Suspicious Emails and Texts
What to look out for
Fraudsters may try to get money from your business by sending fake emails and texts. They do this by sending an email or text to your business in an attempt to get access to your business’ internet banking details. They may use the following:
- Links to fake websites - A fraudster may send an email or text claiming to be from a real business. In this message there may be a link that takes you to their fake website. On this site you may be asked to give your internet banking details. For example, the page might claim to be a Lloyds Bank website.
- Dangerous downloads – A fraudster may send an email or text with a link that downloads a tool onto your computer or network when you click on it. This tool can then spy on your computer or even lock you out of it until you give the fraudster your internet banking details.
Another way fraudsters may try to get your business to give them money is by pretending to be someone you may know or has a relationship with your business. For example, a fraudster may use the following:
- Fake invoices - A fraudster may send you a fake invoice claiming to be from a real business you work with.
- Fake supplier payment details - A fraudster may claim to be from a real business and they want to let you know that they’ve changed their payment details.
- Fake CEO requests – A fraudster may pretend to be the owner or CEO of your business and ask you to make a payment or transfer.
What can you do?
There are a few things you can do to help stop these types of fraud from happening:
- Check for spelling mistakes - Get into the habit of checking for minor spelling mistakes in the addresses of the emails you receive. For example: “Lloids Bank” instead of ”Lloyds Bank”. Make sure anyone who works for you does too.
- Double check the sender is real - If you receive an email from your business owner or a supplier asking you to make an urgent payment always double check the request is real by speaking to them in person, or by calling them on the number you have saved.
- Beware of unexpected emails - Be cautious about opening any emails that you weren’t expecting (even if you think you recognise the sender), and don’t click on any links or attachments unless you are sure they are genuine.
- Use anti-virus software - Always use anti-virus software to protect your devices.
- Question any changes to payment details - If anyone asks you or your employees to change a supplier’s payment details, always call that supplier back separately on the original number you have saved for them (not on a new number).
- Make sure our internet banking site looks normal - Do not log on or key in codes from your card and reader if any of our pages look strange or different as this may indicate a virus infection.
Spotting a fake Lloyds Bank email
How to spot a fake Lloyds Bank email from a real one:
- We always greet you by title and surname, as in ”Dear Mrs Smith”. We always include part of your main account number, or part of your postcode if you don't yet have an account number.
- We never ask you to confirm personal or financial information in an email.
- We do not scare you with urgent warning messages and we never use email to warn you of suspicious activity on your account.
- Scam emails often look odd, with a messy layout and spelling mistakes.
- Our email addresses always end with lloydsbank.co.uk or lloydsbanking.com. All genuine emails come from lloydsbank.co.uk or lloydsbanking.com. There should never be another word in between lloydsbank and .co.uk or lloydsbanking and .com (for example email@example.com is correct but firstname.lastname@example.org is wrong). If you share a suspicious email with our email scams mailbox, the automatic reply will come from lloydsbanking.com.
- We never link directly to our Internet Banking log on page, or a page that asks for security or personal details.
- We never ask you to carry out a test payment online or move money to a new sort code and account number, even if it’s described as a “secure", "safe” or ”holding” account.
You can send any suspicious e-mails to: email@example.com