Warning

We are aware that fraudsters are contacting customers pretending to be the bank.

Remember we will never ask you for your district user credentials, to install any software on your computers, request remote access to view your screens, or direct you to a ‘live chat’ function.





We are aware fraudsters are actively contacting some customers via text and phone pretending to be us. They may also create fake websites that are intended to replicate our site.

We have included examples of what these messages and fake websites could look like, to help you spot this scam.

As a reminder, we'll never contact you and ask any of the following:

  • install software or give us access to view or control your PC or mobile
  • share your District user ID or passcode
  • share codes you receive from us by text message
  • share codes from your eSafe device or Danske ID
  • move money to another account for 'security purposes'
  • go to any website for help except danskebank.co.uk

If you have any concerns, please get in touch.





Keeping your business secure

 

 

  • Padlock icon

Integrated security in District

Inbuilt security features ensure that:

  • We can identify you before we disclose confidential information
  • No unauthorised persons can access your company’s data through District
  • Your data is encrypted during transmission between your browser and Danske Bank
  • eSafeID security code logo

Two-step authentication with eSafeID

When you access District, we ask you for your password and a security code provided by your eSafeID device.

We use the most advanced security mechanisms to protect you, but to keep the high level of security and avoid fraud attempts you should use all available security features within District.

 

 

  • Webroot secure anywhere logo

Free Webroot Secure Anywhere®

Webroot Secure Anywhere® is available free to all District customers. It uses worldwide Webroot © Intelligence to identify new files, classify threats in real time, prevent browser attacks, remove viruses from your PC, and defend against financial and data-theft malware.

Download Webroot Secure Anywhere

District security guidelines

  • Keep your details to yourself

    Ensure that no one but you has access to your User ID, password and eSafeID. We will never ask for your password or security code from your eSafeID device under any circumstances. Please report any requests for this type of information to us on 02890 311377.

  • Be vigilant

    Always use District in a place you trust. If possible avoid using publicly available computers and open Wi-Fi networks.

    Be careful when you use a Wi-Fi network, as others could tap into your computer. Remember to activate the encryption key before using the Wi-Fi network.

    Look for the locked padlock or unbroken key symbol in the browser when using our website, always log off after you have completed your District session, and immediately report unusual activity (such as unexpected error messages, lengthy log-in time, or suspicious payments).

  • Make sure you're on the real District platform

    Don't use links from emails, text messages or another site - they could take you to a fake website that looks like ours, especially those expressing an urgent need for you to update your information, activate an account, or verify your identity. We will never send you an email containing a link to District.

    Always access District by either manually typing www.danskebank.co.uk or accessing the site from your favourites. When you try to access District you’ll see that “https://” will appear before the address.

  • Fraud prevention measures you can take

    • Dual authorisation of payments – whereby payments need to be initiated by one user and approved by a second before they take effect, making it more difficult for hackers to make payments in your name.
    • Payment limits - using the Administration module in District, you can create a payment limit on an account and/or on an individual user depending on your requirements.
    • Locked creditor listing - using the Administration module, you can restrict User access so that payments can only be made to a regular list of creditors.
  • Confirmation of payee

    Confirmation of Payee is a name-checking service introduced as part of the payment journey, adding an extra layer of security when someone is making a payment to your account for the first time.

    If you are receiving a payment from someone (who is a customer of a participating bank), Confirmation of Payee will reassure the sender that it’s you getting the money and not someone else. Therefore, it is important to make sure that the name on your account is correct, up to date, and that the sender is aware of the account type they are paying (personal or business).

    Learn more

Security tips to protect your computer

  • Updates to software and browsers

Updates

Always update programs when prompted. When you update your software - operating system, browser and all other programs - you close the security loopholes that hackers, malware and viruses find and exploit.

  • Antivirus software

Antivirus

Install antivirus software, update the program regularly to ensure continual protection against new viruses, and set it to automatically check any downloads for viruses.

  • Firewall prevent access

Firewall

Installing a firewall will prevent hackers from accessing your PC. Make sure you keep it updated.

  • Passwords complexity

Passwords

Keep your passwords secret. Don’t use names or birthdays as passwords - use a combination of letters, digits and symbols. Use different passwords for each site, and change them regularly.

  • Opening downloaded programs

Downloads

Rather than opening programs directly, save them on your hard drive and have your antivirus program check them before you open them. Don’t open attachments in unsolicited emails.

  • Social media icon

Social media

Be careful when opening links, images etc – even if they come from someone you know, they may contain malware. Do not disclose personal information, as you can’t be sure who’ll see it.

Protect your mobile devices

Types of Phishing

  • Types of Phishing: Real-time phishing

    In a real-time phishing attack, the fraudsters will steal your logon and password as you are entering them into what looks like your usual online banking page. Then they will use these details to log on to the real version, before doing exactly as they wish with your money.

    This can happen either through a fake site that is indistinguishable from your actual online banking page, or through your computer being infected with malware.

  • Types of phishing: Vishing

    Vishing is similar to phishing except the fraudster phones you, usually pretending to be your bank. They ask you to reveal personal and sensitive information. They might make a number of calls to gather small pieces of information. For example, one week they may ask which bank you are with, the next they may introduce themselves as being from that bank. They're very clever in how they operate, so always be alert. 

    If you decide that you want to ring the caller back to authenticate the call, you should always make sure that you source the number from your own records, rather than redialling the number they have called you on, and ensure that the original connection with the caller has been terminated first. You can do this by using a different phone or by phoning someone else you know first.

Tell-tale signs of a phishing email

Eight things to look out for

  • Unprofessional appearance

    The typeface might be blotchy, too small or too large, or pictures are poor quality.

  • Links that don't go where they're supposed to

    Phishing emails usually contain links which the fraudulent sender wants you to visit.

    The URL text in the email may look legitimate, but if you hold your mouse cursor over the link (without clicking it) the actual destination will appear at the bottom of your screen. If it doesn’t match the text in your email, ignore and delete the email.

  • A link that seems to be from Danske Bank but isn't

    In addition to the point above, look at the link itself.

    A genuine link from Danske Bank will contain ‘danskebank.co.uk’ followed by a ‘/’ and the subdomain – for example www.danskebank.co.uk/mortgages

    If there is anything between the ‘danskebank.co.uk’ and the ‘/’ then be careful, as this indicates that the link has not originated from us and may be malicious.

    For example, www.danskebank.co.uk.dodgylink.com/mortgages

  • It's too good to be true

    This could take the form of an email that promises you a large sum of money if you take a certain action, or promises to pay our mortgage off for you if you click a link. Ask yourself, why would someone do this for you out of the blue?

  • Asking for bank details

    We already know your account number and sort code, and the numbers of any debit or credit cards you might have.

    A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Only give out personal or financial details to use a service that you’re expecting to contact you, that you’ve given your consent to and that you trust.

  • You get an answer to a question you didn't ask

    If the email addresses an issue you didn’t ask about, it’s probably not genuine.

    For example, you get an email telling you to click a link to register your new credit card. But you haven’t applied for one.

  • You're asked for money

    Phishers want to steal your money. If they don’t get it by tricking you into revealing account or card numbers, they’ll ask you to send it to them directly for one of number of fictitious reasons, including things like medical care, investment in business, legal fees, and so on.

  • Aggressive tone

    If you are in financial or other difficulties, we will always try and help you address them. We certainly won’t send you letters, texts or emails that immediately threaten account closures unless you comply with our demands.

    If you receive an email that appears to have been sent by us that requests you to enter personal information such as your account number or credit card number, do not reply and do not follow the instructions - even if the email suggests that you need to take immediate action to stop your account being frozen, or threatens you with fines if you don't.

Malware (Trojans,
viruses & malicious software)

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

Remember to keep your antivirus software updated and be cautious with software you download. Use an anti-spam product and treat unwanted emails with suspicion.

Malware and identity theft

  • Spyware

    Spyware is a program or file that often arrives as a hidden part of “free” programmes, and it monitors what you look at on the Web before reporting back to companies who sell the information. Some can pick up everything you type. Remember to keep your antivirus program up to date and be cautious with the free software you download.

  • Identity theft

    Fraudsters employ many techniques to gather personal information with which they then attempt to target the finances of their intended victim. These techniques include masquerading as a genuine entity and contacting the intended victim and tricking them into providing personal and financial details.

    You should exercise extreme caution before responding to any communication, including emails and telephone calls, which ask you for such details – even if those communications are alarmist in nature.

  • CEO Fraud

    This is when a fraudster hacks into the email account of a senior executive in their target business to trick its employees into transferring money to them.

    They find out who within that company has the ability to send payments and send an email requesting a payment to an apparently legitimate account but which belongs to the criminal. If the fraud is successful the fraudster will move the funds to other accounts, making them almost impossible to trace or recover.

    How do I protect my business?

    • Ensure all staff are aware of this type of fraud
    • Have a system in place, which allows your employees to verify that such requests from their CEO are legitimate
    • Always review financial transactions to check for inconsistencies/errors, such as misspelt company names
    • Consider what information is publicly available about the business and whether it needs to be public
    • Ensure computer systems are secure and that antivirus software is up to date
  • Invoice Re-direction / Mandate Fraud

    "We’ve changed our bank account, instead please send your payment to…"

    This happens when the fraudsters send you an email which appears to come from someone you are due to pay money to. The address of the incoming email may vary slightly from the genuine email address or may come from the genuine email address which the fraudster has hacked into.

    The email will either:

    • request that you send the funds you are due to pay to a particular bank account identified by a six- digit sort code and an eight-digit account number; or
    • tell you of an amended sort code and account number to that which was previously given to you.

    How do I protect my business?

    Always confirm the correct sort code and account number for payments by speaking directly with the person you are sending the funds to before you transfer any money.

Learn more about how to help protect your business from fraud.

Suspect something?

Report fraud or phishing

Want to get in touch?

Content is loading
Show more rows: All table rows are already visible for screen readers.
Show less rows: All table rows are already visible for screen readers.