Tips to avoid common
security threats

Fraud attempts vary a lot and are constantly changing.
In this section you can read more about the most common threats, so you can be prepared and avoid them.

Tips to avoid common security threats  

Tips to avoid common threats


Common threats

Malware (Trojans, viruses &
malicious software

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

Remember to keep your antivirus software updated and be cautious with software you download. Use an anti-spam product and treat unwanted emails with suspicion.


Spyware is a program or file that often arrives as a hidden part of “free” programmes, and it monitors what you look at on the Web before reporting back to companies who sell the information. Some can pick up everything you type. Remember to keep your antivirus program up to date and be cautious with the free software you download.​


Identity theft

Fraudsters employ many techniques to gather personal information with which they then attempt to target the finances of their intended victim. These techniques include masquerading as a genuine entity and contacting the intended victim and tricking them into providing personal and financial details. 

You should exercise extreme caution before responding to any communication, including emails and telephone calls, which ask you for such details – even if those communications are alarmist in nature.

CEO Fraud

What is CEO Fraud?

Businesses are targeted by well-organised criminals who try to trick members of staff into making payments by sending them payment requests that appear to come from the CEO of the business.This is known as CEO fraud.

How does this fraud work?

  • The fraudster hacks into the email account of a senior executive OR the fraudster creates an email account, which is very similar to that of a senior executive
  • The fraudster carries out detailed research (perhaps over weeks and months) to find out who works in the accounts department of the targeted company or who within the targeted company has the ability to create and send payments and what other businesses the targeted company interacts with
  • The fraudster sets up bank accounts in the UK and abroad to which they can eventually have funds transferred to (or buys bank accounts from people willing to sell them)
  • The fraudster waits until a time when it is more likely that the fraud will be successful.For instance, when the senior executive is on holiday or away on business, or when the regular accounts department employee is on holiday
  • The fraudster sends the email to their target, pretending to be from the CEO/senior executive, and requests that a payment be made (usually with some urgency) to an account, the details of which are provided in the fake email

  • Sometimes the email will emphasise that the payment is for a very sensitive business deal and that the employee should not tell anyone about it
  • Often the email request is sent shortly before the end of the business day so that the employee is under time pressure and, potentially, less vigilant
  • If the fraud is successful, the employee will act on the fake email and send the funds away to the account or accounts controlled by the fraudster.The fraudster will then almost immediately move the funds on to a number of accounts which they also control making it almost impossible to trace or recover

How do I protect my business?

Ensure all staff are aware of this type of fraud

  • Have a system in place, which allows your employees to properly verify contact so they can check that the instruction, which they have received from their CEO, is legitimate
  • Always review financial transactions to check for inconsistencies/errors, such as misspelt company names
  • Consider what information is publicly available about the business and whether it needs to be public
  • Ensure computer systems are secure and that antivirus software is up to date


How to spot a phishing email
A phishing email often begins with an impersonal greeting such as “Dear Customer” rather than a specific reference to your name. Typically, a phishing email may state that your card has been used improperly. It encourages you to click a link that will take you to a fake website – for example, a site that looks like Danske Bank’s – prompting you to enter information. 

Danske Bank will never send you an email to ask for your account number or any other confidential information.


Phishing emails

Phishing is a term used to describe the practice of randomly sending emails that purport to come from genuine entities which aim to trick customers of that entity into disclosing information. The email recipient is often asked to click on a link which redirects them to a bogus website operated by fraudsters where they are requested to disclose information such as name, date of birth, card details, passwords, internet banking log on details etc. In the case of phishing emails purporting to come from Danske Bank the information requested could include your User ID, password, number generated by your eSafeID device or the number from the back of your eSafeID device.

You should never, under any circumstances, disclose personal details by email. Danske Bank will never ask for personal details from you via email.

What to do if you receive a phishingemail

  • Never reply when you receive a phishingemail
  • Do not click any links
  • Never disclose personal information
  • Forward the email to this address:
  • Delete the email

​If you have disclosed card details, please call us​ immediately. As soon as you have forwarded the email to us, we will start the process of getting the fake website closed down.​​​

Real-time phishing

In a real-time phishing attack, the fraudsters capture the banking credentials and authentication information when the User enters details onto the Business eBanking system. The stolen credentials are then immediately used to open a session on the authentic bank website in order to commit fraud.  

Sometimes the hackers use fake sites that look like Danske Bank’s website. If the User goes to the fake site (for example, via a link in an email) and enters the authentication details, the hackers will receive that information and use it to go to the real website and log on to the Business eBanking system. Meanwhile, the User is watching a “Please wait…” page.  

Real-time phishing attacks are also performed through computers infected with malware. The infected computer sends the authentication information to the hacker, who will use it to log on to the Business eBanking system. Meanwhile, the User is once again watching a “Please wait…” page. ​​​​



Vishing is somewhat similar to Phishing except the fraudster phones their intended victim, usually purporting to be a service provider (such as a bank) which the intended victim uses, asks them to reveal information. It is not uncommon for fraudsters to make a number of calls trying to gather small pieces of information each time. For instance an apparently regular call during which they simply find out where you have your bank account, followed a week or so later with a call during which they introduce themselves as being from your bank. 

If you decide that you want to call the caller back to authenticate the call you should always ensure that you source the number from your own records and ensure that the original connection with the caller has been terminated (you can do this by using a different phone or phoning someone else you know first).​
0345 850 9515

Contact us

Customer information Useful numbers Book Appointment Become a customer

Chat with us

Customer Support

Find out more

Find a business Centre