Current Account Security
We understand the importance of the security and confidentiality of your personal information. Keeping our customers’ information secure is a top priority for us, but it is also important for you to protect your security online. Learn more by clicking on a link below for guidance on how best to protect your personal information.
- 3 Key Steps to Online Security
- Fake Emails and Websites
- Fraudulent Pop-ups
- How to protect your online security
- How we protect your security online
- How to report online fraud
- Security Definitions
- Consider using a personal firewall
- Ensure that the operating system and other software (especially your browser) are regularly updated
- Ensure that you have up-to-date, supported and licensed anti-virus and anti-spyware software in place
More detailed security steps are outlined in our "How to protect your online security" section.
Often called "Phishing" these fake emails or websites appear to represent a legitimate company and try to obtain confidential Account details with a view to conducting illegal transactions on your Account. Please note that we (which includes: the Post Office® Online Banking, the Post Office and the Bank) will never send emails which require customers to send personal information via email or pop-up windows. Any unsolicited requests for any Post Office® personal current account information you receive through pop-up windows, emails, or websites should be considered fraudulent and should be reported immediately.
Your email address can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Post Office® Online Banking, the Post Office or the Bank, this does not mean that your email address, name, or any other information has been gathered from our systems.
Fake emails will often:
- Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
- Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has expired, been corrupted or been lost, and that you must immediately resend it.
- Link to counterfeit websites. Fake emails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use.
- Link to real websites. In addition to links to counterfeit websites, some fake emails also include links to legitimate websites. The fraudsters do this in an attempt to make a fake email appear real.
- Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are linked to the fraudsters. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call.
- Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, fraudsters include the real phone numbers in an effort to make the email appear legitimate.
Pop-up windows are the small windows or ads that appear suddenly over or under the window you are currently viewing. Fraudulent pop-up windows are a type of online fraud often used to obtain personal information with a view to conducting illegal transactions on your Account. Please note that Post Office Online Banking does not use pop-up windows to request your Account information. We will never display a pop-up window on our site that is not user initiated by you clicking on a link. Pop-up windows are often the result of programs installed on your computer called "adware" or "spyware." These programs look in on your web-viewing activity and regularly come hidden inside many free downloads, such as music-sharing software or screen savers. Many of these programs enable harmless advertisements, but some contain "Trojan horse" programs that can record your keystrokes or relay other information to an unauthorized source. Any unsolicited requests for any Post Office personal current Account information you receive through pop-up windows should be considered fraudulent and should be reported immediately.
A computer virus is merely a programme that attaches itself to another programme or data file in order to spread and reproduce itself without the knowledge of the user. The effects of these viruses can vary widely depending on what they were designed to do, some viruses are annoying but cause no significant damage, others can be quite harmful and can even erase data, corrupt disks or in the case of business computers, degrade a network's performance. As viruses are designed to hide their presence in legitimate programs or data files, viruses are usually spread from computer to computer by individuals who are unaware they are doing so. The main methods by which viruses are generally transmitted include:
- Attachments to e-mail messages;
- Files downloaded from the internet
- Using infected disks or compact disks (CDs)
Common symptoms that your computer may have a virus:
- Applications that don't work properly;
- Disks can't be accessed;
- Printing doesn't work correctly;
- Pull-down menus are distorted;
- File size changes for no apparent reason;
- Date of last access does not match date of last use;
- An increase in the number of files on the system when nothing has been added;
- Uncommanded disk drive activity;
- Unusual error messages;
- System slows down, freezes or crashes.
'Spyware' is software that is downloaded onto your hard disk, without your knowledge. Once there, it can collect information from your computer system and may transmit it elsewhere. It may also gather and transmit information about e-mail addresses, passwords and online Account details.
How to recognise Spyware:
- You may have contracted spyware if the following symptoms occur:
- Pop-up ads appear, even offline, often for 'adult' sites;
- Your homepage/search settings unexpectedly change;
- Your browser toolbar changes and is hard to restore;
- System performance deteriorates unexpectedly.
- Install a reliable anti-spyware application;
- Ensure the application is kept up to date;
- Use a firewall
- Adjust security settings on your browser to a sufficiently high level - the higher the security level, the lower the risk. By default, Internet Explorer classifies all websites into a single zone (the Internet zone) and assigns everything medium level security. When you are using this level of security, Internet Explorer will ask you to confirm that you want to download a file, unless you have previously indicated that the website or publisher is trusted. If you are using an alternative web browser, check the providers instructions on how to limit your exposure to spyware by configuring the browser settings;
- Be security conscious when surfing and downloading;
- Only download from sites you trust;
- Read security information before you download software;
- Never click "Agree" or "OK" to an unexpected pop-up or window. Instead, close the window by clicking on the "x" button on the top right hand corner of the window.
What to do if you think you have Spyware:
- Install and run anti-spyware software to remove any spyware from your system;
- Keep it updated and use it to perform regular checks on your computer system;
- Check whether or not your Internet Service Provider (ISP) offers anti-spyware software.
We are continuously working to ensure the security of your Accounts. With your help we can reduce the risk posed by online fraudulent activity. Below is a list of some simple steps to take to protect your Accounts.
- Always log-out of Post Office Online Banking and close your browser after you use Post Office Online Banking.
- Do not release passwords (e.g. power-on, log-on, screensaver, internet Account, Post Office Online Banking) to anyone. Remember that you alone are accountable for actions carried out when your User ID is used.
- Ensure that the operating system and other software on your PC are fit for purpose and are configured appropriately.
- Ensure that the operating system and other software (especially your browser) are regularly updated with relevant security patches and bug-fixes (available frequently from the vendor sites). Subscribe to your vendor's security mailing lists and apply updates as appropriate to your operating system.
- Ensure that you have up-to-date, supported and licensed anti-virus software in place.
- Consider activating a pop-up blocker. Some browsers now incorporate this functionality by default.
- Consider using a personal firewall.
- Do not open unsolicited e-mail (in particular, any attachments that are associated with this form of communication). Be sure of your sender.
- Do not send confidential information via internet e-mail unless appropriately secured.
- Always check the validity of the certificate on a website where you enter personal details (e.g. passwords, payments).
- Be wary of the content of unsolicited e-mails appearing to come from a trusted source asking you to validate your logon / payment credentials. Always check with the institution first using their pre-registered / published contact details (not details supplied in the e-mail).
- Use secure websites for transactions and shopping. Be sure the web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window, or the web address of the page you are viewing will begin with "https://...". The "s" indicates "secured" and means the web page uses encryption. Post Office Online Banking, for instance, provides 128-bit encryption - the highest level commercially available today.
- If in doubt please contact us on 0345 266 8977 Calls cost no more than calls to geographic numbers (01 or 02). Calls from landlines and mobiles are included in free call packages (from with the UK) or +44 117 300 6876 from abroad.
- When logging on to Post Office Online Banking we will ask you to provide your own private and individual User ID and Post Office Online Banking PIN in conjunction with a personal detail question. This information is encrypted during transmission and will remain a secret as long as you do not disclose it. We use what is known as 128 bit SSL to ensure the highest level of security of information passing between our Account Holders and ourselves.
- Post Office Online Banking requires the use of a secure browser to access Account information and perform transactions.
- The website is protected by a firewall, which forms a barrier between the outside internet and the internal systems that support the website.
- Your name, address and full Account number will never appear on screen. Payee details will appear on screen and in the receipt which you can print off when we confirm your instruction to make a funds transfer or pay a bill.
- After a 10 minute period of inactivity your current session on the website will automatically timeout. To restart your session, all you have to do is re-enter your User ID, PIN and password at the login screen.
Step 1: Call the Post Office
If you receive a fraudulent email, pop-up or web page report it immediately to us on 0345 266 8977 Calls cost no more than calls to geographic numbers (01 or 02). Calls from landlines and mobiles are included in free call packages (from within the UK) or +44 117 300 6876 from abroad. Do not reply or follow any of the specified instructions, regardless of how genuine they may appear.
Step 2: Monitor your Accounts
Monitor your Accounts on a regular basis and report any suspicious money transfers, payments or unauthorised access immediately. One of the best ways to detect fraudulent activity quickly is by examining your Account activity regularly.