Close

Updated Cookies Policy - you'll see this message only once.

Barclays uses cookies on this website. They help us to know a little bit about you and how you use our website, which improves the browsing experience and marketing - both for you and for others. They are stored locally on your computer or mobile device. To accept cookies continue browsing as normal. Or go to the cookie policy for more information and preferences. If you clear your browser history to disable or delete all cookies, your cookie preferences will automatically be reset to accept all cookies. Please go to the cookies policy to make any changes.

Phishing

What is it?

Phishing is an email-based fraud, and is a form of social engineering. Fraudsters attempt to manipulate the victim in an attempt to divulge passwords or sensitive information that will allow them to steal money.

How does it happen?

Phishing involves a fraudster, posing as a legitimate source, sending emails that aim to trick people into divulging sensitive information or transferring money into other accounts. The emails typically contain a link to a fake website, which will request that you enter financial information, passwords or other sensitive information.

Alternatively, emails may contain an attachment in the form of a document, form or notification. Equally, the email may be designed to contain and deliver malware via an attachment or a link. If the link is clicked or the attachment opened, the criminal will be able to gain access to your system.

Be more like Derek – an office legend

Derek has become an office legend simply by spotting scams and, in turn, saving his company big money. Want to know how he does it?

How you can help to prevent phishing – a checklist

  • Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name (e.g. “Dear Sir/Madam”).

  • Never enter any personal or security information on a site accessed through a link in an email.

  • Never click on links or open attachments from senders you are unsure of.

  • On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.

  • Do not assume a sender is genuine because they know information about you / your company or the email address looks familiar – fraudsters are skilled in collecting enough information and can spoof email addresses to make them appear to be from a genuine contact, including someone from your own organisation.

  • Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC.

  • If you receive a suspicious email purporting to be from Barclays, forward it to internetsecurity@barclays.co.uk then delete it straight away

  • Make all staff aware of this type of fraud, particularly those that make payments.

A case study:

Employees of a client received an email appearing to be from their employer asking them to log into their 'secure portal' in order to find out what their annual bonus figure would be.

The email contained a link leading to a fake portal which looked like the genuine one, which duped employees into thinking they were logging on securely. Fraudsters were able to capture the log in credentials of each employee who entered them on the fake portal.

Following this, the fraudsters were able to use these details to log in to the genuine secure portal, and change the employee's bank details, so that earnings were paid into the fraudster's account and transferred away.

What to do if you suspect you’ve received a suspicious email

If you believe you may have fallen victim to a phishing scam, contact us immediately. Our team will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds.

Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at www.actionfraud.police.uk (opens in a new window).

If you receive a suspicious email that appears to be from Barclays, please forward it to internetsecurity@barclays.co.uk and then delete it from your email account immediately.

If you have any queries, please speak to your Relationship Director.

If you fall victim to fraud on your Barclays payment channels, call the Online Fraud Helpdesk immediately on:

0330 156 0155*

Fraudulent attacks, even if unsuccessful, should be reported to Action Fraud by calling 0300 123 2040.

Further resources:

www.actionfraud.police.uk
www.barclayscorporate.com/fraudawareness
www.consilium.europa.eu
www.getsafeonline.org
www.gov.uk/government/policies/cyber-security
The Little Books of Big Scams – Business Edition
(Metropolitan Police)

    Contact Us

    If you have any questions or concerns about fraud contact us:

    0330 156 0155 / 0800 056 4890*