Security glossary

  • 1.


    Advance fee fraud

    If a fraudster tries to trick you into sending large sums of money in advance on the promise of significant financial gain, this is known as advance fee fraud. Examples include lottery wins, employment or inheritance scams.


    Adware is a type of software that automatically displays adverts on your devices. Some adware can contain malware, and it will slow your devices down.

    Anti-virus software

    Anti-virus software prevents viruses from infecting your devices. It’s important to keep it up to date otherwise it will soon become ineffective.



    Bluetooth is a type of wireless technology that makes short-range connections between devices.

    Boiler room

    Boiler room scams are also known as share sale frauds. Fraudsters use hard sell tactics to persuade their victims to invest in worthless shares that are impossible to sell. Investors will almost certainly lose their money as a result.


    A botnet is a collection of compromised devices, each of which is known as a 'bot', connected to the Internet. When a device is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The malware will install modules which allow the devices to be commanded and controlled by the botnet's owner.


    This is the program on your devices that you use to visit websites. Popular browsers include Windows Internet Explorer, Mozilla Firefox, Google Chrome, Safari and Opera.



    A cookie is a small file stored by your web browser. Cookies record your preferences on individual sites. Most browsers will accept cookies automatically and you may have difficulty viewing the site if you refuse them.

    Cyber stalking

    Cyber stalking refers to an individual or a group tracking others online. Cyber stalking can cause the victim distress.

    Back to top
  • 2.


    Dialogue box

    A dialogue box is a window that creates a dialogue between you and your devices. It will usually inform you of something e.g. ‘you are running out of disc space’.



    Encryption is used to scramble information to protect it from those who aren’t authorised to access it.



    A firewall is specialised hardware and/or software designed to block unwanted traffic from entering or leaving your devices. It’s important to keep firewalls up to date to ensure they are providing an effective barrier between your devices and the Internet.

    File sharing

    File sharing uses an Internet connection to allow access to information stored digitally on devices, such as programs, multimedia (audio, images and video), documents, or electronic books.


    The Financial Conduct Authority (FCA) is the regulator of the financial services industry in the UK.



    If your device has been hacked it means someone has found security weaknesses in your device, network or online accounts and exploited them.


    Hackers use devices to gain unauthorised access to information with the intention of misusing it, often for personal financial gain.


    Identity theft

    Identity theft occurs when someone steals your personal information and uses it to impersonate you and commit fraud.

    Instant messaging (IM)

    Instant messaging is real-time online chat between two or more people.



    Unwanted post or email advertising material.

    Back to top
  • 3.



    A keylogger is a piece of hardware or software that records every keystroke typed on a keyboard, often used maliciously to steal passwords.



    Malware refers to malicious software such as viruses and Trojans. Malware is often hidden in attachments and free downloads and can steal the information stored on your devices.

    Money mule

    People recruited by fraudsters to launder stolen funds are called money mules. They receive cash into their bank accounts which has been stolen from another compromised account. By allowing your bank account(s) to be used to receive and transfer illegal funds, you are breaking the law, even if you don’t realise it. This is a criminal offence and will be reported to the police.

    Money laundering

    Money laundering involves disguising where money came from and is usually done to make seem like the proceeds of crime came from a legal source. One of the many ways to do this is to put money through a series of bank accounts.

    Multi-factor authentication

    Multi-factor authentication adds a layer of security to the process of verifying your identity. In addition to a password or PIN, the second factor may involve verifying something such as your phone or bank card. Biometrics (fingerprints or retina scan) can also be used.



    Phishing scams are used by criminals to lure victims, by email, text or phone, into handing over valuable information such as credit card and bank account numbers, passwords and log ins, which can be used to commit fraud. We will never send you an email, text or a website link asking you to enter your Internet Banking or card details.

    If you receive a phishing email, stay calm. There is no risk in receiving it. Just delete it. You can report it by forwarding it to


    A Personal Identification Number (PIN) is a combination of numbers (usually four) used to access a secured system like phone or online banking.


    Pop-ups are online adverts that open automatically when you visit some websites. If an unfamiliar pop-up appears on your screen and asks for your personal information, close it down.

    Privacy settings

    Your privacy settings control who you want to share your information with and what they can and can’t see. For example, the privacy settings on Facebook control who can send you messages and access your profile.

    Back to top
  • 4.


    Search engine

    A search engine is a tool that enables you to search for specific information from a database or network. Google and Yahoo! are online search engines.

    Security certificate

    A site certificate proves the site you’re visiting is genuine. The site certificate shows that a secure connection has been made and that all communication through that site is secure. Check the site certificate to make sure you aren’t on a fraudulent website.


    Another word for a fraudster.

    Secure Sockets Layer (SSL)

    SSL is a form of encryption developed for sending information securely over the Internet. It prevents others from seeing the data being sent. Genuine websites often use SSL certificates to verify their authenticity.

    Secure webpages

    Secure webpages encrypt data when transmitting information. You can check whether or not a page is safe by looking at the URL (web page address). For a secure connection the address displayed should begin with "https" - note the "s" at the end. There may also be a "lock" icon displayed somewhere in the window of the browser.

    Shoulder surfing

    Shoulder surfing is a technique used by fraudsters to steal your PIN or other information by peering over your shoulder. Always be careful when accessing personal or sensitive information in public places, and shield your PIN whenever you enter it.

    Social engineering

    Social engineers use techniques to manipulate people into doing and saying certain things, including divulging valuable information. Phishing is a form of social engineering.

    Social media

    Social media consists of interactive dialogue between organisations, communities, and individuals using online technology.

    Social network

    Social networks allow people to connect with each other online and share photos and information. Social networking sites include Facebook, Twitter and LinkedIn.


    Short Message Service: a system that enables mobile users to send and receive text messages.


    Spam is unsolicited and unwanted email used to advertise products and services. Some spam will contain malicious links or attachments.

    Spam filters

    A spam filter is a program used to detect unsolicited and unwanted email and prevent those messages from getting to a user's inbox.


    A person who sends spam email.

    Spoof websites

    Fake websites are created by criminals and designed to appear authentic. Phishing scams will often contain links to spoof websites in the hope the victim will enter their personal information. Once entered, the fraudster can use the information to access the person’s account.

    If you receive a phishing email, stay calm. There is no risk in receiving it. Just delete it. You can report it by forwarding it to


    Spyware is a type of program designed to spy on your online activity.


    To browse the Internet.

    System scan

    A system scan will test your device's exposure to security threats.



    Tablets are mobile devices, usually with a touchscreen or stylus-enabled interface.


    Trojans are a form of malware. They appear to be innocent and may come in the form of free software or an email attachment, but can actually run in the background and send your information to a fraudster.



    Software security updates are available to download from the Internet. They are designed to fix vulnerabilities and most programmes will alert you when updates are available. You can change your settings to automatically download and install updates.


    Uniform Resource Locator (URL) or web address is a string of text used by web browsers to identify resources, such as plain web pages, text documents and graphics, on the Internet.



    A virus is a malicious program that can copy itself and transmit itself between devices via removable storage devices e.g. USB sticks. Viruses can damage and destroy the infected systems and data stored on them. It’s important to use anti-virus software and keep it up to date.



    Wi-Fi stands for Wireless Fidelity and allows devices to connect to the Internet using a wireless signal.


    A worm is a self-replicating piece of malware that uses a network to send copies of itself to other devices.

    Back to top

Our online and mobile banking guarantee

We guarantee to refund your money in the unlikely event you experience fraud with our Internet Banking service - as long as you've been careful, for example, by taking reasonable steps to keep your security information safe. We protect you with safeguards that meet Industry Standards.

  • Keep your password secure and do not let anyone else make use of your security details, even if they share a joint account with you.
  • Do not let anyone watch you enter your security details and log off after each Online Banking session.
  • Carry out regular virus checks on your devices and have the latest operating system and web browser installed.

Find out more about how to protect yourself online

Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS).

Personalisation. We will always greet you personally using your Title and Surname. We will never use ‘Dear User’ or ‘Dear Valued Customer’. Where you hold an existing account with us, we will quote the last four digits of your account number, such as your current account, savings account or credit card. If you don’t yet have an account with us but we have your postal address details, we may use part of your postcode. Internet Banking-related emails may also include your Internet Banking User ID.
Links. All links within our emails will go to a page on, or to trusted Government regulatory websites (e.g. Financial Ombudsman, Financial Conduct Authority, etc). Research emails may take you to a partner research company website but you will not be asked for any Internet Banking log in details. In fraudulent emails, website addresses may appear genuine on first sight, but if you hover your mouse over the link without clicking, it may reveal a different web address. On our genuine emails the link address always starts with or We will never link direct through to our Internet Banking log in page or to a page that asks for your security or personal details.