Helping you stay secure

At Lloyds TSB we're committed to making your banking experience as safe as possible. We use the latest online security measures to protect your money, your personal information and your privacy.

The threat from Internet fraudsters is continually evolving and increasing - emails, websites and text messages might not be what they seem. The best way to tackle these and to protect ourselves from becoming victims of fraud, is to ensure you are always aware of them and the ways in which fraudsters may try to target you.

There are also a number of steps you can take to stay safe. Make sure you understand what the current threats are, and what you can do to protect yourself:

 

 

 

Phishing

Phishing is a process used by fraudsters to obtain sensitive information such as passwords, Internet Banking logons and credit card details by pretending to be an email or message from a trustworthy organisation. Communications claiming to be from banks, popular social web sites and auction sites are commonly used to trick the unsuspecting web user. You may receive emails, text messages or be directed to websites that ask you to enter your personal information. The aim of many of these email scams and text messages is to take you to websites that may look like our site but are in fact ‘spoof’ web sites. When you click on a link or enter your personal details, the information is sent to someone other than your bank or other service providers. This means that someone else may be able to access to your accounts.
Remember:

Lloyds TSB may email you or send you a text message from time to time, but this communication will never ask you to enter your Internet Banking details either through an email or text.

Lloyds TSB do not ask you to enter any of your security details into a pop-up screen. If you see one of these screens then it is almost certainly a scam.
If you have been presented with a pop-up screen asking you to enter your security details, do not enter any details.

We will NEVER send you an email, text message or a link direct to a website asking you to enter your Internet Banking details.

Top 10 tips for staying safe online

There are ways that you can protect yourself, your identity and your personal credentials when online. Here are our top 10 tips for staying safe online:
  1. Use a firewall – Firewalls assist in keeping out some viruses and hackers.
  2. Install Anti-Virus software – This helps prevent virus infections. Remember to always keep your software up –to-date and schedule regular updates.
  3. Get the latest Windows updates – This helps to keep your applications and operating system fit and healthy.
  4. Secure wireless networks – Without encrypted protection, WiFi (wireless) networks are vulnerable. If you’re not sure how then ask an expert for assistance.
  5. Stop spyware – Don’t let strangers get inside your computer; some Anti-Virus vendors will incorporate anti-spyware with their software.
  6. Visit secure websites – Look for ‘https://’ and the padlock that should be present on any page that is requesting payment details (credit card), or personal information
  7. Choose strong passwords – using a mix of letters, numbers and special characters. Try and use different passwords for different sites to make it harder for identity thieves.
  8. Make regular backups – Today’s backup help prevent tomorrow’s disasters
  9. Stop unwanted email – Spam email often contains a security threat as well as overloading your mailbox
  10. Browse the Internet safely – Make sure your browser is safe and up-to-date.

 

Online Banking Security

What you can do to protect yourself
 
There are some things you can do to protect yourself when you use our Internet banking service and the internet in general.
 
Here are our top 10 tips:
  1. We will never contact you to ask for your personal information - if you get an email or a phone call asking for this information, a fraudster is at work.
  2. Do not write down, email or store your account details
  3. Do not write down your Password and Memorable Information.
  4. Check the last time you logged on - every time you log on, we display the time and date you last logged on - if it doesn't match, someone else may have accessed your accounts online.
  5. Check that the website is secure - Secure internet pages will (usually) feature a padlock in the bottom right hand corner of your screen - this means that your personal information will be coded before it leaves your computer.
  6. Check the site certificate - sites that are serious about security always show a valid site certificate.
  7. Install security software - security software includes anti-virus software, firewalls, and security patches.
  8. Avoid using Internet banking on publicly accessible computers - internet cafes are not always secure and sometimes these computers save passwords and other personal information without your knowledge.
  9. Choose a strong password for Internet banking and change it regularly - select a 6 to 15 character password that uses a mix letters and numbers (Pa5510nfru1t) that you can remember without writing down.
  10. Always 'log off' - this closes your connection with our Internet banking service.

 

Card Fraud Prevention

 

What you can do to protect yourself against card fraud?
 
 
Here are our top 10 tips:

  1. Keep an eye on your card every time you use it; Try not to let your credit card out of your sight whenever possible.
  2. Never give your card info out when you receive a phone call. (For example, if you're told there has been a 'computer problem' and the caller needs you to verify information.) Legitimate companies don't call you to ask for a card number over the phone.
  3. Never respond to emails that request you to provide your card info via email -- and don't ever respond to emails that ask you to go to a website to verify personal (and card) information.
  4. Sign your cards as soon as you receive them.
  5. Shred all card applications you receive.
  6. Don't write your PIN number on your card -- or have it anywhere near your card (in the event that your wallet is stolen).
  7. Shield your card number so that others around you can't copy it or capture it on a cell phone or other camera.
  8. Only carry around cards that you absolutely need. Don't carry around extra cards that you rarely use, it is also a good idea to carry cards separately from your wallet.  
  9. Open credit card bills promptly and make sure there are no bogus charges. Treat your card bill like your checking account -- reconcile it monthly, report any suspect charges promptly (and in writing) to the card issuer.
  10. Always void and destroy incorrect receipts, never sign a blank card receipt, destroy carbon paper if it is used.

If you suspect card fraud:

If your Lloyds TSB Middle East cards are lost or stolen, immediately contact our dedicated 24-hour Cards helpline on +971 4 394 6125 – we are eager to avoid card fraud.

 

 

Identity Theft

 

What you can do to protect yourself against identity theft?
 
 
Here are our top tips:

  1. Keep personal documents, passwords and PIN secure at all times, these can be more valuable than cash to thieves.
  2. Never give out your personal or account details unless you know whom you are dealing with as no bank will contact their customers for PIN, password or personal information by phone or email.
  3. Shred unwanted documents.
  4. Inform your bank for any changes of address.
  5. Inform the relevant organization if you lose or have your Passport, Driving License or National ID Card stolen.
  6. Close any account no longer required.
  7. Consider using a post office box rather than having your mail delivered at work.

 

 

Security Phrases- Glossary

A

  • Adware is any software package which automatically plays, displays, or downloads adverts to a computer. This can happen after the software has been installed or while the application is being used. Anti-virus software will detect and delete viruses that attempt to get on to your computer.
  • Anti-virus software is only as effective as the last update so you should download the latest anti-virus software and signatures regularly from your preferred supplier. Popular anti-virus software such as ZoneAlarm Internet Security Suite from ZoneLabs, McAfee Virus Scan, Norton AntiVirus, or Sophos Anti-Virus can help to protect your computer from the latest viruses.
  • APNIC stands for the Asia Pacific Network Information Centre, one of three non-profit organisations that register and administer IP addresses. APNIC serves the Asia Pacific region, which consists of 57 economies.
  • Archie is a tool for indexing FTP archives, allowing people to find specific files. It is considered to be the first Internet search engine.
  • ARPANet The precursor to the Internet, ARPANET was a large wide-area network created by the United States Defence Advanced Research Project Agency (ARPA). Established in 1969, ARPANET served as a test bed for new networking technologies, linking many universities and research centres.

B

  • Bluetooth is a wireless protocol for exchanging data over short distances from fixed and mobile devices.
  • Backbone Provider supplies access to high-speed transmission lines that connect users to the Internet. These lines comprise the backbone of the Internet. This is different from an ISP, which provides user’s access to the Internet.
  • BOT The name given to an individual computer in a larger botnet and which is more than likely a home PC running Windows. The name is an abbreviation of "robot" to imply that it is under someone else's control.
  • BOTNET is a large number of hijacked computers under the remote control of a single person via net-based command and control system.
  • Browser or Web browser is a software application that enables a user to display and interact with text, images, and other information typically located on a Web page at a website on the World Wide Web or a local area network.

C

  • Cookie is information that a web site places on your computer so that it can remember something about you at a later time. Typically, a cookie records your preferences when using a particular site. Most browsers automatically accept cookies. You can set your browser options so that you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of the website will not function properly if you refuse cookies.
  • CHAP stands for challenge handshake authentication protocol, in which a network server called an authentication agent, will send out a key which will then be used to encrypt the username and password. This allows username and passwords to travel on the Internet in encrypted form as apposed to clear.
  • Cross-Site Scripting. A sophisticated phishing attack that exploits weaknesses in the legitimate sites of financial institutions to make attempts to trick people into handing over confidential details more plausible.
  • Cybersquatting is the act of registering a popular Internet address usually a company name with the intent of selling it to its rightful owner.
  • Cyber stalking is when a person or group of people use the internet to track a person or groups movements, threaten, steal identity, damage data and cause distress and harassment.

D

  • Dialogue box is a window that creates a dialogue between you and your computer. It will usually inform you of something e.g. ‘you are running out of disc space’ or ask for some input ‘would you like to save?’ Some viruses may try to trick you into clicking on or entering information into a dialogue box.
  • DDOS Abbreviation for Distributed Denial of Service. This is an attack in which thousands of separate computers, which are usually part of a botnet, bombard a target with bogus data to knock it off the internet.
  • Domain Names The domain is the end part of the address that usually specifies what type of website you are contacting. These are generally separated by full stops. There are many different types of domains known as TLD's or top level domains such as .com, .co.uk and .net

E

  • Encryption is the conversion of data into a coded form that cannot be understood by unauthorised people. Decryption is the process of converting coded data back into its original form, so it can be understood by an authorised person or company.
  • E-mail is short for Electronic mail (abbreviated "email" or, often, "e-mail") is a store and forward method of composing, sending, storing, and receiving messages over electronic communication systems.

F

  • Firewall is a piece of software or hardware that provides a barrier between your computer and the Internet. A firewall will prevent intruders or ‘hackers’ from gaining access to your computer and should be updated regularly. Popular personal firewall software such as ZoneAlarm Internet Security Suite from Zone Labs, McAfee Internet Security Suite, or Norton Internet Security can help to protect your computer.
  • FTP stands for File Transfer Protocol and is a method for transferring files over the Internet it will also ensure the integrity of the data, with some remote FTP servers require log in credentials to identify yourself. Once this has been done you can then execute simple commands, list directories and copy files to and from the remote server.

G

  • Ghost Site is a Web site that remains live but is no longer updated or maintained or only done so infrequently.
  • Gopher is a program/protocol that was developed at the University of Minnesota. It has unified a lot of Internet services like FTP, Telnet and WAIS through a point and click menu driven presentation, in the same way that a mouse works.

H

  • Hacker is a person who uses a computer to break into other computer systems in order to steal, change or destroy information. To protect yourself from hackers you should install firewall software on your computer and keep it up-to-date. Popular Personal Firewall Software such as ZoneAlarm Internet Security Suite from Zone Labs, McAfee Internet Security Suite, or Norton Internet Security can help to protect your computer.
  • Hoax Email - An otherwise harmless email that is designed to cause alarm or get it forwarded to other users.
  • Honeypot - An individual computer or a network of machines set up to look like a poorly protected system but which records every attempt, successful or otherwise, to compromise it.
  • HOP is an intermediate connection in a string of connections linking two devices. On the Internet, for example, most data packets need to go through several routers before they reach their final destination.
  • HOST (Network) is a node on a network that is a computer. Every host is a node but every node is not a host.
  • HTML - Hypertext Markup Language is the computer code that is used to describe the contents of web pages.
  • HTTP - Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on the World Wide Web.
  • HTTPS - in a URL indicates that HTTP is to be used, but with a different default TCP port (443) and an additional encryption/authentication layer between the HTTP and TCP.

I

  • ICMP stands for Internet Control Message protocol which is related to the Internet Protocol (IP). It supports packets containing error, control and information messages.
  • IMAP - Short for Internet message access protocol, it is a protocol which allows you to log into a web server and check through your email messages without having to download them. Stanford University developed this protocol in 1986.
  • Intercast - A protocol created by Intel in 1996 for broadcasting information, such as Web pages and programs, along with television signals to a PC. With Intercast, a user can watch television on one part of a PC monitor while receiving relevant information often about the broadcast from the Web on another.
  • Internet is a global network connecting millions of computers through over 100 countries. One key aspect of the Internet is that it is not centrally controlled by a server like other types of networks. The Internet was first implemented back in the 1960's, and was first named the ARPAnet.
  • Intranet - A network based on TCP/IP protocols (an internet) belonging usually to a corporation, accessible only by the corporation's members, employees, or others with authorisation. An intranet's Web sites look and act just like any other Web site, but the firewall surrounding an intranet fends off unauthorised access.
  • IP - Internet protocol is a transport network layer; it gives either a safe and reliable transfer of data (TCP) or a speedy non reliable transfer of data (UDP). IP is also known as routable as it can travel over many types of platform including UNIX, Linux, Windows, Solaris etc.
  • IP Address - The numerical identifier that every machine attached to the Internet needs to ensure the data it requests returns to the right place. IP stands for Internet Protocol and the technical specification defines how this numerical system works.
  • IRC is a large multi-user live chat facility. There are a number of major IRC servers around the world which are linked to each other.
  • ISP - An Internet service provider (abbr. ISP, also called Internet access provider or IAP) is a business or organization that provides to consumers access to the Internet and related services.
  • Instant Messaging (IM) is real-time text communication between two or more people over the internet. One person can type a message and send it to the other person who will see the message right away.

J

k

  • Keylogger program is a malicious piece of software that can record the keys pressed on your keyboard while you are using your computer without your knowledge. Keyloggers are primarily used by fraudsters to obtain security information and log in details for websites that you visit. Popular anti-virus software such as ZoneAlarm Internet Security Suite from Zone Labs, McAfee Internet Security Suite, or Norton Internet Security can help protect your computer from the latest keylogging programs.
  • Kbps stands for Kilobits Per Second which is a measure of communications speed, it is measured in units of 2 to the power of 10 which equals 1024, which is just over a thousand and that is why it uses the quasi-metric "K" notation.

L

  • LAN – Local Area Network. This is a local computer network for communication between computers.

M

  • Malware is a collective name for malicious software created by fraudsters to infiltrate your computer. There are many forms of malware such as Viruses, Trojans, Spyware and Scareware.
  • Money Mule is a term used to describe someone who is recruited by fraudsters needing to launder funds that they have obtained illegally. Even if the mule has nothing to do with the actual extraction of funds from another person’s account, by allowing their account to be used to receive and transfer such funds, they are acting illegally.
  • Multi Factor Authentication (MFA) is where verification is not solely through information someone knows (e.g. Password, or PIN). Usually the second factor will involve verifying something in the individual’s possession (e.g. their phone, or bank card), or alternatively a biometric characteristic (e.g. fingerprint or retina scan) could be used.

N

  • NAP - A Network Access Point is a public network exchange facility where ISP's can connect with one another in peering arrangements.
  • Network - A computer network is composed of multiple connected computers that communicate over a wired or wireless medium to share data and other resources.
  • NOC - Network Operation Centres (NOC) are the master control centres for connectivity to the Internet.
  • Node is a device that is connected as part of a computer network.

O

P

  • Patches are software security updates issued by manufacturers when security vulnerabilities are found in their software. Patches are designed to fix vulnerabilities and are usually downloaded via the Internet. Many software programs will automatically alert you when new patches are available or can be set to download security updates automatically. It’s recommended that you keep your computer safe by regularly applying any security patches.
  • Pharming is when fraudsters create false websites in the hope that people will visit them by mistake. People can sometimes visit false websites through mistyping a website address, or occasionally a fraudster will try to attack a website and redirect its internet traffic to their own websites. The ‘Pharmer’ will then try to obtain your personal details when you enter them into a false website. The websites can look very realistic, but there will be subtle differences between them and the real thing.
  • Phishing scams are emails that may appear to be real, but they ask you to enter personal information or they have links to websites that may look like the lloydstsb.com site but are in fact ‘spoof’ web sites. When you click on a link or enter your personal details, the information is sent to someone other than your bank or other service providers. You may have guessed that ‘Phishing’ is a play on the word ‘fishing’ where someone casts a line in the hope that an unsuspecting person will take the bait. Lloyds TSB may send you emails from time to time. We will never send an email asking for your security information or log on details, or direct you to a web page that asks for this information. For a quick way to tell if an email is genuine, check for your name at the top of the email.
  • Pop up are a form of online advertising. They will open automatically when you visit some websites. You may also experience pop under windows that open behind your browser window making it harder to know which website generated them.
  • Padlock - A symbol in a web browser that indicates that an encrypted (SSL) connection is being used to communicate with a site that has a valid certificate
  • PING - Short for Packet Internet Groper, a utility to determine whether a specific IP address is accessible and online.
  • Port or TCP Port - Each network service on a given computer has its own port, like a telephone extension.
  • PPP is short for Point to Point Protocol, a method of connecting a computer to the Internet. PPP followed on from the SLIP protocol and is a lot more reliable as it provides error checking features.
  • Program is a collection of instructions that describes a task, or set of tasks, to be carried out by a computer. More formally, it can be described as an expression of a computational method written in a computer language.
  • Protocols are a format for transmitting data between two devices over a network connection.
  • Proxy Server - This is a firewall component that manages Internet traffic to and from a local area network (LAN) and can provide other functions, such as document caching and access control.

Q

R

  • RADIUS is short for Remote Authentication Dial-In User Service, an authentication system used by many Internet Service Providers (ISPs).
  • Rock Phishing - A method of phishing first implemented by the ‘rock ‘ phishing gang which utilises multiple layers of redundant infrastructure to increase the difficulty of shutting down the attack.
  • Router is a device that determines the proper path for data to travel between different networks, and forwards data packets to the next device along this path. They connect networks together; a LAN to a WAN for example, to access the Internet.

S

  • Scareware is a type of malware that generates pop-ups resembling Windows system messages, pretending to be antivirus or antispyware software, a firewall application or a registry cleaner. The messages usually trick users into believing that their computer has a a large number of infected files. The user is then advised to purchase software to fix the problems. However, in reality the problems do not exist and the recommended software download is likely to contain real malware.
  • Search engine is a tool that helps you to search for information online. The information may consist of web pages, images, information and other types of files. A few of the most popular are Google, Yahoo and Microsoft Bing.
  • Secure Socket Layer (SSL) is a method of coding that enables private communication between a web browser and a web server. Many web sites use 'SSL' to ensure customer information, such as banking details, is kept secure. Normally you will not be aware of 'SSL' as it works automatically when you access a secure web site. You can tell if you’re accessing a secure web site by checking the address bar along the top of your screen to ensure the address begins with ‘https’. If you are using Internet Explorer, you should see an icon that looks like a closed padlock at the bottom right-hand side of your screen. This padlock indicates you are in a secure session.
  • Shoulder surfing is a term used for anyone observing what you are doing on a computer or ATM. Beware of anyone standing or sitting closely behind you who may try to watch you when you enter personal details.
  • Site certificate form an essential part of providing reassurance that the site you are visiting is genuine. A site certificate shows you that a secure connection has been established and secure communication can take place. It will also demonstrate that you are not being tricked to enter your details on a fraudulent website.
  • Social engineering is the act of manipulating people into performing actions or divulging confidential information. All social engineering techniques are based on the way people make decisions. One of the techniques is called phishing.
  • Social networking is the use of sites such as Facebook, Twitter and Friends Reunited to interact, display photos and share information about our lives.
  • Spam is unsolicited and unwanted email.
  • 'Spoof' websites are fraudulent websites designed to look like legitimate ones. Email or ‘phishing’ scams asking people to update their details will often contain links to ‘spoof’ websites. If people enter their personal or security details on a fraudulent website, fraudsters can then use these details to access that person’s accounts. While we may email you from time to time, we will never send you emails with attachments, or ask you for your Internet Banking information or direct you to log on to Internet Banking. If you receive an email from an unknown source, or an email that contains unknown attachments or links, do not open the attachments or click on the links. Instead, please forward the email to emailscams@lloydstsb.co.uk and then delete it from your inbox without responding.
  • SpyWare is hidden software that secretly gathers information on your activity and personal information, passing it to a third party.

T

  • TCP Transmission control protocol is a reliable way to transfer data over the Internet or on a network. Information travels in packets made up of data.
  • TCP/IP stands for transmission control protocol Internet protocol. These are the suite of communication protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the main two being TCP and IP.
  • Telnet is a terminal emulation program that is on TCP/IP networks like the Internet.
  • TLD is the last part of an Internet domain name; that is, the letters which follow the final dot of any domain name. For example, in the domain name www.example.com, the top-level domain is com (or COM, as domain names are not case-sensitive).
  • TLS Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers.
  • TOR (The Onion Router) is a free software implementation of second-generation onion routing – a system enabling its users to communicate anonymously on the Internet.
  • Traceroute is a computer network tool used to determine the route taken by packets across an IP network. An IPv6 variant, traceroute6, is also widely available.
  • Trojan or Trojan horse is a computer program that appears to be useful but that actually does damage.

U

V

  • Virus is a computer program that can embed itself into other programs on your computer, and may cause damage to your files. Email is a common way to spread viruses, and opening an unknown email can trigger the spread of the virus onto your computer. Popular anti-virus software such as Zone Labs’ ZoneAlarm Internet Security Suite, McAfee Virus Scan, Norton AntiVirus, or Sophos Anti-Virus can help protect your computer from the latest viruses.
  • Virtual private network that makes use of a public network, such as the Internet, by encrypting data at one node and using security procedures that provides a "tunnel" through which the data can pass to another node.
  • Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing.
  • Vulnerability - A weakness in automated system security procedures, technical controls, environmental controls, administrative controls, internal controls, etc., that could be used as an entry point to gain unauthorised access to information or disrupt critical processing.

W

  • Wi-Fi is the ability to connect a computer or other device to the internet without the use of a cable. If a device is Wi-Fi enabled then it can connect to the internet from a wireless network. Many cities now have Wireless Hotspots, where members of the public can connect to the internet for free using their Wi-Fi enabled devices such as mobile phones or laptops.
  • Worm is a harmful programme that travels across a network of computers. It may cause damage to the computers on the network and affect computer performance. Popular anti-virus software such as Zone Labs’ ZoneAlarm Internet Security Suite, McAfee Virus Scan, Norton AntiVirus, or Sophos Anti-Virus can help protect your computer from the latest threats.

X

Y

Z