Security

Stay safe online

As an investment business, we are constantly finding fraudulent schemes on social media and email from people pretending to represent abrdn (or other businesses in our group). We have robust processes and measures in place to manage activities like this and do everything we can to protect our customers, shareholders and clients.

If you get a social or email message and you're unsure if it is from us, you can send it to emailscams@abrdn.com and we'll look into it for you.

If you think you're the subject of an investment scam, please visit our Investor Risk Warning page for guidance on how to report this and protect yourself.


Identity fraud and security

Identity theft and online fraud is big business for criminals.

Protect yourself against identity fraud

When you're online you leave a trail of little clues about yourself, like your name, your date of birth and where you live. Think about the details you give when you open a bank account, apply for a loan, a credit card, or a job. If you use social media like Twitter and Facebook, then your profile and comments can reveal things like your children's birthdays, pet's names - bits of information that on the surface seem perfectly ok.

For criminals, though, this can represent money in the bank. By gathering up all the pieces of information about you, they can apply for credit cards and loans in your name. And in some cases, they use the identity they've stolen for more serious crimes.

Having your identity stolen is frightening, upsetting and hugely disruptive to your life. The UK Government's Home Office estimates it takes 300 hours to restore your financial and credit records after identity theft. If it were a full-time job, 8 hours a day, 5 days a week, it would take over a month to fix. Keeping your identity protected online is easy and straightforward if you know what to look out for.


Online Security

The best things you can do to stay safe online are to be proactive and vigilant when you're online in public places.

But there are risks and even serious dangers in sharing your personal information on social networks.


Protect your computer

Keep your computer secure by changing your passwords and PINs (and keeping them a secret), and installing the latest updates for your system, applications and internet security software.

  • A strong password should be easy for you to remember and impossible for anyone else to work out. We recommend they are at least 14 characters long and use letters, numbers and symbols. Try something called a ‘passphrase’ – a short memorable sentence (e.g. 1lovePineapplePizza!)
  • Don't use family or pets' names, birthdays, place names or football teams, as these can be easy for others to guess.
  • If you need to record your PINs or passwords somewhere, disguise them so only you can recognise them. We highly recommend using Password Management software.
  • Never use the same password (or passphrase) for different accounts.
  • Don't reveal passwords and PINs to anyone.

Antivirus software is included in most recent operating systems (like Windows 10 or Apple OS) that run on your computer and this should be enough to keep you protected against the majority of threats. You should make sure AntiVirus is enabled and that automated updates are switched on too.

However, if you are using a computer with an older operating system (such as Windows 8 or earlier or Apple macOS 'High Sierra' or earlier ) you should install additional AntiVirus software.

Switch on automated updates for your operating system, web browsers and applications.

Making sure your computer has the latest updates and patches is one of the most important ways to protect yourself and your data. If you’re not sure if your device is up-to-date, please perform the following steps to install the latest patches and updates:

  • For Windows PC’s: Start -> Settings -> Update and Security -> Check for updates
  • For Macs: Apple menu -> System Preferences -> Software Update
  • For Tablets & Mobiles: Each are slightly different, but find your device Settings then look for Updates
  • Don’t forget to update apps on these devices as well
  • For best practice, never use links in emails and type the address in yourself.
  • Check the site address is correctly shown in the address bar before you provide any confidential or financial details.
  • Check for the locked padlock icon and the 'https://' part of the web address before making any financial transactions (if they're not there, don't enter your personal or payment card details).
  • Never leave your computer or other device unattended when you are not alone.
  • Look out for people trying to look at what you're doing, nicknamed 'shoulder surfers'.
  • Make sure you fully log out and close the internet browser when you have finished each session.
  • Avoid doing any financial transactions - like paying for goods or online banking - in a public place, using a public wireless network or computer.
  • Always be aware of the people around you and if they seem to be taking an interest in what you are doing.
  • Remember to log out properly when you have finished, even if you are closing your browser or switching off your device.

Email security

While email is useful, it can also have risks. These include receiving emails that result in you being defrauded or your identity stolen, emails you don't want, emails not arriving or emails being intercepted.

If something's too good to be true, it probably is. Not everything you read in an email is true or trustworthy.

Fraudsters have all sorts of scams to trick you into giving out your personal information. 'Phishing' emails generally trick you to be from organisations you already know such as your bank or payment card company, insurance company, a government department or a company you deal with online.

The offers, emails and websites will all look 'real'. But the pages that you enter your personal information into are fake. Fraudsters will then use your data for criminal activity against you, much of which may be used in turn to fund large-scale organised crime.

You can learn to spot common things that give scam emails away, such as:

  • The use of 'Dear Customer' or 'Dear Friend' instead of using your actual name.
  • Spelling mistakes..
  • Poor word spacing..
  • Use of symbols like apostrophes and semi-colons that look out of place..
  • Using HTML (web page code) to insert remarks that break up key words..
  • Using an image of text rather than text itself. You can tell by trying to highlight the words..
  • Containing very little text at all in the actual email, just a hyperlink to a website.

Genuine companies, financial services providers and government bodies make a big effort to keep their emails accurate and professional looking. Any of the mistakes above are clues that the email is from a nuisance or fraudulent source.

  • Never reply to emails asking you for personal or financial information about yourself. Genuine banks and financial companies will not ask you for personal or financial information this way.
  • Never reply to emails that you weren't expecting, or if you don't know the sender.
  • Never open attachments you weren't expecting.
  • Don't click on links within emails - they could take you to fraudulent websites - type the address into your browser instead.
  • Even emails that appear to be from friends, family and colleagues may in reality be fraudulent, sent by a virus on their device.
  • If you are sending an email to several people, type their names in the 'BCC' field instead of the 'CC' field (in case it gets intercepted and reveals everyone's names and email addresses).
  • Before forwarding an email, remember to delete all details - like the original sender or the previous email trail - if you don't want them to be seen.

You may also receive emails that are more of a nuisance than a safety threat. They could include emails inviting you to enter a competition, buy something online, sign up for a newsletter or have your details published. If you don't want them, use the spam email blocking tools on your email system.

Social media security

There are now thousands of social networking sites on the internet. The best known include Facebook, Twitter and LinkedIn. They are a great way to stay in touch with friends and relatives and can connect people right across the world. But there are risks and even serious dangers in sharing your personal information on social networks.

You may not have direct control over who can see your profile or posts, even if you have been careful with security settings. They could be seen by friends of your friends that you don't know, and their friends, and so on.

Information you put on social networking sites can help fraudsters guess your passwords and answers to secret questions like your mother's maiden name, pet's name or your first school. They could also find out when you are away on holiday (leaving your home empty), or where your family members are at a given time.

Another major risk in social networking sites is clicking on links which seem genuine or enticing, but can lead to bogus pages or other websites designed to defraud you or compromise your identity.

  • Never put your financial details on a social networking site.
  • Change your passwords regularly.
  • Always read social networking sites' privacy policies.
  • Review your privacy settings - change them if they don't give you enough privacy.
  • Remember that people you don't know might be able to see your profile and anything you publish.
  • Be careful about the amount of personal information you publish, including any travel plans that you or your family make.
  • Create a separate email address just for social network sites.
  • Be cautious about meeting people you have contacted on social networking sites in person - they may not be who they seem.

Online shopping

Online shopping is very convenient and provides you with a vast choice of products, services and retailers. But it also has dangers.

Risks of online shopping

Most legitimate online businesses' payment and account detail systems are very secure. But some fraudsters use the same scams as they do in online banking, faking business websites to get your personal and financial details from you. Sometimes, fake names are used that sound close to a legitimate business name too.

How to shop online safely

  • Look for things like a genuine postal address, phone number or post/ZIP code. VAT, tax or Registered Charity details can be verified online too.
  • Try to obtain recommendations from people you know and trust, or at least independent online reviews of the online retailer.
  • Before doing any financial transactions online, check for the locked padlock in the browser window and that the web address starts with "https://", which indicates it's secure - if these are not there, do not enter any details.
  • Check the returns and delivery policies for any clauses that might make it difficult to return goods. You now have stronger rights under the European Union Consumer Directive 2014.
  • If you are buying goods from abroad, remember that some countries don't have as strict selling laws as in the UK, EU and USA.
  • If possible, use a credit rather than a debit card. Credit cards have better protection if something goes wrong and the credit card issuer may be able to chase the problem on your behalf.

Mobile security

Smartphones and tablets have freed us to go online anywhere there is a 3G or 4G signal, Wi-Fi router or public hotspot. For many people, these mobile devices are rapidly taking over from computers for email, social networking, gaming, shopping and banking. This makes them a prime target for criminals, so it's essential to take mobile security precautions.

How to protect yourself

  • Always protect your mobile device with a PIN that only you know. Biometrics, such as fingerprint or retina scan are good methods for securing mobile devices.
  • Keep you device updated – switch on automated updates.
  • Download apps and games only from official app stores and websites.
  • Use internet security software designed for mobile devices, and ensure it is always updated.
  • Never open, reply to emails, texts or instant messages if you don't know who they are from, and never open links or attachments unless you are absolutely certain who they are from.
  • Switch off sharing technology like Bluetooth, unless you need it.
  • Protect your mobile device when out and about. Keep it in a safe place.
  • Some mobile device manufacturers offer free 'find my device' services if your device is stolen or lost.
  • Always be aware of anyone looking over your shoulder ('shoulder surfers') when using your mobile device.
  • Ensure your Wi-Fi at home or office is secured, and that any public Wi-Fi hotspots you may be using are secure.

Common online scams

Fraudsters are ingenious and new scams - or variations on existing scams - happen every day. In many cases they act as hi-tech con men, preying on your emotions or needs and gaining your trust.

Things to remember

  • Be absolutely certain that the person you are dealing with is genuine. If it appears rude to question them, this is better than becoming a victim of online fraud.
  • Ask yourself if the situation you are in seems genuine.
  • Never assume that you can always spot a scam - fraudsters are very creative, persistent people.
  • If something seems too good to be true, it probably is.

Common types of online fraud

We've recently become aware of a new trend emerging, whereby individuals are being contacted about investments in cryptocurrency, such as Bitcoin. With these scams, Fraudsters may cold call victims and use social media platforms, such as Facebook and Whatsapp, to convince individuals to trade in cryptocurrencies, such as Bitcoin. Please note, abrdn do not offer any cryptocurrency investments.

Shareholder and investment scams (sometimes known as 'boiler room' scams) operate mainly from overseas by phone or sometimes email. They try to convince you to invest in a get-rich-quick share or other investment scheme which is actually bogus.

We've recently become aware of several websites for fake companies imitating our brands, offering bonds and other investments with attractive high rates of return. Please visit our scam awareness page for more detail about this type of scam.

You receive a call from someone claiming to be from your bank or card provider telling you there is a problem with one of your accounts and you need to transfer your money to another account they have set up for you. Alternatively, you could get a caller claiming to be from the local police saying they have arrested a criminal who has cloned credit cards with your name on them. You call back with your personal details, but the fraudster has kept the line open and you are actually giving them your details.

Fake advertising, phoney application forms, forged share certificates and letters claiming that you have overpaid, or are entitled to an inheritance or lottery winnings. The giveaway is these scams always ask for some kind of upfront fee. And then you'll never hear from them again.

Fraudsters attempt to contact your social media contacts by hacking into accounts, pretending to be ill or in danger and pleading for money. The risk of this can be reduced by choosing a password that's hard to guess, a separate email address just for social networks and being wary of posts that seem out of character.

Many fraudsters use dating and social networking websites and chatrooms to pose as single people looking for love. They take you into their confidence then play on your emotions by claiming to be ill or in trouble and needing your money to help them out. You should also consider very carefully before meeting someone in person who you have met online. They may have created a false profile, and not be who they seem.

A common scam is to be emailed if you have successfully bid for an item and told that your payment has been declined. You are asked for your bank details to be re-supplied using a fake link. Such emails usually use legitimate businesses' logos, but the content and links are fake.

  • Never reply to an email asking for payment, or click on the links.
  • Contact the company separately, through their website or over the phone and tell them about your email.

Goods or services advertised are exactly what you're looking for, and may be at a better price or availability than you can find elsewhere. You are told that the seller cannot accept a credit card and that you need to transfer payment directly into their bank account. The goods or services don't exist, and you can't claim the money back from your bank.

COVID-19 Scams

With all the attention that we’re placing on coronavirus, this unfortunately provides the perfect opportunity for criminals and scammers to take advantage and to use emails, phone calls, fake websites and product advertising to phish for personal information or deliver malicious attachments. Here are some real-world examples:

Phishing

  • Email scammers impersonating health agencies (such as the World Health Organisation) to trick people into giving up personal information or to open malicious attachments.
  • Emails offering monetary compensation or financial help to those who suffered from the COVID-19 outbreak
  • Fake meeting invitations, in particular for cloud collaboration tools
  • Emails offering links to COVID-19 cures
  • Fraudulent requests to donate to charities

Fake websites

  • Websites posing to be remote access login portals
  • Websites with COVID-19 propagation maps which contain malware or links to malicious websites

Malicious mobile applications

  • Applications which claim to be COVID information trackers but are designed to lock victims screens until a ransom is paid
  • Fake COVID-19 Finder apps that steal payment data from users
  • Be aware of share scams

    As an investment business, from time to time we become aware of attempts to defraud abrdn shareholders by offering to buy abrdn shares at inflated prices. Often this happens through unsolicited phonecalls, social media or email. To find more about how to identify potential scams and keep yourself safe online read our security information.

    Contacted by abrdn?

    We will only ever send you emails with a link to a abrdn group company login page if you have registered or opted in to receive emails from us. If you receive an email claiming to be from abrdn group company and you are in any doubt, please forward it to emailscams@abrdn.com and we will investigate it for you.

    'Spoofing' and 'phishing' are two words used to describe scams to get your personal banking details. 'Spoof' emails are supposed to look exactly like a real company's email, but they are sent to millions of email addresses at random. This is called 'phishing'. The fraudster's hope is that some people will be fooled into giving their banking or personal details, or use their debit/credit card to pay a fake 'fee'.

    'Spoof' emails usually include links to fake websites. Fraudsters try and make these fake websites look exactly the same as the real thing.

    A common giveaway though is these sites usually ask for your account, card or security details with little or no explanation as to why. As a general rule, if you don't know why you're being asked for these details, don't give them.

    Legitimate businesses always have a telephone number or an office you can contact if you are not sure.

    Different countries have different ways of regulating financial services firms, so it's worth checking before making any kind of payment.

    Have you received any unsolicited emails which look suspicious?

    If so, please forward the email to emailscams@abrdn.com.

    Have you been promised a fortune, or a large loan?

    Fraudsters will use our company name as a way of getting people to pay a fee, on the promise of a large sum of money or guaranteed loan. These are called 419 scams. They're named after a section of the Nigerian Penal Code where these scams began.

    419 scams are designed to look convincing. Some go to the trouble of producing fake advertising, phoney application forms and forged share certificates. Fraudsters will go to these lengths to fool people into sending them money or handing over their bank details.

    Sadly, there is little that abrdn can do to stop 419 scams happening. But by being aware of the types of scam that have happened, you can keep yourself safe online.

    Here are some earlier examples of scams where criminals have fraudulently used abrdn (formerly Standard Life Aberdeen) related company names, logos and branding in the past:

    • An individual from Brazil got in touch with us after fraudsters had contacted them. The fraudsters used an email address from an international auction site and faked a story about an unclaimed fortune worth over US$30million. All the individual had to do was send their personal details and the fraudster would arrange for the money to be picked up in person at Standard Life Bank in Edinburgh.
    • An American responded to an online advert in a trusted website from 'Standard Life Loan House plc'. The fake advert promised a loan to buy property, and the victim just needed to pass their bank details and send an 'admin fee' by money transfer. After doing this, and completing a forged application form, they realised they had been scammed.
    • Another person responded to a different online advert, only this time the 'prize' was a large number of shares. The fraudsters even sent a forged share certificate. The victim paid an 'admin fee' and spent their life savings travelling to a Standard Life office in Edinburgh from their home in Europe. When they arrived, they expected to be met by a Chairman and receive a cheque for a fortune. Sadly, all we could do was explain that they were a scam victim and to get in touch with their local Consulate.

    Report fraud

    If you think you have been defrauded, or that someone is trying to defraud you, contact the police. There are other actions you can take, depending on what country you live in.

    If you live in the UK

    The services in this list can help if you have, or think you have, been a victim of fraud:

    • www.cifas.org.uk - If you have been the victim of fraud, then contact CIFAS to register and protect your identity from further attack.
    • Use Equifax / Experian / Call Credit to check your credit history.
    • Register with a Fraud Prevention Agency that also offers a Protective Registration Service. Call 0870 010 2091.
    • www.royalmail.com - If you think your post is being stolen, contact the Royal Mail on their Customer Enquiry number, 08457 740 740.

    If you live outside the UK

    Please check what services are available in your area, either from your government or consumer advice bodies. You can also search online for topics like "fraud prevention" or "report fraud".

    Report suspicious emails to abrdn.

    If you have received any emails supposedly from abrdn group companies but are suspicious, please forward the message to emailscams@abrdn.com.