Client email security
HM Revenue and Customs has reported a large rise in fraudulent ‘phishing’ emails involving a number of banks, insurance companies, pension providers, and HMRC themselves. Phishing is where criminals send convincing-looking fraudulent emails to entice you to give them your personal information.
At Mattioli Woods, we always put our clients’ safety first and we will never ask you for your passwords in an email or ask you to transfer funds to an account without personal contact by your client relationship manager or consultant.
We have processes in place to assist in countering fraud, which are reviewed on an ongoing basis. You therefore may be contacted when we are asked for payments to be made to/by a third party.
Protect yourself against potential threats
- Be sceptical when you receive an email from a sender that you do not recognise - be even more wary if it asks for confidential information
- Do not click on links contained in suspicious emails or open attachments - instead, open a new browser window and type the URL directly into the address bar
- Never give out personal security details (e.g. username and/or password) in an email or over the telephone - we will never email you asking for your personal or security information
- Ensure you have installed anti-virus and firewall software, and keep it up to date
Protect yourself from fraudulent emails
- Check the email address - is it the same as the email address you usually receive emails from, or only similar? Our emails always end in ‘@mattioliwoods.com‘.
- Check the web address - in emails, website addresses may appear genuine on first sight, but if you hover your mouse pointer over the link without clicking, it may reveal a different web address.
- Check the email subject line - be wary of anything along the lines of “secure message”, “important information required”, “verify or update your details”.
- Be suspicious of any message that creates a sense of urgency - such as “If you don’t respond within 48 hours, your account will be suspended”. A legitimate company will not create a false sense of urgency.
- Check the grammar and spelling - for mistakes or inconsistencies.
- Think - is the email consistent with the type and tone of messaging you would normally receive from the sender? Criminals can fake email addresses, therefore do not assume that because the email address looks correct that the email is legitimate; carry out other checks as well. If you are not sure, contact the sender by phone to confirm if it is genuine.
If you receive what you believe is a phishing email, forward it to your account manager or consultant to verify its authenticity and then delete it from your computer / email account. You can report it by forwarding it to firstname.lastname@example.org