Security

• A strong password should be easy for you to remember and impossible for anyone else to work out. We recommend they are at least 14 characters long and use letters, numbers and symbols. Try something called a ‘passphrase’ – a short memorable sentence (e.g. 1lovePineapplePizza!)
• Don't use family or pets' names, birthdays, place names or football teams, as these can be easy for others to guess.
• If you need to record your PINs or passwords somewhere, disguise them so only you can recognise them. We highly recommend using Password Management software.
• Never use the same password (or passphrase) for different accounts.
• Don't reveal passwords and PINs to anyone.

Antivirus software is included in most recent operating systems (like Windows 10 or Apple OS) that run on your computer and this should be enough to keep you protected against the majority of threats. You should make sure AntiVirus is enabled and that automated updates are switched on too.

However, if you are using a computer with an older operating system (such as Windows 8 or earlier or Apple macOS 'High Sierra' or earlier ) you should install additional AntiVirus software.

Switch on automated updates for your operating system, web browsers and applications.

Making sure your computer has the latest updates and patches is one of the most important ways to protect yourself and your data. If you’re not sure if your device is up-to-date, please perform the following steps to install the latest patches and updates:

• For Windows PC’s: Start -> Settings -> Update and Security -> Check for updates
• For Macs: Apple menu -> System Preferences -> Software Update
• For Tablets & Mobiles: Each are slightly different, but find your device Settings then look for Updates
• Don’t forget to update apps on these devices as well

• For best practice, never use links in emails and type the address in yourself.
• Check the site address is correctly shown in the address bar before you provide any confidential or financial details.
• Check for the locked padlock icon and the 'https://' part of the web address before making any financial transactions (if they're not there, don't enter your personal or payment card details).
• Never leave your computer or other device unattended when you are not alone.
• Look out for people trying to look at what you're doing, nicknamed 'shoulder surfers'.
• Make sure you fully log out and close the internet browser when you have finished each session.

• Avoid doing any financial transactions - like paying for goods or online banking - in a public place, using a public wireless network or computer.
• Always be aware of the people around you and if they seem to be taking an interest in what you are doing.
• Remember to log out properly when you have finished, even if you are closing your browser or switching off your device.

If something's too good to be true, it probably is. Not everything you read in an email is true or trustworthy.

Fraudsters have all sorts of scams to trick you into giving out your personal information. 'Phishing' emails generally trick you to be from organisations you already know such as your bank or payment card company, insurance company, a government department or a company you deal with online.

The offers, emails and websites will all look 'real'. But the pages that you enter your personal information into are fake. Fraudsters will then use your data for criminal activity against you, much of which may be used in turn to fund large-scale organised crime.

You can learn to spot common things that give scam emails away, such as:

• The use of 'Dear Customer' or 'Dear Friend' instead of using your actual name.
• Spelling mistakes.
• Poor word spacing.
• Use of symbols like apostrophes and semi-colons that look out of place.
• Using HTML (web page code) to insert remarks that break up key words.
• Using an image of text rather than text itself. You can tell by trying to highlight the words.
• Containing very little text at all in the actual email, just a hyperlink to a website.

Genuine companies, financial services providers and government bodies make a big effort to keep their emails accurate and professional looking. Any of the mistakes above are clues that the email is from a nuisance or fraudulent source.

• Never reply to emails asking you for personal or financial information about yourself. Genuine banks and financial companies will not ask you for personal or financial information this way.
• Never reply to emails that you weren't expecting, or if you don't know the sender.
• Never open attachments you weren't expecting.
• Don't click on links within emails - they could take you to fraudulent websites - type the address into your browser instead.
• Even emails that appear to be from friends, family and colleagues may in reality be fraudulent, sent by a virus on their device.
• If you are sending an email to several people, type their names in the 'BCC' field instead of the 'CC' field (in case it gets intercepted and reveals everyone's names and email addresses).
• Before forwarding an email, remember to delete all details - like the original sender or the previous email trail - if you don't want them to be seen.

You may also receive emails that are more of a nuisance than a safety threat. They could include emails inviting you to enter a competition, buy something online, sign up for a newsletter or have your details published. If you don't want them, use the spam email blocking tools on your email system.

You may not have direct control over who can see your profile or posts, even if you have been careful with security settings. They could be seen by friends of your friends that you don't know, and their friends, and so on.

Information you put on social networking sites can help fraudsters guess your passwords and answers to secret questions like your mother's maiden name, pet's name or your first school. They could also find out when you are away on holiday (leaving your home empty), or where your family members are at a given time.

Another major risk in social networking sites is clicking on links which seem genuine or enticing, but can lead to bogus pages or other websites designed to defraud you or compromise your identity.

• Never put your financial details on a social networking site.
• Change your passwords regularly.
• Always read social networking sites' privacy policies.
• Review your privacy settings - change them if they don't give you enough privacy.
• Remember that people you don't know might be able to see your profile and anything you publish.
• Be careful about the amount of personal information you publish, including any travel plans that you or your family make.
• Create a separate email address just for social network sites.
• Be cautious about meeting people you have contacted on social networking sites in person - they may not be who they seem.

We've recently become aware of a new trend emerging, whereby individuals are being contacted about investments in cryptocurrency, such as Bitcoin. With these scams, Fraudsters may cold call victims and use social media platforms, such as Facebook and Whatsapp, to convince individuals to trade in cryptocurrencies, such as Bitcoin. Please note, abrdn do not offer any cryptocurrency investments.

Shareholder and investment scams (sometimes known as 'boiler room' scams) operate mainly from overseas by phone or sometimes email. They try to convince you to invest in a get-rich-quick share or other investment scheme which is actually bogus.

We've recently become aware of several websites for fake companies imitating our brands, offering bonds and other investments with attractive high rates of return. Please visit our scam awareness page for more detail about this type of scam.

You receive a call from someone claiming to be from your bank or card provider telling you there is a problem with one of your accounts and you need to transfer your money to another account they have set up for you. Alternatively, you could get a caller claiming to be from the local police saying they have arrested a criminal who has cloned credit cards with your name on them. You call back with your personal details, but the fraudster has kept the line open and you are actually giving them your details.

Fake advertising, phoney application forms, forged share certificates and letters claiming that you have overpaid, or are entitled to an inheritance or lottery winnings. The giveaway is these scams always ask for some kind of upfront fee. And then you'll never hear from them again.

Fraudsters attempt to contact your social media contacts by hacking into accounts, pretending to be ill or in danger and pleading for money. The risk of this can be reduced by choosing a password that's hard to guess, a separate email address just for social networks and being wary of posts that seem out of character.

Many fraudsters use dating and social networking websites and chatrooms to pose as single people looking for love. They take you into their confidence then play on your emotions by claiming to be ill or in trouble and needing your money to help them out. You should also consider very carefully before meeting someone in person who you have met online. They may have created a false profile, and not be who they seem.

A common scam is to be emailed if you have successfully bid for an item and told that your payment has been declined. You are asked for your bank details to be re-supplied using a fake link. Such emails usually use legitimate businesses' logos, but the content and links are fake.

• Never reply to an email asking for payment, or click on the links.
• Contact the company separately, through their website or over the phone and tell them about your email.

Goods or services advertised are exactly what you're looking for, and may be at a better price or availability than you can find elsewhere. You are told that the seller cannot accept a credit card and that you need to transfer payment directly into their bank account. The goods or services don't exist, and you can't claim the money back from your bank.

'Spoofing' and 'phishing' are two words used to describe scams to get your personal banking details. 'Spoof' emails are supposed to look exactly like a real company's email, but they are sent to millions of email addresses at random. This is called 'phishing'. The fraudster's hope is that some people will be fooled into giving their banking or personal details, or use their debit/credit card to pay a fake 'fee'.

'Spoof' emails usually include links to fake websites. Fraudsters try and make these fake websites look exactly the same as the real thing.

A common giveaway though is these sites usually ask for your account, card or security details with little or no explanation as to why. As a general rule, if you don't know why you're being asked for these details, don't give them.

Legitimate businesses always have a telephone number or an office you can contact if you are not sure.

Different countries have different ways of regulating financial services firms, so it's worth checking before making any kind of payment.

Have you received any unsolicited emails which look suspicious?

If so, please forward the email to emailscams@abrdn.com.

Have you been promised a fortune, or a large loan?

Fraudsters will use our company name as a way of getting people to pay a fee, on the promise of a large sum of money or guaranteed loan. These are called 419 scams. They're named after a section of the Nigerian Penal Code where these scams began.

419 scams are designed to look convincing. Some go to the trouble of producing fake advertising, phoney application forms and forged share certificates. Fraudsters will go to these lengths to fool people into sending them money or handing over their bank details.

Sadly, there is little that abrdn can do to stop 419 scams happening. But by being aware of the types of scam that have happened, you can keep yourself safe online.

Here are some earlier examples of scams where criminals have fraudulently used abrdn (formerly Standard Life Aberdeen) related company names, logos and branding in the past:

• An individual from Brazil got in touch with us after fraudsters had contacted them. The fraudsters used an email address from an international auction site and faked a story about an unclaimed fortune worth over US$30million. All the individual had to do was send their personal details and the fraudster would arrange for the money to be picked up in person at Standard Life Bank in Edinburgh.
• An American responded to an online advert in a trusted website from 'Standard Life Loan House plc'. The fake advert promised a loan to buy property, and the victim just needed to pass their bank details and send an 'admin fee' by money transfer. After doing this, and completing a forged application form, they realised they had been scammed.
• Another person responded to a different online advert, only this time the 'prize' was a large number of shares. The fraudsters even sent a forged share certificate. The victim paid an 'admin fee' and spent their life savings travelling to a Standard Life office in Edinburgh from their home in Europe. When they arrived, they expected to be met by a Chairman and receive a cheque for a fortune. Sadly, all we could do was explain that they were a scam victim and to get in touch with their local Consulate.