Security

  • Security top tips
  • Protecting yourself and your organisation
  • Common scams
  • Real life examples
  • What we do to protect you
  • Further Information

Security top tips

  • Stay safe online with our security tips

    • In the UK, over 40% of businesses have experienced fraud attempts
    • Our security advice tells you what to look out for, with some real-life examples
    • Our security tips are summarised below
  • Think before you click

    Your vigilance is the best defence against malicious software and fraud attempts.

    Be aware – we will never:

    Phone or email you asking for your full password, PIN or reader codes, or ask you to transfer money to a ‘safe’ account.

    Refer to Common scams to understand how fraudsters attempt to get this information.

    Emails and links

    Be cautious about opening any unsolicited emails and don’t click on any links or attachments.

    We will never email you a link or an attachment which takes you straight to a login page.

    Send any suspicious emails to emailscams@lloydsbank.co.uk.

    Protect your PC

    If your PC is not protected, fraudsters can access your online data.

    Make sure your computer is protected with security software which is regularly updated.

    See Common scams for how to recognise malicious software.

    Your card and reader

    Keep your card and reader in a safe place, and never write down or share your password or PIN.

    We will never ask you to use the RESPOND button on the reader at login.

    Protect your payments

    You should have at least two payment approvers in place where possible – four eyes are better than two.

    Check your beneficiary details before creating and approving each payment, and check when you’re notified of a change in supplier details. Protecting yourself and your organisation.

  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

Protecting yourself and your organisation

  • Protecting yourself - for all users


    Logging in and logging out

    When you log in to Commercial Banking Online, follow these tips to stay safe:

    • Always check that the web address starts with https:// (the 's' stands for secure).
    • Check that the padlock symbol appears in the locked position.
    • Remember that normal log in has the following steps : enter username, password, and identify.
    • If you are asked to enter any other information, or notice anything unusual, contact the Helpdesk immediately.
    • When you have finished your session, make sure you log out of Commercial Banking Online. Don’t just close your browser.
     

    Protect your password and PIN

    • Change your password frequently.
    • Don’t use part or all of your name or username as your password.
    • Don’t share information on social media sites that could help fraudsters guess your password.
    • Use different passwords for each website you log into.
    • You should not write down or tell anyone your password or card PIN. If a caller asks for this information, hang up.
    • If you think someone else knows your password, log out and call the Helpdesk immediately.
    • You can change your Security card PIN at any Lloyds Bank or Halifax cash machine or Bank of Scotland Cashpoint® in the UK.
     

    Protecting your organisation for Primary Administrators,
    Managers, and IT Providers

    • In the UK, over 40% of businesses have experienced fraud attempts.
    • Protect your organisation against fraud with a multi-layered approach:

    Protect your organisation

    IT Controls

    • Look at Common scams to understand how fraud attacks work.
    • Assess your organisation’s fraud risks, and make sure you have robust controls to prevent fraud.
    • Make sure your IT provider is protecting your computers and other devices from infection.
    • Consider using a separate device, that does not have email, for Commercial Banking Online activities.
     

    Awareness and training

     

    Security settings - dual approval of payments

    • We strongly recommend at least two approvers (dual approval) for all types of payments as:
      • It's easy to miss an extra payment when you’re approving a batch of payments.
      • It's also easy to miss a change in a beneficiary account number, even when making a single payment.
    • Fraudsters can create extra payments or amend beneficiaries without you being aware of it.
    • If you selected 'votes' and single approval when you registered, you can change to dual approval simply by un-ticking Approve Own/Auto Approve at Roles level for Payments and Templates, and ensuring that the number of votes is less than the maximum required for approval.
     

    Security settings – beneficiary amendment controls

    • There are two controls which you can use :
      • Require a separate approver for any changes in the beneficiary library.
      • Restrict all users to select beneficiary from the beneficiary library at Roles level, rather than having free-form entry.
                                                        
  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

Common scams

  • Common scams

    Email | Phone calls | Malicious Software | Other scams

     

    Email Emails – think before you click

    Fraudsters can send you emails that appear to come from your bank, HMRC or any other legitimate source. These emails can infect your PC with malicious software and try to trick you into disclosing your details.

    Your vigilance is the best defence against fraudsters who attempt to get these details. We will never send you an email asking you to enter your login or account details. If you’re unsure about an email:

    In the event that you have clicked on any links or opened attachments, contact the Helpdesk immediately on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK).

    What to look out for
    • Urgent warnings that encourage you to click on a link or open an attachment. Some examples are 'we need to verify your account information', 'we need to transfer your funds to a safe account', or 'changes to log in'.
    • Poor spelling, grammar, or a different layout.
    • Links to the Bank's login page should always begin with https://, the "s" indicates that you are on an encrypted webpage.
    • Impersonal greetings. A fraudulent email may begin with 'Dear Customer', 'Dear valued customer' etc. We will always include your title, surname, and last 3 digits of your postcode in Commercial Banking Online emails.
     

     

     

     Telephone Telephone Calls - Be wary

    Please be wary of unsolicited phone calls. Some customers have received unsolicited calls from people claiming to be from Lloyds Bank or the police:

    • Stating there is a problem with their account, perhaps that fraud is suspected.
    • Asking them to transfer money to a 'safe account'.
    • Asking them to log in or provide a card reader RESPOND code over the phone - we will never ask you to do this.

    In large organisations, especially where people work on different sites, fraudsters may also attempt to impersonate a colleague or a director, or even the CEO.

    Fraudsters can manipulate the caller ID so that the number displayed appears to be that of a legitimate organisation. The fraudster may ask you to call back on the number displayed, the Helpdesk number or another trusted number, but they keep your phone line open by not putting down the receiver at their end. The result is that when you call back to what you believe to be a safe number, you are still speaking to the fraudster.

    What you can do:

    • Hang up immediately.
    • Use a different phone to call back from the one you received the call on.
    • If you don’t have another phone, wait for 5 minutes, then call someone you know well first to make sure the telephone line is clear.
    • If you suspect that the call was indeed fraudulent, contact the Helpdesk when you’re sure the line is clear.
     
     

     Mouse Malicious software – stop and think

    Malicious software (Malware) includes viruses, spyware, and adware – any infection which typically causes loss or theft of data, and possible system damage. Your PC can be infected when you click on a link in an email, or on a pop-up message, or visit an infected website.

    What can malicious software allow a fraudster to do?
    • Alert them when an infected device is in use.
    • Capture keystrokes and screenshots and/or video of an infected system in use.
    • Manipulate web pages displayed on your screen.
    • Enable remote control, allowing fraudsters to use an infected PC to process payments in the background.
    • Display a holding page or a message about maintenance on the system while false payments are being made.
    Some Indicators that you may have malicious software on your PC

     fraud table

    What you can do
    • Take care when downloading programs to your PC. Is the website or link a trusted source?
    • Don’t click on links or attachments in emails unless you are sure they are genuine.
    • Always log out of Commercial Banking Online completely when you have finished, and remove your card from the reader.
    • Where possible, have more than one person to set up and approve payments, and always check beneficiary details.
    • If you think you may have malicious software, log out and contact the Helpdesk and your IT department or supplier immediately.
    What your company can do
    • Make sure that the IT department or external IT provider has installed and maintains software which protects against viruses, spyware, and adware.
    • Run frequent scans to identify and remove malicious software.
    • Make sure that all software is to date. Most software updates, such as Office, Flash, Acrobat, include security enhancements.
     
     

    Other types of scam

     
  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

Real life examples

  • Real life examples

    Emails | Phone calls | Malicious Software

     

    Email Email scam example – 'Please Log in'

    • Joanne works in the accounts department of a manufacturing company. She received an email purporting to be from Lloyds Bank about improvements to her online banking service.
    • The email advised her to log in to re-validate her security details and register new security questions.
    • Unfortunately, although the email looked like it came from us, it was actually from a fraudster. Joanne didn’t notice that the first ‘l’ in Lloyds was actually an ‘i’.
    • Having clicked on the link in the email, she was directed to a site which appeared to be her homepage, and entered her full security details as requested.
    • This gave the fraudster all the information needed to access her online banking and create a payment.
    • Later that day, Joanne approved a batch of 10 payments. Only nine have been created by the company. The fraudster has created a 10th payment for £130,000.
    Think before you click
    • Even if our email address is spelt correctly, fraudsters can manipulate how the ‘from’ email address is displayed.
    • Our emails will never contain a link directly to a log in page.
    • We’ll never send an email asking you to enter log in or account details. If you receive this type of email, forward it as an attachment to emailscams@lloydsbank.co.uk. Then delete it.
    • Be wary of emails which do not greet you by name, for example those which have ‘Dear customer’.
    Please note: business names have been disguised to protect client identity
     

    Email Email scam example – change of supplier details

    • Jim works in procurement for a major electrical retailer and sources from a number of manufacturers. He received an email from one supplier providing a new sort code and account number, which he forwarded to his Finance department.
    • Gail, in Finance, received the mail and opened the invoice attached. She checked that the new account details on both the covering mail and the invoice were the same. She assumed that Jim had checked these with the supplier, and amended the beneficiary details for future payments.
    • At month end, she processed all the invoices from the manufacturer, totalling £124,000. After 10 days, the manufacturer contacted Jim about an outstanding payment. Gill advised that payment had been made, and then remembered the email with change of supplier details. Once Jim checked with the supplier, he realised that the email he received was fraudulent.
    Check changes in beneficiary details
    • Always check with suppliers when beneficiary account changes are made. Call a known contact to check, using a verified telephone number.
    • In this case, Gail was the sole approver for payments. If there had been two approvers, the second approver might have noticed the change in details – four eyes are better then two, especially for large amounts.
    Please note: business names have been disguised to protect client identity
     

    Telephone Telephone scam example – enter response code

    • Tom at MNO Solicitors received a call claiming to be from the Lloyds Bank Fraud Department, advising that fraudulent transactions had been identified on MNO’s account.
    • The caller was actually a fraudster who had captured Tom’s username and password via malicious software planted on his PC, and had already accessed his online banking service.
    • The caller quoted genuine payments made by MNO, followed by details of fictitious payments, and asked Tom to provide a response code so that the fraudulent payments can be stopped.
    • As the account was used to hold large property deposits, Tom felt that he had to provide the code to secure the account.
    • An hour later, he decided to call his Relationship Manager to check that the account had been secured, at which time the fraud became clear.
    • A total of £750,000 had been transferred to the fraudster’s account.
    Never disclose your log in details or payment response codes
    • We will never call asking for your full password, PIN, or reader codes, or ask you to log in with them.
    • If you receive such a call, always insist on calling back on a trusted Lloyds Bank number, and use a different phone.
    • If you cannot change phones, wait for five minutes, then call someone you know well first to make sure that the line is clear.
    Please note: business names have been disguised to protect client identity
     

    Telephone Telephone scam example – transfer funds

    • Karen works for a large insurance broker, KWG. A caller claiming to be from Lloyds Bank told her that KWG’s account had been targeted by fraudsters and was at risk unless immediate action was taken.
    • Karen was asked to phone Lloyds Bank immediately, which she did, using the number printed on the bank statement.
    • She was then asked to move £350,000 to a ‘secure’ account, details of which were given to her.
    • The next day Karen spoke to her MD, who decided to check with their Relationship Manager that the account was now secure.
    • It then became clear that the call was not genuine. The fraudster had kept the phone line open at their end and intercepted the return call.
    We will never ask you to transfer funds to a ‘safe’ account
    • Be wary of calls about your banking, especially if these are late in the day, or out of business hours. Fraudsters know that businesses may not report their suspicions to the Bank at these times.
    • If you receive such a call, always insist on calling back on a trusted number, and use a different phone.
    • If you cannot change phones, wait for 5 minutes, then call someone you know well first to make sure the telephone line is clear.
    • Lloyds Bank, the police or any other legitimate agencies will never ask you to transfer funds to a ‘safe’ account.
    Please note: business names have been disguised to protect client identity
     

    Mouse Malicious software example – 'Please wait'

    • Evan is Finance Manager for a large media company. He often takes work home at month end to check and approve supplier payments.
    • When he tried to log on to online banking, he noticed a timer counting down and a message asking him to wait.
    • When the screen cleared, he logged off and on again and everything appeared normal.
    • When he was ready to approve a batch payment, he noticed one of the payments for a regular amount of £28,000 looked odd and decided to log off, and wait until he was back in the office to check the details.
    • When he checked the supplier details next day, he realised that the beneficiary account number had been changed.
    • He contacted his IT supplier about his home PC and there was a virus on it.
    If something doesn’t look right, it probably isn’t!
    • This is only one example of the way in which malicious software activity may appear. Fraudsters continually adapt and change the way in which a user’s screen may be manipulated.
    • If you notice anything unusual when you’re logging in, log out immediately. Contact the Helpdesk and describe what you’ve seen on the screen. The Helpdesk can check if there has been any activity on the account.
    • Contact your IT department or external supplier, and ask them to check your PC for malicious software.
    • Make sure that all PCs are protected by anti-virus software which is correctly installed by your internal or external IT provider, and updated frequently. Run regular scans, including any PCs you use when you’re working from home.
    Please note: business names have been disguised to protect client identity
     

    Mouse Malicious software Example - 'Enter response code'

    • Susan works for a large construction company. She logged on to online banking and entered her user name and password.
    • When she reached the point where she normally enters her identification code, a pop-up screen appeared asking her to enter a RESPOND code instead.
    • She was puzzled as this hadn’t happened before, but she is new to the system, so decided it must be safe.
    • When she entered the code, a screen appeared with a timer and loading symbol before her normal home page eventually appeared.
    • She started to think that perhaps she should have checked that the messages she received were valid. As there was no one in the office to check with, she phoned the Helpdesk.
    • The Helpdesk advised her to log off immediately. They then checked recent payments and advised that two payments totalling £34,000 had been created and approved in the background.
    Look out for unusual messages and act immediately
    • This is only one example of the way in which malicious software activity may appear. Fraudsters continually adapt and change the way in which a user’s screen may be manipulated.
    • If you notice anything unusual when you’re logging in, log out immediately. Contact the Helpdesk and describe what you’ve seen on the screen. The Helpdesk can check if there has been any activity on the account.
    • Contact your IT department or external supplier, and ask them to check your PC for malicious software.
    • Make sure that all PCs are protected by anti-virus software which is correctly installed by your internal or external IT provider, and updated frequently. Run regular scans, including any PCs you use when you’re working from home.
    Please note: business names have been disguised to protect client identity
     
  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

What we do to protect you

  • What we do to protect you

     

    Fraud detection systems

    We’re committed to making sure your Commercial Banking Online is safe and secure.

    We use cutting edge, multi-layered technology to protect your information and privacy.

     

    Keeping you safe

    You will always have to login using security devices and credentials.

    We’ll automatically log you out after a period of inactivity.

    We will suspend your access if we suspect fraudulent transactions and contact you immediately.

     

    Keeping you up-to-date

    We include up-to-date information on current fraud attempts in our regular Service Messages.

    We also update our Common Scams page on the Security Centre, so please check back from time to time.

     
     

    Commercial Banking Online Helpdesk

    If you suspect that any of your Lloyds Bank accounts have been accessed online by someone other than yourself, contact us immediately on :

    0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK).

     

    Fraudulent email reporting service

    Fraudsters may try to imitate our emails. If you are suspicious of any unsolicited email, don’t click on any links it may contain.

    Please forward it as an attachment for further investigation to emailscams@lloydsbank.co.uk, and then delete it.

  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

Further Information

  •  

    We're here to help

    If you have any concerns about unusual messages at login, phone calls or emails which appear to come from the bank, or any other suspicious activity, please contact our Commercial Banking Online Helpdesk on 0808 202 1390 (+44 1264 839 415 from a mobile or outside the UK),

    Monday to Friday, 7:30am – 6:00pm.

     
    Please have your Telephony PIN ready when you call so we can verify your identity.

    Suspected fraud can be reported 24 hours a day by calling the Helpdesk number.

    If you are reporting a suspicious call, please use a different phone-line, as the line on which you received the call may be compromised.

     

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

Lloyds Bank plc Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone: 020 7626 1500.

Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278.

We subscribe to the Lending Code; copies of the Code can be obtained from www.lendingstandardsboard.org.uk.

Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS). Please note that due to FSCS and FOS eligibility criteria not all business customers will be covered.