Stay safe online
As an investment business, we are constantly finding fraudulent schemes on social media and email from people pretending to represent Standard Life Aberdeen (or other businesses in our group). We have robust processes and measures in place to manage activities like this and do everything we can to protect our customers, shareholders and clients.
If you get a social or email message and you're unsure if it is from us, you can send it to our mailbox and we'll look into it for you. If you have any concerns about your Standard Life Aberdeen plc shares, you can contact our share registrar, Link, by sending an email to firstname.lastname@example.org or by calling 0345 113 0045 or +44 203 367 8224. Calls may be recorded and/or monitored to protect both you and us and help with our training. Call charges will vary.
Identity fraud and security
Identity theft and online fraud is big business for criminals.
Protect yourself against identity fraud
When you're online you leave a trail of little clues about yourself, like your name, your date of birth and where you live. Think about the details you give when you open a bank account, apply for a loan, a credit card, or a job. If you use social media like Twitter and Facebook, then your profile and comments can reveal things like your children's birthdays, pet's names - bits of information that on the surface seem perfectly ok.
For criminals, though, this can represent money in the bank. By gathering up all the pieces of information about you, they can apply for credit cards and loans in your name. And in some cases, they use the identity they've stolen for more serious crimes.
Having your identity stolen is frightening, upsetting and hugely disruptive to your life. The UK Government's Home Office estimates it takes 300 hours to restore your financial and credit records after identity theft. If it were a full-time job, 8 hours a day, 5 days a week, it would take over a month to fix.
Keeping your identity protected online is easy and straightforward if you know what to look out for.
What are the warning signs of identity fraud?
- You get less mail or it stops altogether
- You start getting bills for things you didn't order
- Transactions on your bank statements that you don't recognise
- You can't find your driving license or passport
- You get refused credit. (Credit ratings agencies can provide you with details of your credit rating and alert you to any significant changes)
The sooner you notice things like these happening, the easier it should be to fix and get your identity back.
How to protect yourself
What documents and personal details do you need to keep safe?
- Driving licence
- Birth/marriage/death certificates
- National Insurance/Social Security numbers
- Bank/credit card statements and correspondence
Think about all the times you've thrown out unopened mail, bills and invoices. Fraudsters will happily search through your trash for any personal or financial information. Over a period of weeks, their goal is to build up enough information about you to steal your identity.
- Shred anything that shows your personal information - preferably using a cross-cut shredder - or tear it into tiny pieces.
- Go paper-free - lots of companies offer this as an alternative to mail.
- Don't leave signed receipts behind.
- Lock important documents away where intruders won't find them.
- Never carry important documents around unless you need to.
- Never write down passwords or PINs (memorise them or use one of the password storage tools available online).
- Review every bank and credit card statement to check for entries you don't recognise.
- Redirect your post if you move house.
The best things you can do to stay safe online are to be proactive and vigilant when you're online in public places.
But there are risks and even serious dangers in sharing your personal information on social networks.
Protect your computer
Keep your computer secure by changing your passwords and PINs (and keeping them a secret), and installing the latest updates for your system, applications and internet security software.
Choose strong passwords and PINs and keep them to yourself
- A strong password should be easy for you to remember and impossible for anyone else to work out. We recommend they are at least 14 characters long and use letters, numbers and symbols. Try something called a ‘passphrase’ – a short memorable sentence (e.g. 1lovePineapplePizza!)
- Don't use family or pets' names, birthdays, place names or football teams, as these can be easy for others to guess.
- If you need to record your PINs or passwords somewhere, disguise them so only you can recognise them. We highly recommend using Password Management software.
- Never use the same password (or passphrase) for different accounts
- Don't reveal passwords and PINs to anyone.
Antivirus software is included in most recent operating systems (like Windows 10 or Apple OS) that run on your computer and this should be enough to keep you protected against the majority of threats. You should make sure AntiVirus is enabled and that automated updates are switched on too.
However, if you are using a computer with an older operating system (such as Windows 8 or earlier or Apple macOS 'High Sierra' or earlier ) you should install additional AntiVirus software.
Always install the latest software updates
- For Windows PC’s: Start -> Settings -> Update and Security -> Check for updates
- For Macs: Apple menu -> System Preferences -> Software Update
- For Tablets & Mobiles: Each are slightly different, but find your device Settings then look for Updates
- Don’t forget to update apps on these devices as well
Switch on automated updates for your operating system, web browsers and applications.
Making sure your computer has the latest updates and patches is one of the most important ways to protect yourself and your data. If you’re not sure if your device is up-to-date, please perform the following steps to install the latest patches and updates:
Protect yourself online
- For best practice, never use links in emails and type the address in yourself.
- Check the site address is correctly shown in the address bar before you provide any confidential or financial details.
- Check for the locked padlock icon and the 'https://' part of the web address before making any financial transactions (if they're not there, don't enter your personal or payment card details).
- Never leave your computer or other device unattended when you are not alone.
- Look out for people trying to look at what you're doing, nicknamed 'shoulder surfers'.
- Make sure you fully log out and close the internet browser when you have finished each session.
Using the internet in public places
- Avoid doing any financial transactions - like paying for goods or online banking - in a public place, using a public wireless network or computer.
- Always be aware of the people around you and if they seem to be taking an interest in what you are doing.
- Remember to log out properly when you have finished, even if you are closing your browser or switching off your device.
While email is useful, it can also have risks. These include receiving emails that result in you being defrauded or your identity stolen, emails you don't want, emails not arriving or emails being intercepted.
About email security
If something's too good to be true, it probably is. Not everything you read in an email is true or trustworthy.
Fraudsters have all sorts of scams to trick you into giving out your personal information. 'Phishing' emails generally trick you to be from organisations you already know such as your bank or payment card company, insurance company, a government department or a company you deal with online.
The offers, emails and websites will all look 'real'. But the pages that you enter your personal information into are fake. Fraudsters will then use your data for criminal activity against you, much of which may be used in turn to fund large-scale organised crime.
You can learn to spot common things that give scam emails away, such as:
- The use of 'Dear Customer' or 'Dear Friend' instead of using your actual name.
- Spelling mistakes.
- Poor word spacing.
- Use of symbols like apostrophes and semi-colons that look out of place.
- Using HTML (web page code) to insert remarks that break up key words.
- Using an image of text rather than text itself. You can tell by trying to highlight the words.
- Containing very little text at all in the actual email, just a hyperlink to a website.
Genuine companies, financial services providers and government bodies make a big effort to keep their emails accurate and professional looking. Any of the mistakes above are clues that the email is from a nuisance or fraudulent source.
How to protect yourself
- Never reply to emails asking you for personal or financial information about yourself. Genuine banks and financial companies will not ask you for personal or financial information this way.
- Never reply to emails that you weren't expecting, or if you don't know the sender.
- Never open attachments you weren't expecting.
- Don't click on links within emails - they could take you to fraudulent websites - type the address into your browser instead.
- Even emails that appear to be from friends, family and colleagues may in reality be fraudulent, sent by a virus on their device.
- If you are sending an email to several people, type their names in the 'BCC' field instead of the 'CC' field (in case it gets intercepted and reveals everyone's names and email addresses).
- Before forwarding an email, remember to delete all details - like the original sender or the previous email trail - if you don't want them to be seen.
You may also receive emails that are more of a nuisance than a safety threat. They could include emails inviting you to enter a competition, buy something online, sign up for a newsletter or have your details published. If you don't want them, use the spam email blocking tools on your email system.
Social media security
There are now thousands of social networking sites on the internet. The best known include Facebook, Twitter and LinkedIn. They are a great way to stay in touch with friends and relatives and can connect people right across the world. But there are risks and even serious dangers in sharing your personal information on social networks.
You may not have direct control over who can see your profile or posts, even if you have been careful with security settings. They could be seen by friends of your friends that you don't know, and their friends, and so on.
Information you put on social networking sites can help fraudsters guess your passwords and answers to secret questions like your mother's maiden name, pet's name or your first school. They could also find out when you are away on holiday (leaving your home empty), or where your family members are at a given time.
Another major risk in social networking sites is clicking on links which seem genuine or enticing, but can lead to bogus pages or other websites designed to defraud you or compromise your identity.
Online shopping is very convenient and provides you with a vast choice of products, services and retailers. But it also has dangers.
Risks of online shopping
Most legitimate online businesses' payment and account detail systems are very secure. But some fraudsters use the same scams as they do in online banking, faking business websites to get your personal and financial details from you. Sometimes, fake names are used that sound close to a legitimate business name too.
How to shop online safely
- Look for things like a genuine postal address, phone number or post/ZIP code. VAT, tax or Registered Charity details can be verified online too.
- Try to obtain recommendations from people you know and trust, or at least independent online reviews of the online retailer.
- Before doing any financial transactions online, check for the locked padlock in the browser window and that the web address starts with "https://", which indicates it's secure - if these are not there, do not enter any details.
- Check the returns and delivery policies for any clauses that might make it difficult to return goods. You now have stronger rights under the European Union Consumer Directive 2014.
- If you are buying goods from abroad, remember that some countries don't have as strict selling laws as in the UK, EU and USA
- If possible, use a credit rather than a debit card. Credit cards have better protection if something goes wrong and the credit card issuer may be able to chase the problem on your behalf.
Smartphones and tablets have freed us to go online anywhere there is a 3G or 4G signal, Wi-Fi router or public hotspot. For many people, these mobile devices are rapidly taking over from computers for email, social networking, gaming, shopping and banking. This makes them a prime target for criminals, so it's essential to take mobile security precautions.
How to protect yourself
- Always protect your mobile device with a PIN that only you know. Biometrics, such as fingerprint or retina scan are good methods for securing mobile devices.
- Keep you device updated – switch on automated updates.
- Download apps and games only from official app stores and websites.
- Use internet security software designed for mobile devices, and ensure it is always updated.
- Never open, reply to emails, texts or instant messages if you don't know who they are from, and never open links or attachments unless you are absolutely certain who they are from.
- Switch off sharing technology like Bluetooth, unless you need it.
- Protect your mobile device when out and about. Keep it in a safe place.
- Some mobile device manufacturers offer free 'find my device' services if your device is stolen or lost.
- Always be aware of anyone looking over your shoulder ('shoulder surfers') when using your mobile device.
- Ensure your Wi-Fi at home or office is secured, and that any public Wi-Fi hotspots you may be using are secure.
Common online scams
Fraudsters are ingenious and new scams - or variations on existing scams - happen every day. In many cases they act as hi-tech con men, preying on your emotions or needs and gaining your trust.
Things to remember
- Be absolutely certain that the person you are dealing with is genuine. If it appears rude to question them, this is better than becoming a victim of online fraud.
- Ask yourself if the situation you are in seems genuine.
- Never assume that you can always spot a scam - fraudsters are very creative, persistent people.
- If something seems too good to be true, it probably is.
Common types of online fraud
Telephone banking fraud
You receive a call from someone claiming to be from your bank or card provider telling you there is a problem with one of your accounts and you need to transfer your money to another account they have set up for you. Alternatively, you could get a caller claiming to be from the local police saying they have arrested a criminal who has cloned credit cards with your name on them. You call back with your personal details, but the fraudster has kept the line open and you are actually giving them your details.
Advance fee (or 419) scam
Fake advertising, phoney application forms, forged share certificates and letters claiming that you have overpaid, or are entitled to an inheritance or lottery winnings. The giveaway is these scams always ask for some kind of upfront fee. And then you'll never hear from them again.
Social networking accounts
Fraudsters attempt to contact your social media contacts by hacking into accounts, pretending to be ill or in danger and pleading for money. The risk of this can be reduced by choosing a password that's hard to guess, a separate email address just for social networks and being wary of posts that seem out of character.
Many fraudsters use dating and social networking websites and chatrooms to pose as single people looking for love. They take you into their confidence then play on your emotions by claiming to be ill or in trouble and needing your money to help them out. You should also consider very carefully before meeting someone in person who you have met online. They may have created a false profile, and not be who they seem.
Auction sites (e.g. eBay)
A common scam is to be emailed if you have successfully bid for an item and told that your payment has been declined. You are asked for your bank details to be re-supplied using a fake link. Such emails usually use legitimate businesses' logos, but the content and links are fake.
- Never reply to an email asking for payment, or click on the links.
- Contact the company separately, through their website or over the phone and tell them about your email.
Trading websites (e.g. vehicles, tickets, property lets, buying/selling)
Goods or services advertised are exactly what you're looking for, and may be at a better price or availability than you can find elsewhere. You are told that the seller cannot accept a credit card and that you need to transfer payment directly into their bank account. The goods or services don't exist, and you can't claim the money back from your bank.
With all the attention that we’re placing on coronavirus, this unfortunately provides the perfect opportunity for criminals and scammers to take advantage and to use emails, phone calls, fake websites and product advertising to phish for personal information or deliver malicious attachments. Here are some real-world examples:
- Email scammers impersonating health agencies (such as the World Health Organisation) to trick people into giving up personal information or to open malicious attachments.
- Emails offering monetary compensation or financial help to those who suffered from the COVID-19 outbreak
- Fake meeting invitations, in particular for cloud collaboration tools
- Emails offering links to COVID-19 cures
- Fraudulent requests to donate to charities
- Websites posing to be remote access login portals
- Websites with COVID-19 propagation maps which contain malware or links to malicious websites
Malicious mobile applications
- Applications which claim to be COVID information trackers but are designed to lock victims screens until a ransom is paid
- Fake COVID-19 Finder apps that steal payment data from users
Contacted by Standard Life Aberdeen?
We will only ever send you emails with a link to a Standard Life Aberdeen group company login page if you have registered or opted in to receive emails from us. If you receive an email claiming to be from Standard Life Aberdeen group company and you are in any doubt, please forward it to email@example.com and we will investigate it for you.
Spoofing and phishing
'Spoofing' and 'phishing' are two words used to describe scams to get your personal banking details. 'Spoof' emails are supposed to look exactly like a real company's email, but they are sent to millions of email addresses at random. This is called 'phishing'. The fraudster's hope is that some people will be fooled into giving their banking or personal details, or use their debit/credit card to pay a fake 'fee'.
'Spoof' emails usually include links to fake websites. Fraudsters try and make these fake websites look exactly the same as the real thing.
A common giveaway though is these sites usually ask for your account, card or security details with little or no explanation as to why. As a general rule, if you don't know why you're being asked for these details, don't give them.
Legitimate businesses always have a telephone number or an office you can contact if you are not sure.
Different countries have different ways of regulating financial services firms, so it's worth checking before making any kind of payment.
Have you received any unsolicited emails which look suspicious?
If so, please forward the email to firstname.lastname@example.org.
Promised a fortune?
Have you been promised a fortune, or a large loan?
Fraudsters will use our company name as a way of getting people to pay a fee, on the promise of a large sum of money or guaranteed loan. These are called 419 scams. They're named after a section of the Nigerian Penal Code where these scams began.
419 scams are designed to look convincing. Some go to the trouble of producing fake advertising, phoney application forms and forged share certificates. Fraudsters will go to these lengths to fool people into sending them money or handing over their bank details.
Sadly, there is little that Standard Life Aberdeen can do to stop 419 scams happening. But by being aware of the types of scam that have happened, you can keep yourself safe online.
Here are some earlier examples of scams where criminals have fraudulently used Standard Life related company names, logos and branding in the past:
- An individual from Brazil got in touch with us after fraudsters had contacted them. The fraudsters used an email address from an international auction site and faked a story about an unclaimed fortune worth over US$30million. All the individual had to do was send their personal details and the fraudster would arrange for the money to be picked up in person at Standard Life Bank in Edinburgh.
- An American responded to an online advert in a trusted website from 'Standard Life Loan House plc'. The fake advert promised a loan to buy property, and the victim just needed to pass their bank details and send an 'admin fee' by money transfer. After doing this, and completing a forged application form, they realised they had been scammed.
- Another person responded to a different online advert, only this time the 'prize' was a large number of shares. The fraudsters even sent a forged share certificate. The victim paid an 'admin fee' and spent their life savings travelling to a Standard Life office in Edinburgh from their home in Europe. When they arrived, they expected to be met by a Chairman and receive a cheque for a fortune. Sadly, all we could do was explain that they were a scam victim and to get in touch with their local Consulate.
If you think you have been defrauded, or that someone is trying to defraud you, contact the police. There are other actions you can take, depending on what country you live in.
If you live in the UK
The services in this list can help if you have, or think you have, been a victim of fraud:
- www.cifas.org.uk - If you have been the victim of fraud, then contact CIFAS to register and protect your identity from further attack.
- Use Equifax / Experian / Call Credit to check your credit history
- Register with a Fraud Prevention Agency that also offers a Protective Registration Service. Call 0870 010 2091.
- www.royalmail.com - If you think your post is being stolen, contact the Royal Mail on their Customer Enquiry number, 08457 740 740.
If you live outside the UK
Please check what services are available in your area, either from your government or consumer advice bodies. You can also search online for topics like "fraud prevention" or "report fraud".
Report suspicious emails to Standard Life Aberdeen
If you have received any emails supposedly from Standard Life Aberdeen group companies but are suspicious, please forward the message to email@example.com.