Scammers will go to great lengths to con you out of your money – but there are ways you can protect yourself. Which? banking and scams expert Chiara Cavaglieri has shared five things she would never do, to help lower your risk of being caught out.
She said: “I’ve spent more than a decade researching threats and battling to get bank fraud victims their money back, yet I’ve never felt unsafe using online or mobile banking. Staying alert to phishing attempts, keeping software updated and making use of your bank and mobile phone’s security features will stop most bank scammers in their tracks.”
It is important to never use the same PIN or password twice, even if you have two-factor authentication, which is a security measure that requires you to provide two forms of identification to verify your identity when logging into an account.
Chiara said: “Even with 2fa, don’t be tempted to use the same Pin or password twice, as this is still your first line of defence. If an attacker has got hold of your login details for one online account, perhaps following a data breach, or stolen through a phishing message, they will use automated software to test these login details across countless other accounts.”
You can minimise your risk by choosing strong, unique passwords. Which? recommends combining three random words to create a new password. It suggests using a password manager such as Bitwarden or Dashlane so you don’t need to remember each different password.
WHATSAPP GROUP: Get money news and top deals straight to your phone by joining our Money WhatsApp group here. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.
NEWSLETTER: Or sign up to the Mirror’s Money newsletter here for all the best advice and shopping deals straight to your inbox.
If your PC, tablet or mobile phone is no longer receiving security updates, Which? says don’t use it for banking. This is because unsupported devices are more likely to fall victim to malware and other cyber attacks because criminals will try to abuse their weaknesses.
Chiara said: “Windows 10 is ending security support in October 2025, for example, which means it won’t get security updates or fixes after this date. Your PC won’t become riddled with viruses overnight (so don’t panic), but it may become more vulnerable over time.”
Which? says you should always use an official app store – for example, the Apple App Store or Google Play – as they vet apps and remove rogue developers. However, you should still always read the reviews even on official app pages.
Chiara said: “Malicious apps still slip through in official stores (many reportedly pose as QR code readers and PDF apps), so it’s sensible to read any negative reviews carefully and check the app’s permissions. One red flag is requesting access to your contacts without a clear reason why this is necessary.”
It is common for IT professionals to use remote access tools to help fix computer issues – but be aware that scammers also use these too to get access to your devices and personal information. They may pretend to be from your bank, broadband provider or even a retailer such as Amazon.
Chiara said: “If a cold caller wants you to share your screen or give them access to your device, this should be an immediate red flag. Never share bank security codes (those used to log in to online accounts and authorise payments) either. Your real bank will never ask to share these over the phone or in a message.”
Always be wary of who is calling you – scammers can use number spoofing technology to mimic official numbers and make it look like a bank or another company is calling you. Spoofed texts can even appear in the same message thread as genuine ones, making it impossible to distinguish between the two.
Chiara said: “A common tactic is to refer to unauthorised transactions, or another security breach, to create panic. The same scammers may try both tactics, for example, I’ve previously warned about fake delivery texts being followed up by bank impersonation scams over the phone.
“This can be extremely effective, as they only need to refer to the initial bogus text to establish trust. Call your network immediately if you receive an unexpected message about your Sim being ported or a PAC request, or you unexpectedly lose phone service.”
At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the “Do Not Sell or Share my Data” button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.