Phishing works by getting you to type your password into a fake page. A few habits mean you never do — and they take no extra time once they’re second nature.
Before you sign in
- Type the address yourself or use your own saved bookmark — don’t follow a login link from an email or text.
- Check the address bar shows the correct domain and a padlock.
- Be wary of any page that asks for extra details a login screen wouldn’t normally need.
If something looks off
Don’t enter your details. Close the page and reach the portal your own trusted way. If you think you may have entered your password on a fake site, change it immediately from the genuine portal and turn on two-factor authentication. We’ll never send you a link demanding you “verify” or “reconfirm” your login — genuine servicing starts from inside your own account.
Whenever a change touches money, access or your company’s data, we verify the request is genuinely from an authorised person before we act. We will never ask you to confirm full security details by email or phone to release information or push through a change — if a message pressures you to do that, treat it as suspicious and contact us to check.
See also: How to report a scam pretending to be us, Keeping your account secure, What to do if you suspect unauthorised access.