Online and Email fraud

Phishing

Phishing is a common type of fraud where a fraudster tries to trick people into revealing their online security passwords. The passwords will then be used to gain access to online accounts and commit theft.

The attacks are simple

A fraudster sends out a fake email that has been designed to look like a legitimate one from a financial organisation. The email directs or encourages people to visit an internet site to revalidate or reactivate access to their online accounts.

The internet site is fake. It has been designed to look like the target organisation's real internet site so may look very realistic. The website will contain a form for people to enter their passwords and other personal information. Once some passwords have been collected, they will be used to try to commit fraud.

What to do

If you receive a Phishing email, DO NOT REPLY and DO NOT FOLLOW any of the instructions in it, even if the tone of the email suggests that action is required urgently.

• We will NEVER ask for the whole of your password (except when you want to change it), only three characters from it.
• We will NEVER send you an email with a link that directs you straight to any kind of logon page.
• Always check the URL (address) of the web page you are viewing. All Yorkshire Building Society pages start with one of the following:
  
  • http://www.ybs.co.uk
  • http://www.yorkshirebuildingsociety.co.uk
  • https://online.ybs.co.uk
  • http://email.ybs.co.uk
  • http://surveys.ybs.co.uk
  • http://www.ybs.jobs
• Always check the security of the site before you logon by looking for the padlock.

If you receive a suspicious email, please forward it to us at phishing@emis.ybs.co.uk. We won't be able to respond to each message individually, but each message we receive will be looked into and we will take steps to close down any fake websites we identify.

What you should do to protect yourself

• Never reveal your password to anyone or write it down.
• Do not use a password that could be easily guessed by someone else.
• Change your password immediately if you suspect someone else could know it.
• Log off from the YBS website when you have completed your transaction.
• Keep your PC updated with current anti-virus software, the latest browser versions and relevant security patches/updates.
• Use a firewall to protect your PC from hacking attacks.
• Do not send us any confidential account information via email.
• Make sure we have your correct email address and check your inbox regularly for new messages.
• Beware of 'phishing' emails. If you mistakenly respond to a phishing email, tell us about it straight away.

We recommend that you regularly visit the www.banksafeonline.org.uk website to keep up to date with tips to identify and protect yourself from the latest scams.