How to stay safe online

Here at Starling, nothing is more important to us than keeping our customers safe. So, we’ve teamed up with @TakeFive –a national awareness campaign led by FFA UK (part of UK Finance), backed by Her Majesty’s Government and delivered with and through a range of partners in the UK payments industry, financial services firms, law enforcement agencies, telecommunication providers, commercial, public and third sector – to bring you some top tips for staying safe online this Christmas.

But before that, we speak to our Compliance Officer, Laurie, about all things financial crime.


It’s been a busy year disrupting banking here at Starling HQ – but we have plenty more to do before we wave goodbye to 2017 and welcome 2018.

I love working in FinTech, I get to see first-hand the speed at which technology evolves. But (perhaps rather cynically) it isn’t hard to imagine how such evolution could present the unscrupulous individuals out there with new tools and platforms to design alternative ways to deceive.

Luckily, here at Starling, we have an amazing, experienced Financial Crime Team who are constantly keeping on-top of existing and emerging threats, to prevent and detect fraud at the earliest opportunity.

If you’ve stumbled across any blog on financial crime before, it’s incredibly likely that you’ll be familiar with the age-old saying “If it sounds too good to be true, it probably is”. Personally, I find this to be more relevant than ever – especially as I wade through the flood of spam emails that hit my inbox before 7am. However, with more and more of us bagging ourselves an online bargain during the sales, it’s perhaps not the most helpful message to take away from a blog.

So, to put a slightly different spin on things – I thought it might help to run through a few common scams out there, and how can you spot them.

Fake websites

Criminals can be extremely good at creating fake websites, over the years whilst investigating fraud, I have seen some very convincing examples. I tend to check the legitimacy of any website that I haven’t used before, but I am particularly wary around the bigger sale periods of the year – such as Black Friday or Boxing Day, when many of us are actively looking for bargains. But how can you tell?

Double check the domain name. Does it appear legitimate? It is unusual for a shopping domain to use .net or .org for trading purposes.

Is the company asking for payment by bank transfer? An established organisation is unlikely to offer this – it also offers you less protection as a customer, compared to a payment via debit or credit card, should the website turn out to be fake.

Have a browse of the website. I pay particular attention to the ‘about us’ and ‘contact us’ sections, is there sufficient detail to make you comfortable? Also, evidence of poor spelling or grammar across the website should heighten your suspicions.

Check several online reviews and the company social media. If you can’t find much about the company via sources such as Feefo or Trustpilot, and their social media is non-existent or doesn’t appear to be established, then the legitimacy should be questioned.

But, fake websites are just one way a fraudster may try to obtain your personal or financial details. They may also attempt to get in-touch with you directly, via phone, email or text – to obtain sensitive information. Because of the differences in approach, each of these has a slightly different name in the world of financial crime.

Email (phishing)

I suspect many of you will have experienced phishing or at least seen examples of it. You should be suspicious of any unexpected emails from your bank, these tend to be generic, with an urgent tone manufactured to get your attention. They might be littered with spelling errors and instead of being personalised to you, be addressed ‘dear customer’ or similar. The email address may not be linked to the organisation you believe the email to be from, and instead be from a generic account on a well-known service provider.

Remember – never click on any links contained within a suspicious email, you should always check to ensure the message is genuine first. Clicking on such a link could result in a virus or malware being installed on your device, or your details being stolen.

If you have received an email from Starling Bank, and you’re concerned about its legitimacy – get in-touch with us in-app, or call us on the number displayed on the back of your card. Our service team will be happy to help.

Text Message (Smishing)

criminals may pretend to be your bank, via text message. The message may be in an urgent tone, asking you to ‘take action’ on your account, perhaps by calling an unrecognised number or entering your details on a website accessed via a supplied link.

If you’re unsure if a text message purporting to be from your bank is genuine, you can contact your bank directly using the number supplied on the rear of your card.

Telephone (Vishing)

Vishing is where a fraudster contacts you over the telephone, often claiming to represent your bank. These calls can be structured in a way to convince you that its legitimate, by asking you to confirm security details or purporting to be linked to a fraud investigation, to gain your trust. Here are a few things Starling will never ask you to do:

  • Transfer money to a safe account;
  • Supply your PIN;
  • demand an instant decision;
  • Arrange a courier to come and collect your card, cash or any security information.

If you’ve been contacted by someone claiming to be from Starling Bank, you can get in-touch with us via in-app chat or by calling the number on the back of your card, we’ll be happy to confirm if this was genuine.

Here are some top tips from TakeFive

Requests to move money to a ‘safe’ account

A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Only give out personal or financial details to use a service that you’re expecting to contact you, that you’ve given your consent to and that you trust.

Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text.

Personal information

Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number.

Don’t assume an email or phone call is authentic

Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and revealing security details. Remember, criminals can also make any telephone number appear on your phone handset so even if you recognise it or it seems authentic, do not use it as verification they are genuine.

Don’t be rushed or pressured into making a decision

Under no circumstances would a genuine bank or some other trusted organisation force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions. A genuine bank or some other trusted organisation won’t rush you or mind waiting if you want time to think.

Listen to your instincts

If something feels wrong then it is usually right to question it. Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

Stay in control

Have the confidence to refuse unusual requests for personal or financial information. It’s easy to feel embarrassed when faced with unexpected or complex conversations. But it’s okay to stop the discussion if you do not feel in control of it.


If you’ve taken all these steps and still feel uncomfortable or unsure about what you’re being asked, never hesitate to contact your bank or financial service provider on a number you trust, such as the one listed on their website or on the back of your payment card.

If you would like to find out how good you are at spotting scams, why not take a few minutes to complete the informative test on the @TakeFive website where you can also find more helpful advice.

Your security is very important to us here at Starling, read more about our approach.