What’s a phishing scam?

You receive an email that looks like it comes from us asking you to sign in and check your account. It looks real, so you might be tempted to click on the link and enter your user ID and password into the website. Wait a minute. If you do, you will be handing over your details to a fraudster who wants to take your money.

Phishing scams are used by fraudsters to lure victims, by email, text or phone, into handing over valuable information such as credit card and bank account numbers, passwords and sign in details, which can be used to commit fraud.

These emails, texts or websites often contain links to fake online banking login pages, which will send your password and memorable information to the fraudster. The link might also lead to a website that will infect your device with malware. Remember, emails from Halifax will only ever contain a link to our main banking homepage, and never to a page that asks you to enter login credentials, personal information, card details or to carry out a test payment. If in doubt, visit our site by typing the URL directly into your browser window (you can find our URL on your bank card or statement).

Pop-up messages asking for your Online Banking details are likely to be scams. We will never ask you to enter your password or memorable information in a pop-up. We’ll also never ask for your card PIN.

If you’re faced with a pop-up asking for this information, call 0345 602 0000.
If you’re calling from a mobile or overseas, the number is +44 113 279 8302.

Protect yourself

Protecting yourself against phishing

Here are some good ideas that will help keep you safe:

  • Limit how much personal information you make public, especially on the Internet and social networks. Scammers can use your own details to impersonate you and commit fraud.
  • Treat emails with a degree of caution. Return addresses and sender’s details can be faked, and email headers and website links can be manipulated.
  • Don’t click on any link that takes you to a web page in any unexpected or suspicious looking email.

What to look out for

Impersonal greetings and probing questions
A phishing email may not be personally addressed to you but may begin with ‘Dear valued customer’. The fraudster or fraudulent website may ask for lots of sensitive personal information such as passwords, Online banking sign in details, contact details or credit card numbers.

Urgent warnings
A phishing email may say things like ‘we need to verify your account information’ to try and get you to respond without thinking.

Bad spelling and formatting
The wording of the email may have poor grammar and spelling. The fake website may look slightly different with an alternative layout or
misspelt words.

Emails from Halifax
We will never link from an email directly through to your Online Banking sign in page or to a page that asks for your security or personal details. And we’ll never send you an email, text or a website link asking you to enter your Online Banking credentials, card details or to carry out a test payment.

We will always:

  • Quote your Online Banking user ID, the last four digits of your account number or 4 digits of your post code. By default this will be your main account
  • Greet you personally using your title and surname. For text alerts check they begin Halifax A/C and quote the last four digits of your account number or 4 digits of your postcode
  • Use links in our emails that will only ever go to a page on We will never link directly through to our Online Banking sign in page or ask for your personal details.

To confirm the email is genuine, make sure all the above apply. If you’re not sure, call us using a phone number you know is valid. You can find our number on the back of your bank card and on your statements.

Report it

Reporting phishing

If you receive a phishing email, stay calm. There is no risk in receiving it. Just delete it.

Always report it by forwarding it to We’ll use this information to help reduce fraud.

If you think you may have fallen victim to phishing or any other type of online fraud, please call us as soon as possible on 0345 602 0000. If you’re calling from a mobile or overseas, the number is +44 113 279 8302. Customers who are overseas or who have hearing difficulties or speech impairments should visit our contact us page for further information.

Keep your anti-virus software, browsers and firewall up to date to protect yourself and your devices from online threats.
Find out more about staying safe online:
Bank Safe Online
Get Safe Online
Action Fraud

More information

  • Phishing emails are often sent as spam mailings and pretend to come from your bank, tax authority, eBay, PayPal, or webmail accounts.
  • In emails, web site addresses may appear genuine on first sight, but if you hover your mouse pointer over the link without clicking, it may reveal a different web address. This can mean that the email you received is from a fraudster, not us.
  • A counterfeit site can be used to collect sign in credentials and information intended for the genuine site. If you want to be safe, type the website address from your bank card or statement into your browser's search bar instead of clicking on a link in the suspicious email.

*Links to external sites are provided as part of our commitment to making Online Banking safe and secure. However, we cannot accept responsibility or liability for the content or availability of external sites. We cannot guarantee that any software downloaded from these sites will work, or be free from viruses or malicious code.