Keeping yourself safe

Passwords

Create a password that's memorable to you, but hard to crack. Never share this or write it down.

• It should be eight characters long
• It should contain numbers
• Don’t use a password that can be easily guessed, like 'Savings1'
• Never write down or share your password with anybody else
• If you think someone knows your password, change it immediately
• Use a different password for each different site you use. If you're worried about forgetting your passwords, try a reputable password manager application.

Always remember to log off once you have finished your transaction or task.

Identity fraud

Criminals can only steal your identity if they have enough information about you. You can prevent them from opening new accounts in your name, taking loans and credit cards, or even taking control of your existing accounts by keeping your personal information safe.

• Avoid throwing bank statements or bills away in the bin. Criminals might go through them. Dispose of them securely instead, by shredding them, for example.
• Don’t post personal details online, especially on social media, like addresses, children's names, pets' names and check-in locations.
• Review your social media privacy settings regularly and update passwords on phones and personal computers.
  Don't share too much personal information on a public setting and don't accept friend requests on social media from people you don't know.

Emails, calls and texts

Scams can look and sound as if they're from a person or organisation you trust, like a bank, credit card company or shopping website. You might be contacted by email (known as phishing), phone call (vishing) or SMS text messaging (smishing).

• Phishing emails will try and trick you into visiting a fake website, so they can steal your login or other personal details. Beware of 'phishing' emails. If you mistakenly respond to a phishing email, tell us about it straight away
• Fraudsters might try and trick you into giving them personal information over the phone (vishing), after carrying out research on you that makes them sound more convincing
• Smishing text messages may say there’s been fraudulent activity on your account and ask you to call a number or visit a fake website.

We've included more details on phishing, vishing and smishing on our Contacted out of the blue scams page.

Please always ensure the email address and phone number you have registered with us are accurate and up to date. If you’re unsure about any email, text message or phone call that appears to be from Skipton Building Society, call us on 0345 850 0469.

Spotting fake websites

Spotting a fake, fraudulent or scam website can be difficult especially as fraudsters are really good at creating convincing websites. Here are a few things you can do to check if a website is legitimate.

• Double check the domain name – fraudulent websites often use domain names which are similar to well-known brand or product names e.g. skipt0n.org, in the hope you will skim read the web address and not notice, but these are often not the official websites. Also be cautious of domains that end in .net or .org as these are rarely used for online shopping websites.
• Browse the website – take some time to double check the website by looking at the homepage or About Us page and look out for poor English like grammar and spelling mistakes and phrases that don’t sound right. Check to see if the website has contact information – if there isn’t a way to contact them or they don’t list a place of business as well as an email address or phone number, this could be a sign the website is fraudulent and you should treat it as highly suspicious.
• Read some online reviews – look at review across several different sources such as Trustpilot, Feefo, etc. If reviews are oddly similar; very factual with no personal opinions; the reviewers are all very new; or there isn’t a lot of reviews this is a good sign that the website is suspicious and should be avoided.
• What is the payment method? – if you’re asked to pay for something online via bank transfer alarm bells should start ringing. If you buy something fake or non-existent with a credit or debit card you could have some rights to get your money back but with a bank transfer there is not a lot you can do to get it back.
• Check the returns policy – a real company should tell you how and where to return a faulty item. If there is no shipping and returns policy, terms and conditions or privacy policy (which tells you what they do with any data you share) listed on the website it’s highly likely this is a scam website.
• Is the offer just too good to be true? – if you see very low prices with ridiculous discounts, you should be suspicious. Scammers use low prices to lure in shoppers to sell fake or non-existent items. If prices seem to too good to be true, they probably are.
• Look for a padlock - Transport Layer Security (TLS) is technology that encrypts links between connections to keep them secure - like the connection created when you login to our online savings accounts. You can tell when TLS is being used on a site because a padlock icon will appear in your browser bar. The padlock tells you the connection to the website's server is secure but doesn't guarantee that the website is authentic. Checking for a padlock should always be combined with the other checks we've recommended.

Protecting your devices

Some software is designed to infect your computer, allowing criminals to steal your personal information, spy on you through your webcam or eavesdrop using your microphone. These are commonly known as Malware, Trojans, adware or spyware.

There’s also ransomware, which might hold your computer and data hostage and demand money to release it. It can enable unwanted pop-up adverts and can even use your computer to attack other computers connected to the internet.

• Install anti-malware software to protect all your devices and keep it fully updated
• Update your web browser with the latest security updates so it can prevent pop-ups, warn you about the latest fake and infected websites, and make it harder to infect your computer
• Update other software when prompted. Microsoft, Apple and Android regularly issue updated security patches for their applications
• Mobile phones are a gateway to our online accounts. Some apps don’t ask you to log in each time you use them. Set up a PIN, pattern or fingerprint recognition to gain access to your phone, and adjust the settings so your phone automatically locks after a short time
• Be mindful of software you download and links you click
• Always check the sender is genuine before opening any attachments – malware can easily be made to look like legitimate programmes
• Visit Get Safe Online and Take Five for more advice.

Check it's really us

By email – Skipton Building Society won't ever ask for, or send, personal account information by email. However, we will send you a notification email if we've left a secure message on your online account with us. You can view the secure message once you've logged into Skipton Online.

On the phone – if you've agreed to be contacted by phone, we might call you to let you know about our services or upcoming changes to your accounts. If you've registered for telephone account access, we'll ask you to provide some details to verify your identity. If you want to carry out a transaction, we'll also ask for letters from your telephone password, but we’ll never ask you for the full password.

If you're concerned about a call from someone claiming to be from Skipton Building Society, please end the call and ring us on 0345 850 0469. We'll be able to tell you if the caller was genuine.