Security centre

It isn't always easy to spot when something's a scam, especially as fraudsters constantly look for new ways to trick us into sharing our personal details.

But there are steps you can take to protect yourself. We've put together some tips to help you stay secure.

How does Marcus protect you?

What we do to protect you

How does Marcus protect you?

What we do to protect you

Nothing is more important to us than protecting your personal information and your savings – here are some of the things we do to help keep you safe.

Last logged in

When you log into your account, we show you the last date and time you logged in on your dashboard. If something doesn’t look right, call us as soon as possible.

Recent transactions

You can check your recent transactions by logging into your Marcus account and selecting ‘view’. You can also download and print a copy of your transaction history for your records.

Linked account

You can only withdraw money from your Marcus account to one external bank account – we call this your linked account. This stops money being transferred from your Marcus account to anywhere but the linked account you’ve chosen and verified with us.

It’s still important that you take every care to keep your account and money safe. For example, if you transfer money from your Marcus account to your linked account to pay for something, make sure that you’re confident you know who it is you’re paying.

Data encryption

Your data is encrypted and transferred between our systems securely, and we monitor our systems 24 hours a day, seven days a week.

Recognised devices

When you try to log in from a device we don’t recognise, we’ll send a verification code to your mobile phone to help us check that it’s you. This helps us stop someone that isn’t you logging into your account. 

 

Contact us

Contact us

If you suspect you’ve been a victim of fraud or if you have any other questions about how to keep your account secure, please call our Customer Care Team on 0800 085 6789, or +44 203 901 3353 if you’re calling from abroad. Our lines are open from 8am to 8pm, Monday to Friday (excluding bank holidays).

If you receive an unsolicited call from Marcus and you have concerns about the call, we encourage you to call us back using a number from our contact page, so you can be sure you’re speaking with Marcus.

If you receive an email claiming to be from us, but that seems suspicious, forward it to [email protected].

Out of hours advice

If you suspect you’ve been a victim of fraud:

  • Change your Marcus password immediately by clicking the ‘reset password’ link from the login page. 
  • Contact your linked account provider as soon as you can and tell them what’s happened.

Staying safe online

Our top five tips for staying safe online

Make sure you know who you’re talking to before giving out any personal information

Before you give out any personal information, stop and think about why the person asking for it needs it. Question uninvited approaches, and contact the company directly using an email address or phone number you know is theirs. 

Don’t click on links in emails or texts from senders you don't recognise

You shouldn’t assume an unexpected email or text message is authentic. Clicking on a link in an email or text from a sender you don't know can give fraudsters access to your personal or financial details.

Don’t let anyone rush or pressure you into making a decision

Stop and take time to consider what you want to do and if you are comfortable with what you are being asked by the caller. No trusted organisation would force you to make a transaction on the spot, or ask you to transfer money into another account.

Trust your instincts

If something doesn’t feel right, question it and don’t give out any information until you have made sure who you’re speaking to. Fraudsters can lull you into a false sense of security, making themselves seem trustworthy when they aren’t.

Don’t panic

Have the confidence to refuse unusual requests for personal or financial information. Criminals may try to intimidate you by starting complex conversations – stop the discussion if you feel out of control.

Stay safe online

Scammers often use malware – which means malicious software – to attempt to steal your personal or financial details, or to take control of your device. 

If someone has called you unexpectedly claiming to be from your bank or another trusted organisation, be wary.

Marcus will never ask you to:

  • Give us remote access to your PC by downloading software; or
  • Share your email, password, or any codes you received that you were not expecting

Should you have any suspicions please do not hesitate to contact us on 0800 028 1701, 8am to 8pm, Monday to Friday (excluding bank holidays).

Check that you’re using a secure HTTPS connection

Always check that the URL is spelt correctly. And if the website is secure, you should see a padlock symbol before the URL.

You can click on the padlock to check that the connection is secure and for more information, or you can click into the URL field to see whether or not it starts with https://. If it doesn’t, don’t share any personal information with that website.

Update the software on your devices

Make sure your device has the latest software updates installed and that you’ve reviewed the available security features – some of those updates are designed to combat fraud and keep your device secure. Certain operating systems also have settings that help protect your passwords – and your device generally – so it’s worthwhile checking these regularly with your provider.

And make sure you have anti-virus software installed to help protect you on your web-based devices.

Passwords and PINs

Choose strong passwords and PINs

When you apply for a Marcus account, we ask you to choose a password to access your account online, and a six-digit PIN that you’ll use to manage your account over the phone and for certain security checks. From time to time, we may ask you to reset your password. It’s important that you choose your password and PIN carefully, as this will help keep your account safe from fraud.

Password

Make your password as secure as possible – it’s best to use a combination of numbers, lower case letters, upper case letters and special characters.

  • Try to pick one that’s easy for you to remember, but hard for others to guess.
  • Don’t use personal information, such as your name or birthday. 
  • Avoid common words or phrases.

Six-digit PIN

Try to choose a memorable PIN that’s a complex combination of numbers – and never use your date of birth or bank account number.

How to protect your password and PIN

  • Don't share your password with anyone.
  • Try to avoid writing your password or PIN down. You should never send either of them in an email or text message – even to yourself.
  • If you think someone might know your password, you should change it immediately. You can reset your password online by clicking the ‘reset password’ button on the login page. 
  • When you’re logging into your account in a public place, always be mindful of who may be watching. Make sure that no one can see your keypad or screen when you’re typing in your password.
  • Always log out of your account when you’ve finished using it.
  • We recommend changing your password regularly.
Types of scams

Phone scams

Types of scams

Charity relief scams

When it comes to charity donations it’s important to know that your donation is reaching those in need. Fraudsters may take advantage of your compassion by creating fake charities or by impersonating genuine ones.

You can use the government website to find out more about safely donating to charities including those affected by recent conflict.

Top tips:

  • Make sure the charity is genuine before giving any financial information by checking the charity’s name and registration number on the government website.
  • Be careful when responding to emails or clicking on links within them.
  • Contact or find out more online about the charity that you’re looking to donate to or work with to understand how they are using your donations.

If you think a fundraising appeal is fake you should report it to Action Fraud, the UK’s National Fraud & Cyber Crime Reporting Centre.

Text message scams

Phone scams

No genuine organisation – including your bank – will ever call you to ask for your full password, or to move money to another account.

Only give out personal information like your date of birth or address when you’re sure of who you’re speaking to. Ask to call them back if you’re unsure, using the organisation’s phone number from a source you trust.

 

What to look out for


You shouldn’t assume that every phone call you receive is genuine. Criminals succeed because they’re good at tricking people, and may try to scare you by telling you you’ve been a victim of fraud. They might already know personal details about you, like your full name and address, and they’re likely to use these to appear genuine. 

Calls like this aren’t limited to criminals impersonating banks. You may receive a call from someone pretending to be a service provider or your local council asking you for personal information or to pay them an outstanding bill.

Be vigilant about calls like these. If you receive an unexpected call from someone who asks you to give them information about you or your bank account, this could be a scam. If it doesn’t seem right:

Ask if you can phone them back. A genuine caller won’t mind if you want to call them back directly.

Look up the phone number of the organisation, then if you can, use a different phone to ring them back.

Ask them if they were trying to contact you, and tell them what happened if not.

Email scams

Text message or messaging app scams

If you receive contact via a messaging app or text message, either offering an investment or telling you that you’ve been a victim of fraud, be wary. It could be a criminal pretending to be a member of your family, your bank or another trusted organisation, such as HMRC. Messages like these often ask you to call a number or visit a fake or cloned website (often via a link) to update your details.

Three signs it might be a scam:

The message asks for personal or financial information, passwords, or to make a transaction.

It asks you to call them on a number you don't recognise. Find your bank's phone number from a source you trust – their website or a bank statement – to check it’s authentic.

There’s an urgent tone to the message, asking you to act quickly.

Fake or cloned websites

Email scams

Phishing emails look like they are from a legitimate company, or a trusted organisation, and typically ask you to share security information or details about your bank account. They often contain links to sites that may contain malware or give the criminal access to your device.

If you’re suspicious about any links in an email, check the following:

Is the email greeting impersonal or generic?

Does the senders' email address match the website address of the organisation you think it’s from? We will only send emails from addresses ending ‘@marcus.co.uk’, ‘@m.marcus.co.uk', '@e.marcus.co.uk', '@r.marcus.co.uk' or ‘@gs.com’.

Is there a sense of urgency, asking you to act immediately?

Are there spelling and grammatical errors?

Is the entire text of the email in an image?

If you still feel unsure, don't click on any links – they may take you to a fake or cloned website. From time to time when we email you, we include links to our third party partners to conduct research on our customers. These emails will be sent from our domain addresses listed above. If you’re unsure whether the email you’ve received is genuinely from us, give our Customer Care Team a call and we’ll be happy to help.

Fake or cloned websites

Fake or cloned websites

Fraudsters may try to impersonate an organisation’s website with a fake or cloned website.

This is an increasingly common type of scam, where websites are designed to look very similar to the genuine website they’re impersonating. They can be very convincing, including links that seem to work correctly, copying genuine logos and containing a mix of correct and incorrect information. This may include fraudsters using the names of genuine staff members within the organisation. 

It’s often websites belonging to organisations like banks, financial institutions or the government that will be targeted, as fraudsters know these are websites you’ll probably trust – and are therefore less likely to suspect you’re being scammed.

Remember to always check the spelling of the web address (URL or domain name), before you click on anything or enter any personal information. Look for details: the difference can be as small as the ending changing from .co.uk to .com. It’s important to stay vigilant, as new scams appear all the time.

You can check that our website is genuine by looking at the web address that appears in the address bar at the top of the webpage. The address for Marcus in the UK will always begin with: https://www.marcus.co.uk

If you want to check whether an investment or pension opportunity that you’ve been offered is legitimate, you can visit the FCA’s ScamSmart page.

Romance scams

Romance scams

Romance scams are increasingly common as fraudsters try to gain your trust. They can do so by setting up fake or falsified profiles on social media, apps, or dating websites. Here are some indications that a profile may be fake:

Having no photos or only 1-2 professional ones against a plain background. You can always reverse image search photos if unsure.

Using robotic or disjointed language with poor grammar. Question whether their answers seem personal or are more generic.

Having no link to their social media or digital footprint. This is an indication that the name they have used is fake.

Bragging about wealth, status, or cryptocurrency knowledge. Some scams will use promises of financial betterment as a way to lure people in.

Not having a verified profile, where offered by the service. Not all services offer this currently, so be aware of the current policies on the one you're using.

You may then believe that you are in a romantic relationship with that individual who may then pressure you into providing them with money. They could give various reasons, such as an emergency or illness, travelling to see you, or investing for your future together.

Don’t let anyone rush or pressure you into making a decision. Protect yourself by never sending money to someone you’ve recently met online, or in person. Have the confidence to refuse requests and speak to friends and family for impartial advice.

You can report romance scams to us, the app provider, the dating site and refer to Action Fraud. The Take Five campaign also provides advice on how to protect yourself against financial crime.

Authorised Push Payment (APP) scams

An APP scam happens when you make a payment and you’re tricked into sending the money to a fraudster. For example:

  • you meant to send the money to a particular person but were tricked into sending it to someone else
  • you thought your payment was for a legitimate purpose, but it turned out to be fraudulent

In the event you are a victim of an APP on or after 7 October 2024, you may be entitled to a refund of the payment in certain circumstances. There is a limit imposed on the maximum value of any refund. The current limit is £85,000.

 

Connect with us on social media

 

Follow us on social media for news, insights and tips from Marcus by Goldman Sachs.