and security

Fraudsters are always looking for opportunities to target individuals and unfortunately they are finding new ways to do this such as impersonating financial advisors and encouraging investment into products that in fact, don’t exist.

Please therefore, be extra vigilant and take care if you receive emails, texts, calls or letters claiming to be from OakNorth Bank or a financial advisor. We will never ask you to make a transaction, move money into a ‘safe account' or ask for your password, log-in details or PIN.  

Top tips for protecting yourself


Create a strong password and never share it or write it down

Treat all unexpected calls, emails and text messages with caution. Don’t assume they’re genuine, even if the person knows some basic information about you

Hang up on calls and ignore messages if you feel pressured to act quickly. A genuine bank or business won’t mind waiting if you want time to think 

Check your bank account and credit card statements regularly

Tell us at the earliest opportunity if you think you've been scammed or if someone is trying to scam you or if you see transactions on your account which you don’t recognise


Give out your passwords, login credentials or bank details to anyone

Share One Time Passwords over the phone

Post pictures of your cards or bank statements online

Don’t reply to, click links or open attachments in suspicious emails

Don’t download software or let anyone remotely log in to your computer or devices

How to report fraud

We will never ask you to send your personal passwords or security codes via email, text message or social media. If you receive a request for this information, or any other suspicious email, text message or contact on social media, please email us on [email protected].

You can also report fraud through the Customer Service number 0330 380 1181. Additionally, you may wish to contact the police or Action Fraud.

Different Fraud Schemes

Identity theft happens when a fraudster has obtained enough information about someone’s identity (such as their name, date of birth, current or previous address) to apply for financial products in their name.

There are simple strategies to help protect your financial identity:

  • Regularly check your credit report to make sure there’s no unrecognised credit taken in your name
  • Keep identity documents such a passport and driving licenses safe
  • Keep security software on all your devices up to date to make it harder for criminals to steal your information

Account takeover fraud is when a fraudster can access your account because your security credentials have been compromised. How to protect yourself from Account takeover fraud:

  • Never share your password with anyone
  • Set up online banking to view statements, banking details etc online
  • Rather than using a single word for your password, choose the first letter from each word of a memorable phrase
  • Use a mix of numbers, capital and lowercase letters and special characters in your password
  • Don’t share your security questions or answers with anyone. If your security details are lost or stolen, or you think someone has tried to use them, call us immediately at 03303801181

Cheque fraud refers to criminal acts that involve the unlawful use of cheques in order to illegally acquire or use funds that do not exist within the account balance or account-holder’s legal ownership.How to protect yourself from cheque fraud:

  • Ensure that any blank spaces on your cheque are crossed through, i.e. after the name of the person or business you are paying and after the mount in words
  • Don’t leave large spaces between words
  • Always use a black or blue ballpoint pen or a pen with indelible ink so that your writing cannot be easily erased or altered
  • Regularly check your account statement to monitor your cheque payments

Below, we have described a few types social engineering frauds that criminals are committing which you should know about in order to protect yourself online.

  • We don’t use any other spelling of our company website name/domain other than OakNorth Bank | Business Loans & Savings Accounts
  • Don’t automatically click the first website you find on Google, even if the website seems authentic
  • Take your time to double-check websites, to see if they contain spelling mistakes or use a different style than you’re used to. Don’t dive straight into filling out an application form or logging into your account
  • Don’t click links in suspicious emails and text messages or open links that are identified as “not secured”
  • Be very suspicious of websites that don’t start with “https” and/or display a numerical address in your address bar, like hhtp://192.123”, instead of a domain like “
  • Don’t click on misspelled links
  • Consider bookmarking the websites you trust and visit often, then access them that way

The term ‘Phishing’ is an action where fraudsters contact victims through emails, proposing to be someone from a trusted organisation asking for personal and security information. OakNorth Bank will never ask you to transfer money to a ‘reserve account’, from your existing account or to open a new account. If you receive a phone call, email or other method of communication advising you to do so, always remember to take the time to ask yourself if the contact and request makes sense, act with care, and never share your personal or sensitive information. Be cautious about disclosing any personal information. When in doubt contact the bank using trusted contact details. Things to remember:

  • Phishing emails often dangle a financial reward, strict deadlines or negative consequences
  • Look for email signatures, sender’s address, email tone, date format, appropriate subject and legitimate attachments to check the authenticity of an email
  • Don’t reply to, click on links or open attachments in suspicious emails, especially those in your spam folder

Vishing is the telephone version of phishing. These are unsolicited phone calls from fraudsters which will encourage you to give out your personal details, such as sensitive financial information. How to avoid becoming a victim of vishing:

  • If you receive a suspicious call, always verify the caller using an independently checked phone number
  • Never give out your personal or security details over the phone, even to a caller claiming to be from your bank or the police. If you get a call like this, end it immediately
  • If a company you don’t know asks you to download, software refuse to do so
  • If you accidentally share your details with a caller who you think may be suspicious, call your bank immediately
  • When reporting fraud, use a different number to the one you were called on, as fraudsters can intercept your outgoing calls and pretend to be your bank

Smishing is when a fraudster sends a text message pretending to be from your bank or a financial institution that you receive a service from or have an account with, to say there’s a problem, ask you for sensitive information and try to trick you into giving away your personal and security information.

What should you do if you receive a suspicious text?

  • Don’t click on any of the links and check the number on our website to ensure that it is genuine – if the number isn’t genuine, delete the text message from your phone and block the sender
  • If you’ve clicked on the link by mistake, run an antivirus scan to check for any malicious software that may have been downloaded onto your phone

As smartphone technology continues to evolve, it also paves the way for an increasing number of mobile app scams. These scams can cost their victims anywhere in the range of just a few pounds to their whole life savings. As using these devices becomes a more integral part of our daily lives, it’s important to be aware of ways to avoid mobile scams.

How to avoid becoming a victim of mobile phone scams

  • Don’t store any of your personal information, bank account information or PIN numbers on your mobile phone and never share this information via text message or email
  • When accessing online banking, you should only do it via your bank’s official app or website
  • Don’t disclose your phone password or pattern to anyone. Use biometrics for accessing your phone
  • If you lose your phone and have our banking app and you suspect any suspicious activity, immediately call us at 03303801181
Get Familiar with Your Phone’s Security Settings

Simply becoming more knowledgeable about your phone, its operating system, its capabilities and vulnerabilities, along with the items on your bill, will make you less vulnerable to becoming a victim. All smartphones have security settings that can be adjusted and set to keep your personal information safe. iOS and Android have been paying special attention to their security settings and will have several ways to add further layers of security.

You may be expecting to make a payment to one of your suppliers for the purchase of goods and services. With invoice redirection, a fraudster poses as one of your suppliers, telling you their payment details have changed and providing you with new bank account details. If the payment is made, this type of fraud only comes to light when the genuine suppliers asks for their payment.

Avoiding invoice fraud:

  • Be on high alert when a supplier sends you new account details
  • Always verify the new details with the supplier via a trusted channel such as a phone call or previous email address you have on record
  • Fraudsters can hack email addresses or call from seemingly reputable numbers, and even create fake invoices

Bank impersonation fraud is where the fraudster contacts you, pretending to be from your bank. It typically begins with a phone call or text message where the fraudster might claim there has been an issue with a transaction that needs immediate action to be resolved or fraud on your account. They may ask to take control of your computer or transfer money to a “safe” account to help you protect your funds and pressure you to act immediately.

Things to remember:

  • Contact your bank directly using a known email or phone number. You can get in touch with the OakNorth team here
  • Don’t let anyone take control of your computer via remote access following an unexpected call or email
  • Hang up on calls and ignore messages if you feel pressured to act quickly. The fraudsters pressures you to rush to cause panic

CEO fraud is the impersonation of a company’s Chief Executive or any senior colleague who can authorise payments. An employee of the firm, usually in the finance department or someone who has the ability to execute payments, will receive an email from the someone impersonating the CEO, and instructing a significant, urgent payment or to change payments details for a contact or supplier.


  • If you’re asked to urgently process an unexpected payment by the CEO or senior colleague, verify it separately through trusted channels and consult with your team.
  • If in doubt, don’t click on any of the links on the email

In an investment scam, fraudsters try to convince you to invest in a scheme, shares, or commodities, which either don’t exist, or aren’t worth the money paid for them. Fraudsters may also set up fake firms using the name, address, and ‘Firm Reference Number’ (FRN) of real companies authorised by the FCA. The FCA refers to these as clone firms and the legitimacy of the firm can be checked here FCA Warning List of unauthorised firms | FCA.

Almost all financial services firms in the UK must be authorised or registered by FCA. To find out if a firm or individual is authorised, you can check Financial Services Register: NewRegister

Check that the firm reference number (FRN) and contact details you’ve been given match the details on the FS Register. If there aren’t any contact details listed on the FS Register, or the firm says they’re out of date, call the FCA on 0800 111 6768.

Remember, some firms pretend to be authorised firms, so always use the contact details on the FS Register.