Security and Fraud

Password protection is everywhere, with the average person having 23 online accounts requiring a password.

With so many to remember it’s not surprising that many people use the same password for multiple accounts and rely on memorable words, dates or phrases.

However, using a pets name or your birthday just isn’t secure enough.

If you want to create a super secure password follow the tips below:

Use 12 characters minimum

While there are no set parameters around password length, 12-14 characters is considered the optimum.

Use numbers, symbols, capital letters and lower case letters to build your password
A mixture of different character types makes your password harder to crack, so vary it up and use a combination of all the factors mentioned above.

Don’t use personal information

Passwords based on personal information are far easier to crack than passwords based on random collections of words or characters.

However, even if you avoid using your birthdate or pets names in your passwords it’s still essential to restrict who has access to your private information online.

To safeguard your information you should check the privacy settings on your social media profiles, review the privacy policies of websites you use and refrain from taking part in online quizzes or games which ask for access to your social media accounts.

Make passwords complex

The more complex your password the less likely it is to be cracked. Use words and phrases with no direct connection to you and replace letters with special characters and numbers where possible.

As an example, bLu8sWan37?? meets the requirements above and would take a computer 63,000 years to crack. Adding a third word, making the password bLu8sWan37??Guit@r, would push the time taken to crack it to 380 quadrillion years.

Use a password checker

Review the strength of your password by running it through a secure online checker.

Don’t reuse passwords

An unfortunate side effect of making your passwords super secure is that they’re often harder to remember but don’t use this as an excuse to use one password for multiple accounts.

If a fraudster manages to crack your password for one account and you use it across multiple platforms they could potentially access them all.

Use a variety of passwords for maximum security.

Never share your password

Try to commit your passwords to memory and never write them down or share them with anyone.

You should also aim to change your passwords fairly regularly.

If you have any concerns that your password may have been compromised change it immediately.

At TorFX we will never ask for your password, and you should never share it with us.

Follow these top tips to maintain computer, mobile and tablet security.

Anti-virus software

Always have active anti-virus software on your devices and update your software and applications on a regular basis.

Password protection

Always protect your home Wi-Fi with a secure password (see our section on password security for more information).

Forget me

When using a computer, tablet or mobile which isn’t yours, never tick the ‘Remember me’ option. Always log out of a device when you’ve finished using it.

Public networks

Only connect to public networks you trust, and don’t use them where possible. Using mobile data is generally more secure than connecting with public Wi-Fi.

Always check your surroundings before logging into secure sites in a public place.

Click bait

Links or pop-ups commonly interrupt your experience when browsing the web – so you need to be careful not to click on them.

Suspicious links or pop-ups typically use prizes, urgency or threats to encourage you to click (with messages like ‘Click here to win £1000’ or ‘Your account is under attack’.

Use unexpected security questions

Many sites ask you to set security questions/secret answers, and the questions are often things like ‘Mother’s maiden name’.

Be aware that any information you’ve shared on social media or other web resources could be accessed by fraudsters, so avoid any security questions which can be answered with information in the public domain.

Where at all possible pick questions that only you know the answers to.

Enter web addresses manually

When visiting a website type the address directly into the search bar to make sure you’re going to the right place.

If clicking on a link to a website following a web search, be on the lookout for these signs of authenticity.

• Invalid security certificates popping up in your browser may be a sign that you’re visiting an untrustworthy site.
• Check the URL carefully. Fraudsters can create ‘fake’ websites using slightly different spellings, characters and punctuation.
• The address bar or links you hover over should contain ‘https://’ – a sign of page security.
• A locked padlock symbol in the address bar indicates that the data shared between you and the site you’re using is encrypted and secure. This isn’t a guarantee of the site’s authenticity though, so check all the factors mentioned above.

Transfer security

When making an international payment you should always be confident that the recipient of your funds is legitimate.

Be sure to verify your recipient’s details and their reason for transfer. If you aren’t 100% comfortable with the payment don’t be rushed into making it.

When you receive an email it’s important to verify that it’s from a legitimate source.

We send several different types of emails to make sure you have access to all the information you need to plan your currency transfers for the right time, and there are points you can check to ensure the email you’ve received is from our team.

Give any email you receive from us a proper scan before clicking any of the links within it.

If there’s anything unusual about the communication or anything you would like to check, contact your Account Manager directly or email [email protected].

What should you look out for?

• Branding/design – All our emails contain certain characteristics, like our logo and brand colours.
• Receiving two emails in quick succession which provide alternative instructions – Always get in touch with us if that happens
• Unusual requests – If you receive an unusual or unexpected communication always get in touch to confirm it’s legitimate.
• Spelling and grammar – The occasional typo does happen, but an email from us should never be riddled with spelling or grammatical errors.
• Tone – We aren’t pushy or threatening in our emails, and we’ll never try to scare you into acting quickly.
• Email signature and address – Our sender’s email addresses end in ‘@torfx.com’
• Links take you to unexpected places – Our email links typically take you to our website, our online service or our app listings. If you aren’t sure where a link is going to take you and you’re using your computer, hover over it with your mouse and check the URL. If you aren’t confident in the link within the email type in the URL manually or go directly to the online service/app.
• Attachments – Strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device.
• Unexpected prizes – If you receive a communication that claims you’ve won a completely unexpected prize don’t click any links in the email or reply to it directly. Contact your Account Manager or email [email protected] and we’ll let you know if it’s a genuine prize.
• Check it before you click it – Don’t click on email links or attachments unless you’re completely confident that the email is from a trusted source.

Receiving unsolicited phone calls and texts is something we’ve all had experience of, but some scam calls can sound very convincing.

These simple steps can help protect you from fraudulent calls and texts.

Before answering a call

Fraudsters can make themselves appear genuine using legitimate caller IDs.

Enter the number into a search engine to check whether it belongs to a real company/a company you’re comfortable talking to.

If you think a call is from us but you aren’t sure, check the numbers listed on the contact section of our website. You can also add your Account Manager’s number to your address book so you always know it’s them calling.

After you’ve picked up

When on a call never ever give out passwords or key security information, no matter who the person on the other end of the phone claims to be.

Text messages

We will send you occasional texts under very specific circumstances, for example if you’ve set a rate alert or have requested a One Time Pin.

If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore it and contact your Account Manager by phone or email.

Tactics to prepare for

With any unsolicited calls or emails look out for these particular traits and tactics:

• Creating panic – Warnings about suspicious behaviour or the implication that ‘an unknown device has accessed your account’.
• Urgency – Never respond to pressure to make you do something quickly.
• Language and attitude – The person you’re speaking to may appear helpful, friendly or professional, but this could be their attempt to make you feel that they’re credible and trustworthy.
• Following up a text with a phone call – Fraudsters use this tactic to add credibility.

Our online service and app have a number of inbuilt features to protect your transactions.

Online Service and App

• PIN entry – We’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer).
• Transactional emails – We’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account.
• Your activity – You can view your recent and historic activity within the app and our online service.
• You can also check all the devices that have accessed your account.

App Only

• Biometric authentication – Depending on the handset you own, you can secure your app with touch or face ID.

If you notice something suspicious or think you may have been a victim of fraud, please let us know as soon as possible by contacting us on +44 (0) 1736 335 250 or [email protected].

We’re confident in the security systems we have in place but it’s vital that you stay vigilant too.

Our Fraud FAQs provide lots of useful information about protecting yourself from fraud, while our Help with fraud section has links to useful organisations.

Remember, an offer being too good to be true, being asked to send money out of the blue or being put under time pressure can all be warning signs. Never send a payment if you have any concerns and contact us immediately if you do – we’re here to help.

We can accept no responsibility for funds being sent to the wrong account based on the content of a fraudulent email, so always verify that any payment details sent or received by email are genuine, using a trusted source.

I think I’m the victim of a scam in connection with my account. What do I do?

Contact us as soon as possible on +44 (0) 1736 335 250 or [email protected].

You can also report fraud to the police via Action Fraud using their on-line reporting tool or by calling 0300 123 2040.

If you’re not based in the UK, inform the police or anti-fraud authorities in your own country.

What can I do to protect myself against fraud?

These are some key actions you can take…

1. Keep all your personal ID documents (passport etc.) locked away and secure. The details in these documents can be used to steal your identity. Be extremely careful about who you share your personal details with as they can be used to set up accounts in your name.
2. Never share answers to security questions or passwords with anyone and don’t write them down.
3. If you’re sending money to us or to anyone else, double-check the bank account details before making the payment. Do this by getting the details direct from a trusted source. You can access our bank details securely through our online service and app. Consider sending a small payment first to check that the money has gone to the correct account.
4. If you’re buying property or making an investment, check the validity of the property or investment opportunity. Be wary of glossy brochures, celebrity endorsements and big promises.
5. Visit the Take Five to Stop Fraud website and read their advice on protecting yourself from scams.

The above isn’t a full list but it gives you an idea of the type of questions you should be asking. You’ll find more on this in our Scams to watch out for section.

How do I spot someone trying to de-fraud me?

We’ve listed a range of red flags based on different transfer requirements in our Scams to watch out for section. It’s crucial that you take the time to check that your payment isn’t falling into the wrong hands.

The red flags and warning signs to look out for can differ depending on the reason for your payment. Below are some of the main things to be wary of.

• Payments to friends, family, or someone you’re in a relationship with
  Instances of relationship fraud have increased enormously in recent years.

  Be particularly careful about sending money to someone you’ve never met in person, especially if you made contact via a dating app. Are they now asking for help with medical fees, housing or travel costs? Are they genuine?

  Also beware impersonation scams, where you’re asked to send money to a family member who’s in trouble. Always contact that relation independently to check that a fraudster hasn’t got hold of their phone or hacked their social media accounts.

• Making payment for goods or services

Have you checked that the goods exist, and that the supplier is genuine?

Be wary if you’re asked to pay a deposit or a big fee up-front as this could be an advance fee scam. Where possible, always check online reviews and get an invoice before paying anything.

Have you met the supplier? Do they have a registered business address? Are the contact details given by the supplier vague (maybe just a PO Box and a mobile or premium number)? Always verify that the person or business you’re dealing with is legitimate before sending a payment.

• Paying estate agent or legal fees or some other bill

Fraudsters can intercept payments and redirect money to their own accounts, often by sending out a false invoice or email featuring their own account details. Make sure that the account details you’re paying into are genuine and think about sending a small payment first to check that the money has gone to the right place. This type of fraud is a particular risk in the property and real estate sector.

• Funding an investment

If an investment sounds too good to be true (high returns and low risk), it could turn out to be a scam.

Be wary of dealing with any company that approaches you out of the blue and always check that the property or investment you’re buying exists.

Is the broker willing to supply his/her copy ID? Does the company promoting the investment have a registered business address? Are the contact details vague (maybe just a PO Box and a mobile or premium number?) What do the online reviews say?

Are you being put under pressure to buy? Always check the FCA Register to see if there are any warnings about the individual or company you’re dealing with and look at the FCA’s Warning List. Seek advice from an FCA regulated firm before going ahead.

You can get additional help and advice on fraud from the following organisations:

Take Five

Action Fraud

Which?

National Cyber Security Centre

Metropolitan Police – fraud advice