Notices
  • Savings products - In preparation of the launch of our new and improved Online Service we have temporarily withdrawn online applications for all our savings products. You can still apply for these products by post or in branch. All savings products will be available to apply online from 12 May. We apologise for any inconvenience this may cause.

  • Savings customers: Your 2024 / 2025 Annual Interest Savings Summary are currently being processed and are due to be delivered by 30 April 2025.
  • We’ll shortly be making some changes to our Online Service to make it simpler and easier for you to use.  

    Our new Online Service will have a modern design, improved navigation and many added benefits.  

    Find out more about the changes

  • Mortgage products - On Wednesday 23 April, we made changes to our mortgage product range. These include rate adjustments across our fixed rate products, and an increase to our Owner Occupier Joint Borrower Sole Proprietor maximum LTV to up to 90% (with no additional security required) for loans up to £500,000.
  • Online Service update. Due to planned essential maintenance our Online Service will be unavailable from 6pm until 12am on Wednesday 7 May. Our Online Service will also be unavailable between 5.30pm on Friday 9 May until 9am on Monday 12 May. We apologise for any inconvenience this may cause.

Protect yourself against fraud and scams

Scams target people of all backgrounds and ages so it's important to be alert and protect yourself. Here's how.

With today’s modern technology, criminals are becoming increasingly sophisticated in their attempts to steal personal data and your money. It’s important to protect yourself against scams and to know what we are doing about it.

Protecting yourself against fraud and scams

Looking after your data

As you would expect, we take looking after our customer data and money very seriously. 

We are proud to have received Cyber Essentials Plus accreditation. This means the Society has the necessary technical security and controls in place to ensure customer data is safe and secure.

Tips for keeping your data secure

For more information on how we protect your data and tips for keeping it secure, including:


Types of fraud and scams

What is an Authorised Push Payment (APP) Fraud?

An APP fraud is when you are tricked into sending money to a fraudster, either through being deceived about who you are paying, or about the purpose of the payment.

In May 2022, the government announced that they would make new laws to allow a regulatory body, called the Payment Systems Regulator (PSR), to require banks and payment services providers to reimburse people who have been tricked into sending money to scammers, and this came into effect in June 2023.

From 7 October 2024, this regulation will offer greater protection to most victims of this type of fraud. 

Am I eligible for reimbursement?

If you are the victim of an APP fraud, you may be eligible to claim reimbursement if:

  • You’re an individual, a micro-enterprise (with under 10 employees) or a small charity
  • your payment was made by faster payments or CHAPS on or after 7 October 2024
  • your payment was made to a UK account that can send or receive faster payments
  • you have made your claim within 13 months of the last payment made to the fraudster.

Note: There is no minimum amount you can claim. The maximum amount that can be claimed for an APP fraud from 7 October is £85,000. An excess of up to £100 may apply. If eligible, you could receive a refund within five business days, unless more time is needed to investigate your claim.

When might I not be eligible for reimbursement?

You may not be able to claim reimbursement if:

  • the payment was made to another account that you control, such as your nominated account
  • you have acted fraudulently
  • you have been significantly careless, for example, by ignoring advice from your bank not to proceed with a payment
  • the payment is part of a civil dispute, for example, where you were not satisfied with the goods you paid for
  • the payment was sent or received by a credit union, municipal bank or national savings bank.

What should I do if I’m a victim?

If you suspect one of the following:

In addition please note the following:

  • You must report the scam as soon as you can, and no more than 13 months after the last fraudulent payment was made
  • We may ask you for additional information about your claim, please make sure you respond to these requests
  • Once you have made the claim, we may ask you to report the details of the fraud to the police or offer to do this for you, and would request your consent to do this.

Phishing refers to emails that attempt to fraudulently obtain your sensitive information. These emails will often direct you to a website requesting you to enter your personal information such as bank log in details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

Common features of phishing emails are:

  • Appear to be too good to be true (they often are)
  • Have a sense of urgency
  • Address you in an unusual way
  • Contain multiple grammatical errors
  • Contain hyperlinks or attachments which may be from an unusual sender

If you receive an email from us that you are suspicious about, simply forward the email to besecure@familybsoc.co.uk and we will investigate it.

Fraudsters can also make unsolicited telephone calls encouraging individuals to provide sensitive data such as personally identifiable information. This is known as Vishing. 

If you’re unsure about a call you receive from any financial organisation, call them back but from another phone line such as a mobile or landline. We would recommend waiting about five minutes before doing so as sometimes the fraudster on the other end doesn’t hang up so when you make another call, they’re still on the line.

When we make an outgoing call e.g. to check something on an application or letter, please be aware that we will ask for personal data to identify you. We encourage you to follow the steps above if you are at all suspicious about any aspect of the call.

Furthermore, with online accounts, sometimes scammers will try to get access to your account by using a one time code or one time password. They will fill in the website with all the information they have for you like name, email etc. They will then call you pretending that they work for the company that you have your account with. Usually, the scammer will explain that they are calling to offer you an incentive such as a bonus or an extra for free in your account.

They will sound believable and they will explain to you that you will now receive a one time code so that they can ‘proceed’ to verify your account. At that moment the scammers will still be on the website and the website will send you a 1 time password (OTP) which they will ask you to read out to them. They will then enter the one time password and gain access to your account. 

Pharming is another scam whereby a fraudster installs malicious code on a personal computer or server. This code usually redirects any clicks you make on a website to another fraudulent website without your consent or knowledge. 

Be especially careful when entering financial information on a website. Look out for the ‘s’ in https and the key or lock symbol in the browser. Don’t click on the website unless you’re absolutely certain that the website is secure.

SIM swap fraud is when cybercriminals hijack your phone number by transferring it to their own SIM card.

Fraudsters can hijack your phone number by tricking your network provider into transferring it to their own SIM cards. To do this, they gather personal information, often from social media, which they can use to answer security questions. Details such as your birthday, mother’s maiden name, or places of education can make you vulnerable if shared publicly on social media. This gives them control of your phone number, allowing them to intercept your calls and text messages. Fraudsters can then use two-factor authentication (2FA) to change your passwords and gain unauthorized access to your emails and other accounts. Stay vigilant and use these essential safety tips to protect yourself:

How to spot signs of SIM Swapping

Contact your network provider immediately if you spot any of these signs:

  • Unexpected and abnormal loss of service and you can’t make or receive calls or texts
  • You get unexpected emails and notifications about account changes such as password resets and login attempts.

If you have been victim to SIM swap fraud, then report it as soon as possible to ActionFraud or call them on 0300 123 2040.

Tips to keep yourself safe from SIM Swapping

Sign Up for Account Alerts

  • Opt into SMS or email alerts. Most UK network providers offer text message or email alerts for SIM swap request or changes to your account.

Lock your mobile device with a PIN or Passphrase

  • Set up a strong, unique passcode (not easily guessable like your birthday or address) for when you contact your mobile provider customer service team with any queries. Without it, fraudsters can perform a SIM swap with minimal verification.

Enable Porting Protection or a “Number Lock"

  • Contact your mobile phone provider to activate porting protection or a number lock.  To ‘Port-out’ referrers to the process of transferring your phone number from one network provider to another. When you apply porting protection or a number lock it means that additional verification such as a PIN is needed when you want to transfer your phone number to another network provider.

Avoid SMS-Based two-factor authentication (2FA)

  • Use multi-factor authenticator apps like Google Authenticator or Microsoft Authenticator instead of SMS-based two-factor authentication which is when you receive a text message with a code to prove you are the account holder.  Using authenticator apps provides various codes for your different accounts which change every 30 seconds and removes the need for SMS two-factor authentication entirely.


Protecting your mobile devices: essential security tips

Our devices store a lot of personal information, making them attractive targets for cyber threats. Keeping them secure is essential to protecting your data. Simple habits can go a long way in strengthening your security.

Here are some practical tips to help keep your mobile devices safe:


Device, network and software security

  • Use strong passwords or PINs
  • Turn on auto-lock and enable your device to lock after a short period of inactivity
  • Consider using biometrics (Face ID) for convenience, while still relying on passwords for stronger security
  • Turn off Bluetooth and Near Field Communication (NFC) which is a short-range wireless technology that enables devices to interact when placed close together, usually within a few centimetres. It allows functions like contactless payments, secure access, and quick data sharing. Turn these off when not in use to block any unauthorized connections.
  • Avoid connecting to public Wi-Fi. If necessary, use a Virtual Private Network (VPN) for encryption or use your mobile data instead.  A VPN helps to protect your internet connection and privacy online by encrypting your connection thus also hiding your Internet Protocol (IP) address. You can download various VPN software such as Surfshark, ExpressVPN or NordVPN on either your mobile devices, tablets or computers. For transactions or sensitive activities, consider using a mobile data hotspot instead
  • Turn off automatic Wi-Fi and Bluetooth connections to unknown networks and devices. Prevent your device from automatically reconnecting to untrusted or previously used public networks
  • Delete previously connected public Wi-Fi networks to prevent unauthorised auto-connections.
  • Keep your device and apps updated. Enable automatic updates to install security and software updates when they become available
  • Only download apps from official app stores (Google Play Store, Apple App Store), but be aware that even apps from trusted stores can be malicious. Always check app reviews, developer details, and required permissions before you install them.


Data protection and privacy

  • Disable location services when not needed
  • Do not leave your mobile device unattended in public spaces
  • Avoid using untrusted accessories such as unknown chargers, USB drives, or power banks as they may contain malware
  • Close unused apps to reduce background data activity.
  • Enable "Find My Device" (Android) or "Find My iPhone" (iOS) to lock or erase data remotely if your device is stolen
  • Keep your International Mobile Equipment Identity (IMEI) number safe. This unique identifier can help in tracking a lost or stolen device
  • The quickest method to find your IMEI number is dialling *#06# on your phone, which will instantly display the IMEI on your screen
  • Alternatively on Android, you can find it in Settings > About phone > Status and iPhone users can find it under Settings > General > About.


Essential cybersecurity tips for your personal devices

Here are some essential cybersecurity tips to help protect your personal devices:

  • Use strong, unique passwords for each of your accounts such as bank accounts, application accounts and social media accounts
  • Enable multi-factor authentication (MFA) for important accounts
  • Consider using a password manager for secure password storage
  • Change any pre-set usernames and/or passwords on your devices and accounts.

  • Be cautious of unsolicited calls and emails. Verify links, senders, and unexpected calls or messages to avoid scams
  • Avoid scanning unknown QR codes to prevent spreading harmful software (Malware).
  • Check website security has “HTTPS” encryption before entering sensitive information for example 'https://familybuildingsociety.co.uk'. HTTPS is a secure version of the HTTP protocol, meaning it encrypts the communication between a web browser and a website, making it safer for transferring sensitive data. You can check a website has this by looking in the website address field
  • Ensure your device does not automatically connect to Wi-Fi or Bluetooth networks without your consent. This reduces risks from malicious networks or rogue devices
  • Public Wi-Fi can be a hotspot for cyber threats. Always use a Virtual Private Network (VPN) when accessing public networks to protect your data from potential hackers. A VPN helps to protect your internet connection and privacy online by encrypting your connection thus also hiding your Internet Protocol (IP) address. You can download various VPN software such as Surfshark, ExpressVPN or NordVPN on either your mobile devices, tablets or computers. For transactions or sensitive activities, consider using a mobile data hotspot instead
  • Even when using a secure home network, a VPN can provide an extra layer of privacy. It encrypts your internet traffic, making it difficult for hackers, internet service providers, or other third parties to monitor your online activities.


Common misconceptions regarding cybercrime

Here are some common misconceptions around cybercrime:

  • Hacking requires advanced skills: Not all hackers are tech wizards. Many attacks exploit simple human errors, like weak passwords or phishing scams, using readily available tools
  • Phone hacking is always high-tech: Most phone hacks aren’t as sophisticated as you might think. Simple tactics like social engineering or phishing are widely used
  • Only high-profile targets get hacked: Cybercriminals don’t discriminate. Individuals, small businesses, and even children are frequently targeted due to weaker security measures
  • Hacking is always illegal: Not all hacking is bad! Ethical hackers, also known as penetration testers, help organizations strengthen cybersecurity by identifying vulnerabilities.
  • A phone number alone can hack a device: A phone number isn’t enough to compromise a device. Hackers need additional vulnerabilities, such as malware or unsecured applications
  • Antivirus provides complete protection: Antivirus software is useful but not foolproof. Multi-factor authentication (MFA), frequent updates, and good security habits are essential for comprehensive protection
  • Hacked phones are always obvious: Many breaches happen quietly, stealing data over time without any noticeable signs
  • Public Wi-Fi with a password is safe: Even password-protected public Wi-Fi can be vulnerable to cyberattacks. Always use a trusted Virtual Private Network (VPN) when connecting to public networks.

You can find out more about how to keep your data secure and things to look out for on our Data Security page.


More useful links about fraud and scams

Below are a series of links to useful third party websites with more information about types of fraud and scams, and ways you can avoid falling victim to them;

Contact us

If you have any concerns about the security of your account(s) please contact us

Keeping your browser up to date

Helpful guidance in keeping your internet browser up to date for your own safety and security.

Data Security

We take all issues relating to your data seriously. Find out what we do to protect your data and what you can do to protect yourself.