LOOKING AFTER YOU AND YOUR MONEY
Security is an essential part of the business we run and the service we deliver at Transact.
First of all we keep your account secure so that only you, your adviser and designated third parties (such as a discretionary investment manager) are authorised to have access. Then we ensure that we hold your investments securely and in accordance with your instructions – guarding your
privacy and access.
With that in mind, we wanted to share with you some of the steps we take, and also what you can do to keep your data and your investments secure.
How to keep your investments secure
One of our key objectives is to minimise the risks involved in operating in today’s digital world, therefore our business processes are designed with security in mind. To that end:
How you can protect yourself from being a victim of scam emails
Here are some general rules.
Scams | |
---|---|
Pension scams - pension scammers continuously design new and more sophisticated ways to gain access to pension savings. | |
Investment scams - fraudsters can be effective in persuading victims to transfer money to them to invest in unusual/high risk investments or to simply steal it outright. | |
Romance fraud - this involves people being duped into sending money to criminals who go to great lengths to gain their trust and convince them that they are in a genuine relationship. | |
Social engineering and safe account scams - fraudsters have a variety of methods to convince people in releasing personal information such as date of birth, address, bank account details, one-time passwords. |
Video guides
Below is a suite of videos giving you an introduction plus information covering common scams, some top tips and the security Transact Online provides. These videos introduce you to George Quigley. George is a certified security and data privacy professional with extensive experience gained across consulting, advisory and audit roles. He is also the director at Foulkon Ltd, specialists in cyber security, and provides some very useful insights to help you feel safe and secure online.
- Online Security – Introduction for Clients
- Online Security – Common scams
- Online Security – Common scams
- Online Security – Transact Online
What you can do to improve security
Follow the simple steps below to make your personal data and investments more secure. Visit: ncsc.gov.uk/cyberaware/home for more guidance on improving your personal cyber security.
Scams to be aware of
We have seen an increase in the number of fraudulent attempts that originate from clients’ personal email accounts and computers being compromised. Over the last year we have identified that there has been an increase in the following types of fraud:
- A client’s email is compromised – the fraudster impersonates the client by contacting the client’s adviser about withdrawals and attempts to divert the money to their own bank account.
- An adviser’s email is compromised – the fraudster impersonates the adviser by sending the client their own bank account details but presenting them as the Transact bank account details.
Since Omicron, a new variant of the COVID-19 virus, became prevalent there have been cybercriminals creating Omicron-themed phishing scams.
In one phishing email, cybercriminals impersonate the United Kingdom’s National Health Service (NHS). The email appears to be an offer for a new COVID-19 Omicron PCR test. If you click the link within the email, you’re sent to an NHS look-alike website where you are asked to provide your personal details and payment information. Any information you enter on this fake webpage is delivered straight to the cybercriminals.
Follow these tips to avoid similar phishing attacks:
- Although the scam is to impersonate the NHS, you may also see hackers from other countries using a similar scam. Watch out for suspicious emails from both local and global health organisations.
- Never click on a link within an email that you weren’t expecting, even if the email appears to come from an organization you recognise.
- Stay informed about the Omicron variant by following local news and other trusted sources.
We have seen an increase in the number of fraudulent attempts that have originated from unknown numbers sending SMS messages purporting to be from a financial institution such as HSBC. The messages aim to make their target alarmed and take action to stop the proposed scenario. One such example is a message declaring a new payee has been setup on your account and if this was not you, please click the following link. The link would then either request your bank account details or scalp information off your device.
If you do have any concerns then please contact the financial institutions using trusted details, e.g. a phone number which you have located on their genuine website. Please remember a financial institution will never ask you for sensitive information via SMS or email.
- Refer to Transact Online (TOL) in the first instance where possible. If you cannot find what you are looking for then speak to your adviser or contact us
- Ensure you keep your portfolio information up to date in the event you move address or change any personal data such as your contact details
- Proceed with caution when receiving payment information such as Transact’s bank details via email. Consider the following:
Are the details the same as per TOL and Transact forms?
Have you previously paid into this account and are the details the same?
Have you spoken with your adviser?
- Ensure the back account name matches before sending any payments. The majority of UK banks now match the payee name against the bank account you’ve entered. If you receive any warning prior to proceeding you should re-check the bank details entered. Do not send money unless you are certain the bank details relate to the genuine person or business
- Ensure your passwords are secure and complex. Passwords should not be easily guessable. Never share your password or account detail
- Add two-step verification on your TOL and email accounts
- Ask yourself “Is this activity uncharacteristic, written badly or simply odd?” When checking communications from your adviser;
check email trails. Fraudsters tend to use old emails and change the subject in order to obtain information;
- Always check the email address. Fraudsters will often set up fake accounts with very similar email addresses;
- Only open email attachments that you are expecting and never click on links that look suspicious – if you hover your cursor over the link you will see the URL of the website it will take you to so you can check if the details are correct;
- Do not send personal or sensitive information in the body of emails;
- Keep your anti-virus software up to date.
Scammers targetting retirement pots
According to a FCA press release, across the industry a total of £2,241,774 has been reportedly lost to pension scammers since the start of 2021 (January 2021 – May 2021). The average loss this year was £50,949, according to complaints filed with Action Fraud. More than double last year’s average (£23,689). The FCA press release states that some victims of pensions scams are reluctant to report that they have been scammed or do not realise they have been scammed until years later, so the total amount lost may be much higher.
We share only a small level of detail of the security measures we have in place. That way, you can be confident that your investments are safe, and fraudsters can’t use what we share to their advantage. However, if you would like to know more or have any specific questions, please do call and we will address your queries.
If at any time you suspect the security of your account has been compromised, then please contact us immediately. We will act swiftly to lockdown your account, minimise the impact where we can, and prevent further harm.