Phishing

What’s a phishing scam?

You receive an email that looks like it comes from us asking you to sign in and check your account. It looks real, so you might be tempted to click on the link and enter your user ID and password into the website. Wait a minute. If you do, you will be handing over your details to a fraudster who wants to take your money.

Phishing scams are used by fraudsters to lure victims, by email, text or phone, into handing over valuable information such as credit card and bank account numbers, passwords and sign in details, which can be used to commit fraud.

Halifax will never send you an email, text or a website link asking you to enter your Online Banking, card details or to carry out a test payment.

Pop-up messages asking for your Online Banking details are likely to be scams. We will never ask you to enter your information in a pop-up.

If you’re faced with a pop-up asking for this information, call 08456 02 00 00.
If you’re calling from a mobile or overseas, the number is +44 1132 789 302.

*Links to external sites are provided as part of our commitment to making Online Banking safe and secure. However, we cannot accept responsibility or liability for the content or availability of external sites. We cannot guarantee that any software downloaded from these sites will work, or be free from viruses or malicious code.

Protect yourself

Protecting yourself against phishing

Here are some good ideas that will help keep you safe:

  • Limit how much personal information you make public. Especially on the Internet, including social networks. Because your own details could be used to impersonate you.
  • Treat emails with a degree of caution. Return addresses and sender’s details can be faked, and email headers and website links can be manipulated.
  • Don’t click on any link that takes you to a web page in any unexpected or suspicious looking email.

What to look out for

Impersonal greetings and probing questions
A phishing email may not be personally addressed to you but may begin with ‘Dear valued customer’. The fraudster or fraudulent website may ask for lots of sensitive personal information such as passwords, Online banking sign in details, contact details or credit card numbers.

Urgent warnings
A phishing email may say things like ‘we need to verify your account information’ to try and get you to respond without thinking.

Bad spelling and formatting
The wording of the email may have poor grammar and spelling. The fake website may look slightly different with an alternative layout or
misspelt words.

Emails from Halifax
We will never link from an email directly through to your Online Banking sign in page or to a page that asks for your security or personal details. And we’ll never send you an email, text or a website link asking you to enter your Online Banking, card details or to carry out a test payment.

We will always:

  • Quote your Online Banking user ID, the last four digits of your account number or 4 digits of your post code. By default this will be your main account
  • Greet you personally using your title and surname. For text alerts check they begin Halifax A/C and quote the last four digits of your account number or 4 digits of your postcode
  • Use links in our emails that will only ever go to a page on www.halifax.co.uk. We will never link directly through to our Online Banking sign in page or ask for your personal details.

To confirm the email is genuine, make sure all the above apply. If you’re not sure, call us using a phone number you know is valid.

*Links to external sites are provided as part of our commitment to making Online Banking safe and secure. However, we cannot accept responsibility or liability for the content or availability of external sites. We cannot guarantee that any software downloaded from these sites will work, or be free from viruses or malicious code.

Report it

Reporting phishing

If you receive a phishing email, stay calm. There is no risk in receiving it. Just delete it.

Always report it by forwarding it to security@halifax.co.uk. We’ll use this information to help reduce fraud.

If you think you may have fallen victim to phishing or any other type of online fraud, please call us as soon as possible on 08456 02 00 00. If you’re calling from a mobile or overseas, the number is +44 1132 789 302. Customers who are overseas or who have hearing difficulties or speech impairments should visit our contact us page for further information.

Keep your anti-virus software, browsers and firewall up to date to protect yourself and your devices from online threats.
Find out more about staying safe online:
Bank Safe Online
Get Safe Online
Action Fraud

*Links to external sites are provided as part of our commitment to making Online Banking safe and secure. However, we cannot accept responsibility or liability for the content or availability of external sites. We cannot guarantee that any software downloaded from these sites will work, or be free from viruses or malicious code.

More information

  • Phishing emails are often sent as spam mailings and pretend to come from your bank, tax authority, eBay, PayPal, or webmail accounts.
  • A counterfeit site can be used to collect sign in credentials and information intended for the genuine site. If you want to be safe, type the website address into your browser's search bar to check it.
  • In emails, web site addresses may appear genuine on first sight, but if you hover your mouse pointer over the link without clicking, it may reveal a different web address.

*Links to external sites are provided as part of our commitment to making Online Banking safe and secure. However, we cannot accept responsibility or liability for the content or availability of external sites. We cannot guarantee that any software downloaded from these sites will work, or be free from viruses or malicious code.

You are here:  Home > About Online > Security > Common Threats > Phishing