As a bank, we serve a variety of customers, ranging from family-run groups, to those supporting local communities. Whilst large organisations typically employ experts to manage their affairs, we understand that smaller organisations may not always be able to afford this kind of permanent infrastructure. They may operate from home, fitting it in after work or child care, relying on the support of family or friends.
If you’re a trustee of a small or medium-sized socially conscious organisation, or you’re thinking of becoming one, then this guide is for you.
We play an active part in protecting the interests of our customers. We must be vigilant; ensuring those who bank with us are financially sound, and striving to deter the ever-increasing range of threats, from simple cash thefts to sophisticated global cybercrimes. These are responsibilities that, as a trustee, you share too.
As a trustee, having a clear view of all of the activities of your organisation is important. This includes its finances. To do this you should consider raising concerns and asking difficult questions about income, outgoings, payments and accounts. We bring you this fraud guide to help you understand the current fraud landscape and offer advice on how you can make your organisation safe and successful. This guide is not intended as a substitute to seeking advice, but it highlights key topics for you to consider. This helps you to safeguard the integrity of your work and serve the wider interests of your community.
Unity wants to ensure you are aware of the different ways criminals operate to access your money
Social engineering exploits behaviours that come naturally to us, where the criminal will manipulate a person’s trust by, and extract secure information from them:
A scammer will make contact, typically by phone (this is known as vishing), text, or email (phishing), purporting to be someone of a position of trust (such as bank staff, or even the police) to obtain personal information.Your bank will never request things such as:
- Your 4-digit PIN
- Credit or debit cards, chequebooks or cash
- Internet Banking passwords
- Transfer of funds to another account for “safekeeping”
Approaches to be aware of
Be cautious of unsolicited phone calls, especially if you are asked to provide personal information.
It’s possible the criminal has your basic personal information, such as name, address and account details. If you are suspicious or feel vulnerable, refuse requests for information and end the call. Fraudsters use a method called “call spoofing” which enables them to deliberately falsify the telephone number relayed on your caller ID to show as a genuine bank number. You can call Unity on 0345 140 1000 to check if the call was genuine. Use a different device. Criminals can remain on line without your knowledge to trick you into thinking you have called your bank whilst you are actually still connected.
Unity will never ask for your PIN number or password.
You may receive unsolicited emails which appear to be from Unity, containing links encouraging you to disclose confidential, personal or financial information. The emails appear legitimate, and often warn that your account may be shut down unless you act. These emails are designed to obtain your personal information for access to your account.
Do not reply to or click on the links if you are unsure if they are genuine. Again, you can call Unity on 0345 140 1000 to check if the email was genuine.
What a phishing email looks like:
- Contains a warning of a sudden change in an account which requires you to verify that you still use the service.
- Uses poor spelling and grammar.
- Requests confidential or secure information (such as your internet banking log in, passwords, account numbers or PIN numbers).
- Includes instructions to reply, complete a form or document attached to the email or click through to a website in order to verify your account. Don’t open attachments or click on links if you suspect they may not be genuine.
If you receive an email purporting to be from Unity Trust Bank that you find suspicious, forward it to email@example.com, block the sender, delete it and empty your deleted items.
For further information visit http://www.antiphishing.org
Smishing (SMS Phishing)
Fraudsters can send text messages mimicking the bank to convince you to release personal and financial information (by calling a number or clicking a link). Like call spoofing, ‘text spoofing’ can be used to deliberately to falsify the telephone number to appear as ‘Unity Trust Bank’ to seem genuine.
Unity does not currently offer a text service to customers. If you receive a text from Unity Trust Bank, this will be bogus. Do not reply, block the number and delete the message.
Some fraudsters may claim to be from Unity and will attempt to arrange for a courier to collect your card. They may also ask you to write down and share your PIN. To add credibility, the fraudster may advise you to cut the card in half.
Unity will never ask for your card and/or PIN to be returned via courier. You should never divulge your PIN to anyone, even someone claiming to work for Unity.
Unity staff will only ever ask for partial information; for example, they will not ask for your mother’s full maiden name.
To ensure that we can get in touch if any suspicious activity seems to be taking place on your account, please provide Unity with your current contact details including a mobile number.
If you feel you have been a victim of any of the above fraud attempts, call the Unity Trust Bank customer service team on 0345 140 1000 and they will assist you in changing your security information.
By working together, we can help reduce fraudulent activity by making it difficult to undertake and by identifying it at the earliest opportunity.
The Fraud Awareness information will help you to put in place the internal controls to detect, assess and prevent the risk of your organisation being affected by fraud.
Click here to view advice from the Cheque and Credit Clearing Company for business users of cheques.
Fraud Notice – How we react at Unity
- Details will be passed to fraud prevention agencies if false or inaccurate information is provided and/or fraud is identified
- Law enforcement agencies may access and use this information
- We, and other organisations, may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities
- Managing credit and credit related accounts or facilities
- Recovering debt
- Checking details on proposals and claims for all types of insurance
- Checking details of job applicants and employees
Please email firstname.lastname@example.org if you want to receive details of the relevant fraud prevention agencies
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
Tips to stay safe online
Technology is unavoidable today; it’s central to our everyday lives and essential to the smooth running of businesses and organisations of all sizes. It is also a tool used by criminals to acquire your personal information to gain access to your funds. It’s critical that you keep up-to-date on how fraudsters are operating and how to best protect yourself from being a victim of their attacks.
There are steps you can take to protect your business:
- Install anti-virus and spyware software and ensure you are using the most up-to-date version; we recommend Trusteer
- Install personal firewall software
- Forward any suspicious emails or SMS to email@example.com
Further help and advice about online fraud such as phishing and malware, how to spot fraud, and how you can protect yourself from online banking fraud is available from the Get Safe Online website.