Security

Stay safe online

As an investment business, we expect to find fraudulent schemes on social media and email from people pretending to represent Standard Life Aberdeen (or other businesses in our group). We have robust processes and measures in place to manage activities like this and do everything we can to protect our customers and clients.

If you get a social or email message and you're unsure if it is from us, you can send it to our mailbox and we'll look into it for you. If you have any concerns you can email us or call on 0345 113 0045 or +44 203 367 8224.

Calls may be recorded and/or monitored to protect both you and us and help with our training. Call charges will vary.

Identity fraud and security

Identity theft and online fraud is big business for criminals.

About identity fraud
 

Protect yourself against identity fraud

When you're online you leave a trail of little clues about yourself, like your name, your date of birth and where you live. Think about the details you give when you open a bank account, apply for a loan, a credit card, or a job. If you use social media like Twitter and Facebook, then your profile and comments can reveal things like your children's birthdays, pet's names - bits of information that on the surface seem perfectly ok.

For criminals, though, this can represent money in the bank. By gathering up all the pieces of information about you, they can apply for credit cards and loans in your name. And in some cases, they use the identity they've stolen for more serious crimes.

Having your identity stolen is frightening, upsetting and hugely disruptive to your life. The UK Government's Home Office estimates it takes 300 hours to restore your financial and credit records after identity theft. If it were a full-time job, 8 hours a day, 5 days a week, it would take over a month to fix.
Keeping your identity protected online is easy and straightforward if you know what to look out for.

What are the warning signs of identity fraud?

  • You get less mail or it stops altogether
  • You start getting bills for things you didn't order
  • Transactions on your bank statements that you don't recognise
  • You can't find your driving license or passport
  • You get refused credit. (Credit ratings agencies can provide you with details of your credit rating and alert you to any significant changes)

The sooner you notice things like these happening, the easier it should be to fix and get your identity back.

How to protect yourself


What documents and personal details do you need to keep safe?

  • Passport
  • Driving licence
  • Birth/marriage/death certificates
  • National Insurance/Social Security numbers
  • Bank/credit card statements and correspondence

Paperwork


Think about all the times you've thrown out unopened mail, bills and invoices. Fraudsters will happily search through your rubbish for any personal or financial information. Over a period of weeks, their goal is to build up enough information about you to steal your identity.

Staying safe

  • Shred anything that shows your personal information - preferably using a cross-cut shredder - or tear it into tiny pieces.
  • Go paper-free - lots of companies offer this as an alternative to mail.
  • Don't leave signed receipts behind.
  • Lock important documents away where intruders won't find them.
  • Never carry important documents around unless you need to.
  • Never write down passwords or PINs (memorise them or use one of the password storage tools available online).
  • Review every bank and credit card statement to check for entries you don't recognise.
  • Redirect your post if you move house.

Online security

The best things you can do to stay safe online are to be proactive and vigilant when you're online in public places. But there are risks and even serious dangers in sharing your personal information on social networks.


Protect your computer

Keep your computer secure by changing your passwords and PINs (and keeping them a secret), and installing the latest updates for your system, applications and internet security software.

Keep your computer secure

  • Use up-to-date internet security software and a personal firewall. Internet security software addresses the threats to your computer from viruses and other malware. As new malware appears, internet security vendors update their solutions to combat them.
  • A common form of malware is known as spyware - hidden programmes that contain malicious code that can record details of your online activity, search through your files and even physically spy on you via your webcam.
  • A relatively new form of malware is called ransomware, which encrypts all of your files and effectively locks your computer down until you pay a ransom demanded by cyber criminals.
  • Make sure you are able to detect and remove any of these programs using one of the many internet security products available, some of which are free of charge.
  • A firewall can protect your computer from unauthorised access when using the internet.

Choose strong passwords and PINs and keep them to yourself

  • Don't reveal passwords and PINs to anyone.
  • If you need to record your PINs or passwords somewhere, disguise them so only you can recognise them.
  • A strong password should be easy for you to remember and impossible for anyone else to work out. They should be at least eight characters long, using upper and lower case letters, numbers and symbols.
  • Don't use family or pets' names, birthdays, place names or football teams, as these can be easy for others to guess.
  • Don't use dictionary or real words, even with extra characters at the start and end, as attackers will often use dictionary software to guess passwords.
  • Don't misspell common words, like replacing I with 1 or E with 3 (e.g. H1dd3n). Attackers will try these too.

Always install the latest software updates

  • Software companies issue updates (known as patches) to address security problems discovered in operating systems (such as Microsoft Windows, Mac OS or Linux), internet browsers (such as Internet Explorer, Safari, Firefox, Opera or Chrome) and application programs.
  • Keep your computer up to date, either by the software suppliers' websites or using update features installed within your applications.
  • Keep your internet browser up to date too.

Protect yourself online

  • For best practice, never use links in emails and type the address in yourself.
  • Check the site address is correctly shown in the address bar before you provide any confidential or financial details.
  • Check for the locked padlock icon and the 'https://' part of the web address before making any financial transactions (if they're not there, don't enter your personal or payment card details).
  • Never leave your computer or other device unattended when you are not alone.
  • Look out for people trying to look at what you're doing, nicknamed 'shoulder surfers'.
  • Make sure you fully log out and close the internet browser when you have finished each session. *Keep your internet browser up to date too.

Using the internet in public places

  • Avoid doing any financial transactions - like paying for goods or online banking - in a public place, using a public wireless network or computer.
  • Always be aware of the people around you and if they seem to be taking an interest in what you are doing.
  • Remember to log out properly when you have finished, even if you are closing your browser or switching off your device.

Email security

While email is useful, it can also have risks. These include receiving emails that result in you being defrauded or your identity stolen, emails you don't want, emails not arriving or emails being intercepted.

Warning signs
 

What are the warning signs of identity fraud?

  • You get less mail or it stops altogether
  • You start getting bills for things you didn't order
  • Transactions on your bank statements that you don't recognise
  • You can't find your driving licence or passport
  • You get refused credit. (Credit ratings agencies can provide you with details of your credit rating and alert you to any significant changes)

The sooner you notice things like these happening, the easier it should be to fix and get your identity back.

How to protect yourself
 

What documents and personal details do you need to keep safe?

  • Passport
  • Driving licence
  • Birth/marriage/death certificates
  • National Insurance/Social Security numbers
  • Bank/credit card statements and correspondence

Paperwork

Think about all the times you've thrown out unopened mail, bills and invoices. Fraudsters will happily search through your rubbish for any personal or financial information. Over a period of weeks, their goal is to build up enough information about you to steal your identity.

Staying safe

  • Shred anything that shows your personal information - preferably using a cross-cut shredder - or tear it into tiny pieces.
  • Go paper-free - lots of companies offer this as an alternative to mail.
  • Don't leave signed receipts behind.
  • Lock important documents away where intruders won't find them.
  • Never carry important documents around unless you need to.
  • Never write down passwords or PINs (memorise them or use one of the password storage tools available online).
  • Review every bank and credit card statement to check for entries you don't recognise.
  • Redirect your post if you move house.

Online Security

The best things you can do to stay safe online are to be proactive and vigilant when you're online in public places.

But there are risks and even serious dangers in sharing your personal information on social networks.

Protect your computer

Keep your computer secure by changing your passwords and PINs (and keeping them a secret), and installing the latest updates for your system, applications and internet security software.

Keep your computer secure
 

  • Use up-to-date internet security software and a personal firewall. Internet security software addresses the threats to your computer from viruses and other malware. As new malware appears, internet security vendors update their solutions to combat them.
  • A common form of malware is known as spyware - hidden programmes that contain malicious code that can record details of your online activity, search through your files and even physically spy on you via your webcam.
  • A relatively new form of malware is called ransomware, which encrypts all of your files and effectively locks your computer down until you pay a ransom demanded by cyber criminals.
  • Make sure you are able to detect and remove any of these programs using one of the many internet security products available, some of which are free of charge.
  • A firewall can protect your computer from unauthorised access when using the internet.

 Choose strong passwords and PINs and keep them to yourself
 

  • Don't reveal passwords and PINs to anyone.
  • If you need to record your PINs or passwords somewhere, disguise them so only you can recognise them.
  • A strong password should be easy for you to remember and impossible for anyone else to work out. They should be at least eight characters long, using upper and lower case letters, numbers and symbols.
  • Don't use family or pets' names, birthdays, place names or football teams, as these can be easy for others to guess.
  • Don't use dictionary or real words, even with extra characters at the start and end, as attackers will often use dictionary software to guess passwords.
  • Don't misspell common words, like replacing I with 1 or E with 3 (e.g. H1dd3n). Attackers will try these too.

Always install the latest software updates
 

  • Software companies issue updates (known as patches) to address security problems discovered in operating systems (such as Microsoft Windows, Mac OS or Linux), internet browsers (such as Internet Explorer, Safari, Firefox, Opera or Chrome) and application programs.
  • Keep your computer up to date, either by the software suppliers' websites or using update features installed within your applications.
  • Keep your internet browser up to date too.

Protect yourself online
 

  • For best practice, never use links in emails and type the address in yourself.
  • Check the site address is correctly shown in the address bar before you provide any confidential or financial details.
  • Check for the locked padlock icon and the 'https://' part of the web address before making any financial transactions (if they're not there, don't enter your personal or payment card details).
  • Never leave your computer or other device unattended when you are not alone.
  • Look out for people trying to look at what you're doing, nicknamed 'shoulder surfers'.
  • Make sure you fully log out and close the internet browser when you have finished each session.

Using the internet in public places
 

  • Avoid doing any financial transactions - like paying for goods or online banking - in a public place, using a public wireless network or computer.
  • Always be aware of the people around you and if they seem to be taking an interest in what you are doing.
  • Remember to log out properly when you have finished, even if you are closing your browser or switching off your device.

Email security

While email is useful, it can also have risks. These include receiving emails that result in you being defrauded or your identity stolen, emails you don't want, emails not arriving or emails being intercepted.

About email security
 

If something's too good to be true, it probably is. Not everything you read in an email is true or trustworthy.

Fraudsters have all sorts of scams to trick you into giving out your personal information. 'Phishing' emails generally trick you to be from organisations you already know such as your bank or payment card company, insurance company, a government department or a company you deal with online.

The offers, emails and websites will all look 'real'. But the pages that you enter your personal information into are fake. Fraudsters will then use your data for criminal activity against you, much of which may be used in turn to fund large-scale organised crime.

Warning signs
 

You can learn to spot common things that give scam emails away, such as:

  • The use of 'Dear Customer' or 'Dear Friend' instead of using your actual name.
  • Spelling mistakes.
  • Poor word spacing.
  • Use of symbols like apostrophes and semi-colons that look out of place.
  • Using HTML (web page code) to insert remarks that break up key words.
  • Using an image of text rather than text itself. You can tell by trying to highlight the words.
  • Containing very little text at all in the actual email, just a hyperlink to a website.

Genuine companies, financial services providers and government bodies make a big effort to keep their emails accurate and professional looking. Any of the mistakes above are clues that the email is from a nuisance or fraudulent source.

How to protect yourself
 

  • Never reply to emails asking you for personal or financial information about yourself. Genuine banks and financial companies will not ask you for personal or financial information this way.
  • Never reply to emails that you weren't expecting, or if you don't know the sender.
  • Never open attachments you weren't expecting.
  • Don't click on links within emails - they could take you to fraudulent websites - type the address into your browser instead.
  • Even emails that appear to be from friends, family and colleagues may in reality be fraudulent, sent by a virus on their device.
  • If you are sending an email to several people, type their names in the 'BCC' field instead of the 'CC' field (in case it gets intercepted and reveals everyone's names and email addresses).
  • Before forwarding an email, remember to delete all details - like the original sender or the previous email trail - if you don't want them to be seen.

Spam email
 

You may also receive emails that are more of a nuisance than a safety threat. They could include emails inviting you to enter a competition, buy something online, sign up for a newsletter or have your details published. If you don't want them, use the spam email blocking tools on your email system.

Social networking security

There are now thousands of social networking sites on the internet. The best known include Facebook, Twitter and LinkedIn. They are a great way to stay in touch with friends and relatives and can connect people right across the world. But there are risks and even serious dangers in sharing your personal information on social networks.

The risks

You may not have direct control over who can see your profile or posts, even if you have been careful with security settings. They could be seen by friends of your friends that you don't know, and their friends, and so on.

Information you put on social networking sites can help fraudsters guess your passwords and answers to secret questions like your mother's maiden name, pet's name or your first school. They could also find out when you are away on holiday (leaving your home empty), or where your family members are at a given time.

Another major risk in social networking sites is clicking on links which seem genuine or enticing, but can lead to bogus pages or other websites designed to defraud you or compromise your identity.

Staying safe on social networks

  • Never put your financial details on a social networking site.
  • Change your passwords regularly.
  • Always read social networking sites' privacy policies.
  • Review your privacy settings - change them if they don't give you enough privacy.
  • Remember that people you don't know might be able to see your profile and anything you publish.
  • Be careful about the amount of personal information you publish, including any travel plans that you or your family make.
  • Create a separate email address just for social network sites.
  • Be cautious about meeting people you have contacted on social networking sites in person - they may not be who they seem.

Online shopping

Online shopping is very convenient and provides you with a vast choice of products, services and retailers. But it also has dangers.

Risks of online shopping

Most legitimate online businesses' payment and account detail systems are very secure. But some fraudsters use the same scams as they do in online banking, faking business websites to get your personal and financial details from you. Sometimes, fake names are used that sound close to a legitimate business name too.

How to shop online safely

  • Look for things like a genuine postal address, phone number or post/ZIP code. VAT, tax or Registered Charity details can be verified online too.
  • Try to obtain recommendations from people you know and trust, or at least independent online reviews of the online retailer.
  • Before doing any financial transactions online, check for the locked padlock in the browser window and that the web address starts with "https://", which indicates it's secure - if these are not there, do not enter any details.
  • Check the returns and delivery policies for any clauses that might make it difficult to return goods. You now have stronger rights under the European Union Consumer Directive 2014.
  • If you are buying goods from abroad, remember that some countries don't have as strict selling laws as in the UK, EU and USA
  • If possible, use a credit rather than a debit card. Credit cards have better protection if something goes wrong and the credit card issuer may be able to chase the problem on your behalf.

Mobile security

Smartphones and tablets have freed us to go online anywhere there is a 3G or 4G signal, Wi-Fi router or public hotspot. For many people, these mobile devices are rapidly taking over from computers for email, social networking, gaming, shopping and banking. This makes them a prime target for criminals, so it's essential to take mobile security precautions.

How to protect yourself

  • Always protect your mobile device with a PIN that only you know.
  • Download apps and games only from official app stores and websites.
  • Use internet security software designed for mobile devices, and ensure it is always updated.
  • Never open, reply to emails, texts or instant messages if you don't know who they are from, and never open links or attachments unless you are absolutely certain who they are from.
  • Switch off sharing technology like Bluetooth, unless you need it.
  • Protect your mobile device when out and about. Keep it in a safe place.
  • Some mobile device manufacturers offer free 'find my device' services if your device is stolen or lost.
  • Always be aware of anyone looking over your shoulder ('shoulder surfers') when using your mobile device.
  • Ensure your Wi-Fi at home or office is secured, and that any public Wi-Fi hotspots you may be using are secure.

Common online scams

Fraudsters are ingenious and new scams - or variations on existing scams - happen every day. In many cases they act as hi-tech con men, preying on your emotions or needs and gaining your trust.

Things to remember

  • Be absolutely certain that the person you are dealing with is genuine. If it appears rude to question them, this is better than becoming a victim of online fraud.
  • Ask yourself if the situation you are in seems genuine.
  • Never assume that you can always spot a scam - fraudsters are very creative, persistent people.
  • If something seems too good to be true, it probably is.

Common types of online fraud

Shareholder and investment scams
 

Shareholder and investment scams (sometimes known as 'boiler room' scams) operate mainly from overseas by phone or sometimes email. They try to convince you to invest in a get-rich-quick share or other investment scheme which is actually bogus.

Telephone banking fraud
 

You receive a call from someone claiming to be from your bank or card provider telling you there is a problem with one of your accounts and you need to transfer your money to another account they have set up for you. Alternatively, you could get a caller claiming to be from the local police saying they have arrested a criminal who has cloned credit cards with your name on them. You call back with your personal details, but the fraudster has kept the line open and you are actually giving them your details.

Advance fee (or 419) scam
 

Fake advertising, phoney application forms, forged share certificates and letters claiming that you have overpaid, or are entitled to an inheritance or lottery winnings. The giveaway is these scams always ask for some kind of upfront fee. And then you'll never hear from them again.

Social networking accounts
 

Fraudsters attempt to contact your social media contacts by hacking into accounts, pretending to be ill or in danger and pleading for money. The risk of this can be reduced by choosing a password that's hard to guess, a separate email address just for social networks and being wary of posts that seem out of character.

Romance fraud
 

Many fraudsters use dating and social networking websites and chatrooms to pose as single people looking for love. They take you into their confidence then play on your emotions by claiming to be ill or in trouble and needing your money to help them out. You should also consider very carefully before meeting someone in person who you have met online. They may have created a false profile, and not be who they seem.

Auction sites (e.g. eBay)
 

A common scam is to be emailed if you have successfully bid for an item and told that your payment has been declined. You are asked for your bank details to be re-supplied using a fake link. Such emails usually use legitimate businesses' logos, but the content and links are fake.

  • Never reply to an email asking for payment, or click on the links.
  • Contact the company separately, through their website or over the phone and tell them about your email.

Trading websites (e.g. vehicles, tickets, property lets, buying/selling)
 

Goods or services advertised are exactly what you're looking for, and may be at a better price or availability than you can find elsewhere. You are told that the seller cannot accept a credit card and that you need to transfer payment directly into their bank account. The goods or services don't exist, and you can't claim the money back from your bank.

Contacted by Standard Life Aberdeen?

We will only ever send you emails with a link to a Standard Life Aberdeen group company login page if you have registered or opted in to receive emails from us. If you receive an email claiming to be from Standard Life Aberdeen group company and you are in any doubt, please forward it to emailscams@standardlife.com and we will investigate it for you.

Spoofing and phishing
 

'Spoofing' and 'phishing' are two words used to describe scams to get your personal banking details. 'Spoof' emails are supposed to look exactly like a real company's email, but they are sent to millions of email addresses at random. This is called 'phishing'. The fraudster's hope is that some people will be fooled into giving their banking or personal details, or use their debit/credit card to pay a fake 'fee'.

'Spoof' emails usually include links to fake websites. Fraudsters try and make these fake websites look exactly the same as the real thing.

A common giveaway though is these sites usually ask for your account, card or security details with little or no explanation as to why. As a general rule, if you don't know why you're being asked for these details, don't give them.

Legitimate businesses always have a telephone number or an office you can contact if you are not sure.

Different countries have different ways of regulating financial services firms, so it's worth checking before making any kind of payment.

Have you received any unsolicited emails which look suspicious?

If so, please forward the email to emailscams@standardlife.com.

Promised a fortune?
 

Have you been promised a fortune, or a large loan?

Fraudsters will  use our company name as a way of getting people to pay a fee, on the promise of a large sum of money or guaranteed loan. These are called 419 scams. They're named after a section of the Nigerian Penal Code where these scams began.

419 scams are designed to look convincing. Some go to the trouble of producing fake advertising, phoney application forms and forged share certificates. Fraudsters will go to these lengths to fool people into sending them money or handing over their bank details.

Sadly, there is little that Standard Life Aberdeen can do to stop 419 scams happening. But by being aware of the types of scam that have happened, you can keep yourself safe online.

Here are some earlier examples of scams where criminals have fraudulently used Standard Life related company names, logos and branding in the past:

  • An individual from Brazil got in touch with us after fraudsters had contacted them. The fraudsters used an email address from an international auction site and faked a story about an unclaimed fortune worth over US$30million. All the individual had to do was send their personal details and the fraudster would arrange for the money to be picked up in person at Standard Life Bank in Edinburgh.
  • An American responded to an online advert in a trusted website from 'Standard Life Loan House plc'. The fake advert promised a loan to buy property, and the victim just needed to pass their bank details and send an 'admin fee' by money transfer. After doing this, and completing a forged application form, they realised they had been scammed.
  • Another person responded to a different online advert, only this time the 'prize' was a large number of shares. The fraudsters even sent a forged share certificate. The victim paid an 'admin fee' and spent their life savings travelling to a Standard Life office in Edinburgh from their home in Europe. When they arrived, they expected to be met by a Chairman and receive a cheque for a fortune. Sadly, all we could do was explain that they were a scam victim and to get in touch with their local Consulate.

Report fraud

If you think you have been defrauded, or that someone is trying to defraud you, contact the police. There are other actions you can take, depending on what country you live in.

If you live in the UK

The services in this list can help if you have, or think you have, been a victim of fraud:

  • www.cifas.org.uk - If you have been the victim of fraud, then contact CIFAS to register and protect your identity from further attack.
  • Use Equifax / Experian / Call Credit to check your credit history
  • Register with a Fraud Prevention Agency that also offers a Protective Registration Service. Call 0870 010 2091.
  • www.royalmail.com - If you think your post is being stolen, contact the Royal Mail on their Customer Enquiry number, 08457 740 740.

If you live outside the UK

Please check what services are available in your area, either from your government or consumer advice bodies. You can also search online for topics like "fraud prevention" or "report fraud".

Report suspicious emails to Standard Life Aberdeen

If you have received any emails supposedly from Standard Life Aberdeen group companies but are suspicious, please forward the message to emailscams@standardlife.com.

Get safe online

More independent advice is available from Get Safe Online

02/06/2014 - New global online threat