Here are some simple tips to help you stay safe and secure when you’re using websites and apps.
What will UW ask of me when I call them or they call me?
When you speak to one of our UW contact centre staff, we will ask you some basic security questions to verify your identity so that we can discuss your account with you.
UW will never ask you to verify things like:
The password to your online account
Details about your debit or cashback card, such as card number, expiry and CVC code
Sensitive information that you may use as part of your account security
Any security codes that you may be texted or emailed to authenticate a transaction
If someone does ask you for any of these details, chances are they are trying to scam you. If something doesn’t feel right, hang up the phone immediately and give us a call.
As we mentioned above, we do our utmost to protect all of our customers from scams. However, if you think you may have fallen victim to a scam involving your UW account please do get in touch on 0333 777 0777 so we can help.
Were you expecting a call?
Unless you requested a callback and the person calling knows exactly what the issue was about, you should be wary of anyone claiming to be UW. Faking phone numbers or names are both possible, so if you’re not expecting the call, or you just want to reassure yourself, please hang up and call us back on the number on our website or your bill. Your security is important to us, so if it’s really us, the representative you’re talking to won’t mind you taking extra steps to confirm that you are talking to us.
Have you been asked to install software?
We will never ask you to install software on your device, especially remote access software. If someone claiming to be us does ask you to install something on your device, please hang up and call us from the number on our website or your bill immediately so we can look into this.
Only share information with us that we need
We’ve seen some scammers ask to see bank balances or payments in statements. UW will never need this information from you as we can verify payments with our own systems. If you’re ever asked to provide this information, please don’t as it can then be used to make the scam seem more realistic such as mentioning your last payment amount, or editing it to show you were refunded money you shouldn’t have, for example.
If you believe you have fallen victim to one of these scams, contact Action Fraud at actionfraud.police.uk or 0300 123 2040 immediately, and then when you feel comfortable doing so, let us know so that we can provide reassurance and the methods we have to help verify ourselves and secure your account.
Unexpected SMS messages
If you’re not expecting an SMS message, for example you’ve not placed any online orders and you receive a delivery message, check it directly on the company’s website. Don’t interact with the SMS itself, such as clicking on any links.
Mobile application downloads from unofficial sources
Applications should always be downloaded from the official app store for your phone. This could be the Google Play store, Apple Store or other vendor-specific stores. If anyone asks you to download it from another website, or to change your settings to allow the install of unknown apps: close the website, delete any downloaded files and report the SMS message by forwarding it to ‘7726’.
Links in SMS messages
Just like with our advice on phishing emails, check the domain name in the link (i.e. our website domain is www.uw.co.uk) to see where it really goes. For example, if a message mentions tracking a delivery on ‘DHL’, but the domain name in the link has another unrecognisable reference in it - it is not a legitimate DHL SMS or website link. If you’re ever in doubt, you should visit the company website directly or by using a search engine rather than clicking on the link in the SMS.
If you believe you've been a victim of an SMS scam, please follow the advice from the NCSC here.
Data from your profiles or posts – like email addresses, phone numbers, your date of birth and even your pet’s name – could be the key to your digital castle in the wrong hands. Never share your password or PIN, and make sure it's hard to guess. Avoid using your year of birth, or your date of birth.
Keep all your devices protected by using a reputable antivirus software. Some software will include licences for multiple devices, including mobile phones and tablets.
Wherever you can, enable two-factor authentication (sometimes known as 2FA or MFA) on your online accounts. This provides you with an extra layer of protection.
Avoid using the same password on multiple accounts. If you find it hard to remember all your passwords, use a password manager to keep track of them. Then you'll only have to remember the password for your password manager.
Be cautious when opening attachments or clicking on links in an email you aren't expecting. It's always safer to log in to your account via a trusted method to check any notifications.
Check your bank statements, accounts credit report regularly for suspicious entries or accounts you don't recognise. There are many free options available.
Be wary of anyone telling you've been a victim of fraud, either online or over the phone. Fraudsters may try this tactic to gain your personal or banking information and can sound very convincing. Fraudsters can even spoof telephone numbers; pretending to call or text from a number you trust. A legitimate business won't mind if you hang up and call a number that you trust or log into your account.
You should shred or destroy any documents that contain your personal details before you throw them away.
You can find news, updates and information on the latest scams here. And if you think you are or have been a victim of fraud, report it to Action Fraud as soon as possible. Other useful sites for information about staying safe online, include: