What is online banking fraud?

Online banking fraud is when criminals access your money digitally by getting hold of your personal information. They can try to do this through your mobile and when you bank online.

Phone calls: Vishing

Criminals may contact you by phone or send you a text asking to call a number. They’ll pretend to be from a trusted organisation and may have some of your personal details.

How vishing works

Someone calls or texts to say there’s a problem and ask you to do something, such as

  • Allow them remote access to your computer, so they can control it.
  • Log in using your card reader to check your account, change details or move money.
  • Move your money into a new or ‘safe’ account.
  • Log in to the Internet Bank, to pay for antivirus help or maintenance software on your computer.

The calls and texts can sound and look very convincing. But genuine companies never ask you to move money or use your card reader.

Protect yourself from vishing scams

If you’re suspicious of the caller, end the call. If it’s a text, don’t reply or call the number. To report this, contact the organisation directly. Find their number from a trusted source. Don’t use a search engine.

If you need to call Nationwide use the number on the back of your card.


Use a different phone if you’re worried your mobile is compromised. Never give personal information to anyone by phone or text, even if they already have some of your details.

Text messages asking you to call us

Scammers can insert their messages into genuine text conversations, making them appear legitimate.

Real messages from Nationwide

  • We will always include the last four digits of your card number if we text you about a suspicious transaction.

Fake messages sent by scammers

  • If you receive a text from us that asks you to call a number, make sure it matches the one on the back of your card, or check our Contact us page

Email, text or social media messages: Phishing

Criminals might try to get you to share your personal or banking details. They’ll do this by pretending to be someone you know or trust.

How phishing works

A criminal writes to you posing as someone you know or as a reputable organisation. They can seem very convincing. The logos, email addresses or account names can be almost identical to those of real organisations. They’ll claim there’s an urgent problem and might ask you to:

  • update your details using a link without having you complete any extra security or identity checks
  • login to check a recent payment
  • unblock your account by logging into it yourself
  • transfer money to avoid a penalty or financial loss.

How to spot a phishing email

  1. We will never ask you to update your account details.
  2. Not addressed to you personally and does not include your postcode.
  3. Use of language or punctuation may be poor.
  4. Shown link may look legitimate but could actually take you somewhere else.
  5. The email signature may include a company name and address. Check these are correct.

Protect yourself from phishing scams

Hacking your computer, tablet or mobile: Malware

Taking its name from ‘malicious software’, malware is a hostile form of software. Once downloaded, it can do things like:

  • Hijack your online banking and send money from your account.
  • Prevent apps from working unless you make a ‘ransom’ payment.
  • Spy on what you’re doing online, and get the information you enter into websites or online forms.

How malware works

Criminals can trick you into installing it on to your computer or mobile device by:

  • Encouraging you to open links or attachments in emails, texts or social media messages. They’ll try to install malware as soon as you open them.
  • Getting you to download a fake app that looks like a genuine banking or service app, to capture your log in details.

Malware can be hard to remove from your device.

  1. Fraudsters can easily set up a fake email address, pretending to be from a real company.
  2. There might be attachments included, to make the email seem more legitimate. Do not open them.
  3. The email may not be addressed to you personally.
  4. The use of language, punctuation and grammar can often be poor.
  5. Fraudsters will try to encourage you to respond or act, by giving you a deadline.
  6. Signature details can appear to be correct, but this doesn’t mean the email is legitimate.

Protect yourself from malware

  • Always use a firewall and reputable antivirus software. Run regular updates.
  • Set antivirus software to run a weekly malware scan.
  • Check that a site is secure before you log in. Look for a padlock or key symbol and https in the address bar.
  • Get familiar with the genuine Nationwide Internet Bank and Banking app. It’ll make it easier to spot anything suspicious.

How you can keep your personal information safe

Protecting your devices makes it much harder for criminals to access your information.

You should always:

  • Secure your mobile and computer with a passcode or strong password.

  • Protect your computer with a firewall and up-to-date antivirus software.

  • Tell your mobile provider immediately if your phone’s lost or stolen. Then de-register your device from the Banking app. Do this in the Internet Bank or Banking app (if you log in from another device). Or call us or visit a branch (opens in a new window)

  • Complete a factory reset if you sell your computer, mobile phone or tablet.

Don't ever:

  • Install apps from unknown sources. Check they are legitimate before downloading.

  • Respond to a suspicious text about a transaction. Especially if it doesn’t include your card number’s last four digits.

  • Give out bank details over the phone or in response to a request by text message. Information like your PIN, memorable data, passnumber, codes from your card reader or codes sent to you by text.

Building digital awareness

It's important to know what to look out for when managing your money online. Our digital awareness video teaches you the common tricks scammers use. 

How to report fraud

Current account fraud

Available 24/7

Credit card fraud

Available 24/7

How to report suspicious messages

Suspicious messages

Help us stop fraud. Report suspicious emails, texts and messages to: phishing@nationwide.co.uk

We don't reply to every email but review all the messages we receive. This information helps us to stop crime. Thank you.