and help minimise any damage.
- Credit card and bank account scams: “Hello! It’s your credit card issuer/bank speaking. Please call us back to discuss a problem…”. They often claim to be investing fraud and can’t wait to lay their hands on your bank account details or social security number.
- Charity scams: “We’re phoning to raise funds for a rhino orphanage in Tanzania/the victims of Hurricane David…” These scammers take advantage of our goodwill to elicit information and fake donations from us.
- Employment scams: “Thank you for your recent job application! We’re considering you for the position of (X). Please fill in the attached questionnaire and see this website for details. We may also interview you over the phone…”. Recruitment scams happen when a fraudster claims to be a recruitment agent, hiring you for a job (which can even be in a foreign country) that doesn’t exist. They may also demand fees and your bank account details so they can set up fictitious salary payments.
- Investment scams: “Good morning! We’re offering hand-picked individuals the chance to purchase…”. An attacker posing as a bank representative offers fake opportunities, such as investing in stocks, bonds, and mutual funds. If you enter your details and send money via their spoofed website, they will re-route the funds to themselves. And you won’t have bought shares in a lucrative St Lucian cocoa plantation.
- Automatic debit and get-rich-quick schemes: “Did you know that you can make money from your direct debits? All we need is some personal details to set up a direct debit refund request…”. This could be a telemarketing scam, or you’ll see an advert or be contacted on social media about making easy money by claiming back refunds on your direct debits. They’ll use your details to claim a refund but disappear with the money. You’ll still owe the money to your service provider because this was a false claim, so your direct debit payments will be reinstated.
- Cheque scams, including overpayment scams: Cheques may look like payment, but they can be bad (not enough funds in the account), counterfeit (fake), manipulated (if, for example, the amount has been tampered with), or used with a fake signature. Cheque overpayment scams target sellers on online auctions and classified ad websites. The criminal pays with a cheque for more than the value of the item and then asks the seller to pay the difference back. If the seller sends the refund and the buyer’s cheque bounces, the seller not only loses the refunded money but also never receives the original payment.
- Advance-fee scams: “Enter our million-pound draw today! Provide your details here…”. Fraudsters target victims to make advance payments for goods, services, or financial gains. The promised items, services, and prizes never materialise, and the fraudster also disappears into thin air. Common advance-fee scams are fraud recovery services, lotteries and prize draws, inheritance fraud, and career opportunity scams. ActionFraud in the UK offers a comprehensive list of advance-fee fraud, including dating scams and West African letter scams.
- Online auction scams: No list of financial fraud would be complete without PayPal scams—from fake prize winnings to overpayment, refund, and postage scams, the cunning tricks deployed here by both buyers and sellers are many and varied.
Take steps to help protect yourself from bank scams
We’ve been through the theory, but there’s no beating practical advice to help keep your financial information secure.
Get some technological ‘muscle’:
- Use strong, unique passwords: If it’s simple to guess, it’s easy to hack. Choose long, complex passwords that mix upper- and lower-case letters, plus numbers, and symbols. And never re-use a password or you’ll grant hackers access to multiple accounts if they crack one password. For added protection, use a secure passcode for mobile apps and devices. The simplest way to securely create, manage, store, and synchronise all your passwords is with a dedicated password tool. Avira Password Manager Pro (get it alone or as part of Avira Prime) does all that and even alerts you via your security status if your account details have been exposed in a data breach. It notifies you if any of your existing passwords are weak or duplicate and also checks if the websites you register on are safe.
- Set up two-factor authentication (2FA): This adds an extra layer of security to your online accounts. It requires a second code in addition to your password, and you’ll usually receive it as a text message or email. Avira Password Manager comes with a mobile authenticator, so you can securely generate codes for your online accounts.
- Use a VPN: A virtual private network helps create a secure connection to help shield your data and privacy when you go online. It can also help prevent man-in-the-middle attacks. Never be tempted to use public Wi-Fi without it as you never know who’s waiting to intercept your communications! Avira Phantom VPN Pro (available alone or included with Avira Prime) automatically helps encrypt your communications and its all-you-can-eat data is ideal for streaming content.
Even the best online security can’t stop you from putting yourself at risk! Always practise good online habits:
- Never hit “reply” or call back without checking the sender: If you receive a suspicious message or call, verify it before responding. Check directly with your bank and always contact them via an official channel, like the telephone number on their website.
- Set up account alerts: Many banks offer to alert you in the event of large withdrawals, unusual transactions, or logins from strange devices. Watch out for these so you can help stamp out any fraud fast.
- Be mindful of what you share online: By posting personal details, you’re making it easier for criminals to learn important information so they can more accurately tailor their scams. Microsoft offers a detailed overview of the dangers of oversharing.
Have you been scammed? Here’s what to do (fast)!
First and foremost, end all communication with the scammer. Then contact your bank right away—making sure you call them directly and verify their contact details independently—and share all the details you can with them. In-depth information will help them assess your claim. They can also help secure your account and investigate any suspicious transactions. To help limit further damage, change the password for your bank account and any other accounts that might be linked. If you don’t already have one, now is a great time to start using a password manager with built-in email alerts like Avira Password Manager Pro. Also consider additional security measures like multi-factor authentication and transaction limits.
It’s a good idea to let the relevant authorities know too. Many countries have agencies that monitor and track fraud and reporting a scam can help police catch scammers and prevent future incidents. In the UK, you can contact Action Fraud. When you’ve finished contacting the powers that be, your job isn’t done: Stay vigilant and keep an eye on your credit report. Scammers sometimes use your information for identity theft, so look for new accounts, loans, or other activity you didn’t initiate. Did you know that sometimes scammers try again by offering “recovery services”? Be wary of anyone who contacts you about recovering lost funds or reversing charges for a fee.
Will your bank refund you if you’ve been scammed?
There’s an exciting new law that came into effect on 7 October 2024. Now, banks and other payment service providers must refund you (in most cases) if you were tricked into making a bank transfer, also known as authorised push payment (APP) fraud. There are some conditions of course: The new rules only cover scams where you’ve sent the money by UK bank transfer. Other payment types, including card, cash and cheque aren’t covered. Your claim may be rejected if you’ve been grossly negligent. Don’t panic, even if you transferred your savings to a Caribbean princess: The bar is set rather low, so there’s room for carelessness. The body behind the new rules, the Payment Systems Regulator (PSR), has set the reimbursement limit at £85,000, and this aims to include 99.8% of all APP scam cases, so chances are high that you’ll be covered. In most cases, you can expect a refund within five working days of making a claim, but you may be charged an up to £100 fee. MoneySavingExpert offers a helpful Q&A on the new refund rules for bank scam victims.
There’s also good news beyond Britain’s chilly shores. The EU has strengthened legislation to combat payment fraud and give consumers greater protection. According to the Payment Systems Regulator “All types of APP fraud are covered by the new measures, which might include impersonation or romance scams, for example”. These protections started on 7 October 2024, applying to payments made on or after this date.
Today’s digital lives need premium protection
Comprehensive approaches to online security are multi-layered and peace of mind is priceless: That’s why Avira Prime blends premium privacy, protection, and performance into a single, convenient subscription. Antivirus Pro is designed to detect malware in real-time, and if you’re redirected to an infected website, the Secure Browsing tool leaps in to help block it. The integrated Password Manager Pro generates and remembers complex passwords—and you can use the VPN to help secure and anonymise browsing.
Avira Prime is cross-platform and multi-device. Find your Avira Prime for PC, Mac, Android, and iOS. These protections start on 7 October 2024, applying to payments made on or after this date.
Recovering from an online attack on our data and finances can be stressful and even emotionally harmful. Sadly, they’re a modern reality and scammers will always refine their attacks. Your best defences are reputable online security and relentless awareness: Stay vigilant, trust your instincts, and always reach out to your bank directly if you’re unsure.