Security and Fraud

Protecting yourself from fraud

While we have robust internal measures to keep your transfers secure and safeguard you from fraud, there are crucial actions you must take to protect yourself from external threats.

We count on you to verify that the person you're paying is legitimate and that the account information you've received is accurate. Fraud is a growing risk for all, and unfortunately, recovering funds sent to fraudsters is not always possible.

If you ever have any doubts about a transaction or communication, please reach out to us immediately.

Staying vigilant against fraud

Fraud comes in many forms, some of which are highly sophisticated and hard to detect. Below are some of the most common scams and key signs to look out for.

Pension fraud occurs when someone deceives you into giving them part or all of your pension. Scammers often pose as offering investment opportunities, free pension assessments, or methods to take advantage of a 'loophole' that allows you to access your pension early or without paying taxes.

Impersonation fraud occurs when a scammer pretends to be someone you know and trust, such as a friend, family member, colleague, or a representative from a reputable organization. They may use technology to make phone numbers, email addresses, or websites appear authentic.

Identity fraud occurs when a criminal gathers enough personal information to steal your identity and use it for illegal activities. For instance, they might open a credit card in your name or apply for a passport using your identity, allowing them to travel undetected.

Relationship fraud, or romance fraud, happens when someone pretends to have romantic or emotional intentions to earn your trust. They exploit the connection they've created to manipulate you, often aiming to deceive you into giving them money or stealing your personal information to commit identity theft.

Investment fraud occurs when a scammer deceives you into giving them money by pretending to offer a lucrative investment opportunity. This is often followed by a secondary scam, where the fraudster promises to help you recover the lost funds.

Shopping fraud happens when a criminal pretends to be a business or individual in order to deceive you into purchasing something that isn’t real. Their goal may be to steal your money or valuable information, like your credit card details, which they can later use in another scam.

Bank imitation website scams are a form of impersonation fraud where scammers design counterfeit websites that resemble real banking sites. They typically deceive people by sending phishing emails or text messages that look legitimate and include links to these fake websites.

AI fraud occurs when scammers use artificial intelligence to trick individuals into revealing money or personal information. AI can be employed to generate realistic phishing emails or text messages, while more sophisticated tools can clone voices and create "deepfake" images and videos.


Fraud updates and insights

Explore our latest articles on fraud prevention, highlighting common scams, warning signs to be aware of, and tips for safeguarding yourself.

Reporting fraud

If you have any concerns about a transaction or the security of your account, our team is here to help. If you spot something suspicious or believe you may have fallen victim to fraud, please contact us immediately at +44 (0) 1736 335 250 or [email protected]

You can also reach out to the following organizations for further assistance and fraud advice:


Fraud reimbursement

An Authorised Push payment Fraud, or APP fraud, happens when someone is tricked into sending money to an account which they do not control.

The Fraud Reimbursement Rules are new UK-wide rules which change the way that APP fraud is dealt with by UK financial services businesses and came into force on 7th October 2024. They may, depending on certain criteria, mean that you may be reimbursed for any APP fraud.

Firstly, if you think that you have been the victim of an APP fraud, you should contact us as soon as possible to notify us of a potential reimbursement claim under the Fraud Reimbursement Rules. Once we receive your claim, we will review it and if it is in scope reimburse you within five business days – although it can take up to 35 business days if we need further information from you.

A £100 excess may apply. This means that if you make a claim of £1,000, you’ll get £900 back. You may not get any money back if your claim is under £100.

Please note, these rules apply to Faster Payments and CHAPS payments, and in GBP, only. They don’t apply to payments made in another currency or to payments made overseas, outside of the United Kingdom, or any payments made using cheque or card. There are certain other exceptions where we might not reimburse you, for example, where you may not have followed any fraud warnings that we have provided, or where you haven’t shown an appropriate level of caution.

We may need further information from you as part of your claim, and you will need to respond to these requests promptly. Once you’ve made a claim, we may ask you to report the details of the APP fraud to the police and provide any reference numbers that you have been given – you should do this to ensure that the police can investigate and take action.

If you wish to report a potentially fraudulent transaction, please contact us.


Protecting your accounts and personal information

Nowadays, a password is required for nearly everything. With so many accounts to keep track of, it's tempting to rely on familiar words and phrases.

However, as tempting as it might be, using your birthday or your pet’s name won’t be sufficient if you want to keep your account secure.

Here are our top tips for creating ultra-secure passwords.

  • Use a minimum of 12 characters
    There’s no strict rule about the ideal password length, but 12-14 characters is a good general guideline.

  • Include a mix of numbers, symbols, uppercase, and lowercase letters
    Websites don’t ask for complicated passwords just for the sake of it – using a variety of character types makes your password harder to crack by fraudsters' software.

  • Avoid personal information
    In today’s digital age, details like your birthdate, place of birth, or pet’s name are easy to find online. Passwords based on personal information are much easier to guess than those using random words or phrases.

    Even if your passwords don’t contain personal details, it's important to control what information is available about you online. Check the privacy settings on your social media accounts, review privacy policies on sites you visit, and be cautious when participating in online surveys or quizzes that request access to your social media profiles.

  • Make it strong
    When creating a password, think outside the box and use an unexpected combination of words, replacing letters with special characters or numbers that don’t resemble the original letter.

    For example, bLuesWan37?? meets all these criteria and would take a computer 63,000 years to crack. Two random words make a decent password, but three are even stronger. bLuesWan37??Guit@r would take 380 quadrillion years to break!

  • Check your password strength
    If you’re unsure about your password's strength, test it using a secure, reputable online checker. It will estimate how long it would take to crack your password, giving you the chance to try different combinations until you’ve created a near-impossible password.

  • Use unique passwords
    Creating secure passwords and trying to remember them can be overwhelming, but using one password for multiple platforms undermines all your efforts. If a fraudster gains access to one of your accounts, they could access many others.

    Use different passwords for each account to reduce the risk of widespread damage if one account is compromised.

  • Don’t share your password
    Never share your password with anyone. One common issue with complicated passwords is that people are tempted to write them down so they don’t forget them. Resist this urge and try to memorize your new passwords instead.

    Set a reminder to change your password regularly.

    At TorFX, we will never ask for your password, and you should never share it with us - even if it seems like we've requested it.

    If you believe your password is no longer secure, change it immediately.

    Changing your password is easy - just follow this link.

Everyday internet use can expose you to opportunistic fraudsters if you don’t take the necessary steps to protect yourself.

Here are some simple tips to help keep your computer, mobile, and tablet secure.

  • Keep your computer secure
    Ensure that you have active anti-virus software and that your software and apps are regularly updated. Updates and patches often fix security vulnerabilities.

  • The P-word
    Make sure your home Wi-Fi is password-protected and use the password tips provided in our security section to make it strong.

  • Log out when finished
    If you're using a computer that isn't yours, avoid ticking the 'Remember me' option, and always log out once you're done.

  • Public Wi-Fi safety
    When connecting to public networks (like those in bars or cafés), ensure they are ones you trust. We recommend avoiding public Wi-Fi whenever possible, as these networks are often targeted by cybercriminals. If in doubt, it's safer to use mobile data instead of public Wi-Fi.

    Also, when logging into secure sites in public, make sure to check your surroundings to ensure no one is watching you.

  • Beware of suspicious links
    While browsing the web, be cautious about clicking on links or pop-ups that seem suspicious. Fraudsters often use tactics such as offering prizes, creating urgency, or making threats to lure you into clicking malicious links. Typical messages might include: "You’ve won £1000! Click here to claim," "Your computer is under attack! Click here...," "Do this or your account will be restricted...," or "You’ve accessed illegal content, click here to avoid legal action..."

  • Choose your security questions wisely
    When setting security information (such as answers to security or password recovery questions), be aware that any personal information you've shared on social media or other online platforms could be accessible to hackers and fraudsters. Choose questions that only you are likely to know the answer to whenever possible.

  • Check for authenticity
    When visiting TorFX's website, always type the address directly into the browser or select it from a trusted search engine. Look out for these signs to confirm that the site is legitimate:

    • If you see invalid security certificates in your browser, this could be a sign that the site is untrustworthy. Our certificates are always valid.
    • Double-check the URL. Fraudsters often use subtle variations in spelling, characters, or punctuation to lead you to fake websites. We recommend navigating directly from the address bar or using a reputable search engine.
    • Ensure the URL begins with "https://" – this means the site and any links are secure.
    • Look for the locked padlock symbol in the address bar. This indicates that the data exchanged between you and the website is encrypted and secure. Some fraudsters may also use encryption, so always verify all signs of authenticity.

  • Sending funds securely
    When making an international payment, it’s essential to have full confidence in the legitimacy of the recipient.

    Verify the recipient's details and the reason for the transfer and never feel pressured to send funds if you're not entirely sure or comfortable with the payment.

When you receive an email it’s important to verify that it’s from a legitimate source.

We send several different types of emails to make sure you have access to all the information you need to plan your currency transfers at the right time, and there are points you can check to ensure the email you’ve received is from our team.

Give any email you receive from us a proper scan before clicking any of the links within it.

If there’s anything unusual about the communication or anything you would like to check, contact your Account Manager directly or email [email protected]

What should you look out for?

  • Branding/design – All our emails contain certain characteristics, like our logo and brand colours.
  • Alternative instructions - Receiving two emails in quick succession which provide alternative instructions – always get in touch with us if that happens
  • Unusual requests - If you receive an unusual or unexpected communication always get in touch to confirm it’s legitimate.
  • Spelling and grammar - The occasional typo does happen, but an email from us should never be riddled with spelling or grammatical errors.
  • Tone - We aren’t pushy or threatening in our emails, and we’ll never try to scare you into acting quickly.
  • Email signature and address - Our sender’s email addresses end in ‘@torfx.com’
  • Links take you to unexpected places - Our email links typically take you to our website, our online service or our app listings. If you aren’t sure where a link is going to take you and you’re using your computer, hover over it with your mouse and check the URL. If you aren’t confident in the link within the email type in the URL manually or go directly to the online service/app.
  • Attachments - Strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device.
  • Unexpected prizes - If you receive a communication that claims you’ve won a completely unexpected prize don’t click any links in the email or reply to it directly.

    Contact your Account Manager or email [email protected] and we’ll let you know if it’s a genuine prize.

  • Check it before you click it - Don’t click on email links or attachments unless you’re completely confident that the email is from a trusted source.

Receiving unsolicited phone calls and texts is something we’ve all had experience of, but some scam calls can sound very convincing.

These simple steps can help protect you from fraudulent calls and texts.

Before answering a call

Fraudsters can make themselves appear genuine using legitimate caller IDs.

Enter the number into a search engine to check whether it belongs to a real company/a company you’re comfortable talking to.

If you think a call is from us but you aren’t sure, check the numbers listed on the contact section of our website. You can also add your Account Manager’s number to your address book, so you always know it’s them calling.

After you’ve picked up

When on a call never ever give out passwords or key security information, no matter who the person on the other end of the phone claims to be.

Text messages

We will send you occasional texts under very specific circumstances, for example if you’ve set a rate alert or have requested a One Time Pin.

If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore it and contact your Account Manager by phone or email.

Tactics to prepare for

With any unsolicited calls or emails look out for these particular traits and tactics:

  • Creating panic – Warnings about suspicious behaviour or the implication that ‘an unknown device has accessed your account’.
  • Urgency – Never respond to pressure to make you do something quickly.
  • Language and attitude – The person you’re speaking to may appear helpful, friendly or professional, but this could be their attempt to make you feel that they’re credible and trustworthy.
  • Following up a text with a phone call – Fraudsters use this tactic to add credibility.

Our online service and app have a number of inbuilt features to protect your transactions.

Online service and app

  • PIN entry – We’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer).
  • Transactional emails – We’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account.
  • Your activity – You can view your recent and historic activity within the app and our online service.
  • You can also check all the devices that have accessed your account.

App only

  • Biometric authentication – Depending on the handset you own, you can secure your app with touch or face ID.

Keeping yourself safe from fraud

If you notice something suspicious or think you may have been a victim of fraud, please let us know as soon as possible by contacting us on +44 (0) 1736 335 250 or [email protected]

We’re confident in the security systems we have in place but it’s vital that you stay vigilant too.

Our Fraud FAQs provide lots of useful information about protecting yourself from fraud, while our Help with fraud section has links to useful organisations.

Remember, an offer being too good to be true, being asked to send money out of the blue or being put under time pressure can all be warning signs. Never send a payment if you have any concerns and contact us immediately if you do – we’re here to help.

We can accept no responsibility for funds being sent to the wrong account based on the content of a fraudulent email, so always verify that any payment details sent or received by email are genuine, using a trusted source.

The red flags and warning signs to look out for can differ depending on the reason for your payment. Below are some of the main things to be wary of.

  • Payments to friends, family, or someone you’re in a relationship with

    Be particularly careful about sending money to someone you’ve never met in person, especially if you made contact via a dating app. Are they now asking for help with medical fees, housing or travel costs? Are they genuine?

    Also beware impersonation scams, where you’re asked to send money to a family member who’s in trouble. Always contact that relation independently to check that a fraudster hasn’t got hold of their phone or hacked their social media accounts.

  • Making payment for goods or services

    Have you checked that the goods exist, and that the supplier is genuine?

    Be wary if you’re asked to pay a deposit or a big fee up-front as this could be an advance fee scam. Where possible, always check online reviews and get an invoice before paying anything.

    Have you met the supplier? Do they have a registered business address? Are the contact details given by the supplier vague (maybe just a PO Box and a mobile or premium number)? Always verify that the person or business you’re dealing with is legitimate before sending a payment.

  • Paying estate agent or legal fees or some other bill

    Fraudsters can intercept payments and redirect money to their own accounts, often by sending out a false invoice or email featuring their own account details. Make sure that the account details you’re paying into are genuine and think about sending a small payment first to check that the money has gone to the right place. This type of fraud is a particular risk in the property and real estate sector.

  • Funding an investment

    If an investment sounds too good to be true (high returns and low risk), it could turn out to be a scam.

    Be wary of dealing with any company that approaches you out of the blue and always check that the property or investment you’re buying exists.

    Is the broker willing to supply his/her copy ID? Does the company promoting the investment have a registered business address? Are the contact details vague (maybe just a PO Box and a mobile or premium number?) What do the online reviews say?

    Are you being put under pressure to buy? Always check the FCA Register to see if there are any warnings about the individual or company you’re dealing with and look at the FCA’s Warning List. Seek advice from an FCA regulated firm before going ahead.

You can get additional help and advice on fraud from the following organisations:

  • Take Five
  • Action Fraud
  • Which?
  • National Cyber Security Centre
  • Metropolitan Police – fraud advice

Fraud FAQs

Contact us as soon as possible on +44 (0) 1736 335 250 or [email protected]

You can also report fraud to the police via Action Fraud using their on-line reporting tool or by calling 0300 123 2040.

If you’re not based in the UK, inform the police or anti-fraud authorities in your own country.

These are some key actions you can take…

  1. Keep all your personal ID documents (passport etc.) locked away and secure. The details in these documents can be used to steal your identity. Be extremely careful about who you share your personal details with as they can be used to set up accounts in your name.
  2. Never share answers to security questions or passwords with anyone and don’t write them down.
  3. If you’re sending money to us or to anyone else, double-check the bank account details before making the payment. Do this by getting the details direct from a trusted source. You can access our bank details securely through our online service and app. Consider sending a small payment first to check that the money has gone to the correct account.
  4. If you’re buying property or making an investment, check the validity of the property or investment opportunity. Be wary of glossy brochures, celebrity endorsements and big promises.
  5. Visit the Take Five to Stop Fraud website and read their advice on protecting yourself from scams.

The above isn’t a full list but it gives you an idea of the type of questions you should be asking. You’ll find more on this in our Scams to watch out for section.

We’ve listed a range of red flags based on different transfer requirements in our Scams to watch out for section. It’s crucial that you take the time to check that your payment isn’t falling into the wrong hands.

If you ever notice anything out of the ordinary or have any security concerns, give us a call on +44 (0) 1736 335 250 or email [email protected]

Additional

Tor Currency Exchange Ltd ("Torfx") was established in 2004 and our company registration number is 5193147

Our group processes in excess of £10bn in foreign exchange andinternational payments per annum and ia a well-established market leader in the provision of foreign currency exchange and payment services.
Highest level of creditworthiness
TorFX is proud to hold a Level 1 rating from leading credit rating agency Dun & Bradstreet. Dun & Bradstreet provides Scores and Ratings to help customers identify the risk levels of organisations. The D&B Rating provides a quick and clear indication of the credit-worthiness of an organisation, which helps customers to identify any risks.
Organisation: Tor Currency Exchange Ltd (73-940-3512)
Rating: 1 (Highest level of creditworthiness)
Risk Level: Minimum risk

TorFX is authorised by the Financial Conduct Authority as an Electronic Money Institution under the Electronic Money Regulations 2011. Our FCA Firm Reference Number is 900706.

Find more Security information here