Security centre

It isn't always easy to spot when something's a scam, especially as fraudsters constantly look for new ways to trick us into sharing our personal details.

But there are steps you can take to protect yourself. We've put together some tips to help you stay secure.

Our top five tips for staying safe online

Make sure you know who you’re talking to before giving out any personal information

Before you give out any personal information, stop and think about why the person asking for it needs it. Question uninvited approaches, and contact the company directly using an email address or phone number you know is theirs. 

Don’t click on links in emails or texts from senders you don't recognise

You shouldn’t assume an unexpected email or text message is authentic. Clicking on a link in an email or text from a sender you don't know can give fraudsters access to your personal or financial details.

Don’t let anyone rush or pressure you into making a decision

Stop and take time to consider what you want to do and if you are comfortable with what you are being asked by the caller. No trusted organisation would force you to make a transaction on the spot, or ask you to transfer money into another account.

Trust your instincts

If something doesn’t feel right, question it and don’t give out any information until you have made sure who you’re speaking to. Fraudsters can lull you into a false sense of security, making themselves seem trustworthy when they aren’t.

Don’t panic

Have the confidence to refuse unusual requests for personal or financial information. Criminals may try to intimidate you by starting complex conversations – stop the discussion if you feel out of control.

Stay safe online

Scammers often use malware – which means malicious software – to attempt to steal your personal or financial details, or to take control of your device. There are a few things you can do to help keep yourself safe online.

Check that you’re using a secure HTTPS connection

Always check that the URL is spelt correctly. And if the website is secure, you should see a padlock symbol before the URL.

You can click on the padlock to check that the connection is secure and for more information, or you can click into the URL field to see whether or not it starts with https://. If it doesn’t, don’t share any personal information with that website.

Update your anti-virus software

Make sure your device has the latest software updates installed – some of those updates are designed to combat fraud and keep your device secure. And make sure you have anti-virus software installed to help protect you.

Don’t download software you don’t recognise

Never download software from a source you don’t trust. These links often contain software that could give criminals access to your device. If someone has called you unexpectedly claiming to be from your bank or another trusted organisation, be wary and never give them access to your device.

Choose strong passwords and PINs

When you apply for a Marcus account, we ask you to choose a password to access your account online, and a six-digit PIN that you’ll use to manage your account over the phone and for certain security checks. It’s important that you choose these carefully, as a secure password and PIN will help keep your account safe from fraud.

Password

Make your password as secure as possible – it’s best to use a combination of numbers, lower case letters, upper case letters and special characters.

  • Try to pick one that’s easy for you to remember, but hard for others to guess.
  • Don’t use personal information, such as your name or birthday. 
  • Avoid common words or phrases.

Six-digit PIN

Try to choose a memorable PIN that’s a complex combination of numbers – and never use your date of birth or bank account number.

How to protect your password and PIN

  • Don't share your password with anyone.
  • Try to avoid writing your password or PIN down. You should never send either of them in an email or text message – even to yourself.
  • If you think someone might know your password, you should change it immediately. You can reset your password online by clicking the ‘reset password’ button on the login page. 
  • When you’re logging into your account in a public place, always be mindful of who may be watching. Make sure that no one can see your keypad or screen when you’re typing in your password.
  • Always log out of your account when you’ve finished using it.

Phone scams

No genuine organisation – including your bank – will ever call you to ask for your full password, or to move money to another account.

Only give out personal information like your date of birth or address when you’re sure of who you’re speaking to. Ask to call them back if you’re unsure, using the organisation’s phone number from a source you trust.

 

Learn how to spot a conversation with a scammer in our guide to handling suspicious calls

What to look out for

You shouldn’t assume that every phone call you receive is genuine. Criminals succeed because they’re good at tricking people, and may try to scare you by telling you you’ve been a victim of fraud. They might already know personal details about you, like your full name and address, and they’re likely to use these to appear genuine. 

Calls like this aren’t limited to criminals impersonating banks. You may receive a call from someone pretending to be a service provider or your local council asking you for personal information or to pay them an outstanding bill.

Be vigilant about calls like these. If you receive an unexpected call from someone who asks you to give them information about you or your bank account, this could be a scam. If it doesn’t seem right:

Ask if you can phone them back. A genuine caller won’t mind if you want to call them back directly.

Look up the phone number of the organisation, then if you can, use a different phone to ring them back.

Ask them if they were trying to contact you, and tell them what happened if not.

Text message scams

If you receive a text message telling you that you’ve been a victim of fraud, be wary. It could be a criminal pretending to be your bank or another trusted organisation. Texts like these often ask you to call a number or visit a fake website to update your details.

Three signs a text message might be a scam

The message asks for personal or financial information, passwords, or to make a transaction.

It asks you to call them on a number you don't recognise. Find your bank's phone number from a source you trust – their website or a bank statement – to check it’s authentic.

There’s an urgent tone to the message, asking you to act quickly.

Email scams

Phishing emails look like they are from a legitimate company and typically ask you to share security information or details about your bank account. They often contain links to sites that may contain malware or give the criminal access to your device.

If you’re suspicious, check the following:

Does the email use your proper name?

Does the sender address match the website address of the organisation you think it’s from? If it’s from us, the email address will end ‘@marcus.co.uk’, ‘@m.marcus.co.uk', '@e.marcus.co.uk' or ‘@gs.com’.

Is there a sense of urgency, asking you to act immediately?

Are there spelling and grammatical errors?

Is the entire text of the email in an image?

Don’t click on any links – they may take you to a fake website.

From time to time, we work with third parties to send out surveys to our customers on our behalf. These emails will come from a different email address. If you’re unsure whether the email you’ve received is genuinely from us, give our Customer Care Team a call and we’ll be happy to help.

Fake websites

Fraudsters may try to impersonate an organisation’s website with a fake website.

This is an increasingly common type of scam, where websites are designed to look very similar to the genuine website they’re impersonating. They can be very convincing, including links that seem to work correctly, copying genuine logos and containing a mix of correct and incorrect information.

It’s often websites belonging to organisations like banks, financial institutions or the government that will be targeted, as fraudsters know these are websites you’ll probably trust – and are therefore less likely to suspect you’re being scammed.

Remember to always check the spelling of the web address (URL or domain name), before you click on anything or enter any personal information. Look for details: the difference can be as small as the ending changing from .co.uk to .com. It’s important to stay vigilant, as new scams appear all the time.

You can check that our website is genuine by looking at the web address that appears in the address bar at the top of the webpage. The address for Marcus in the UK will always begin with: https://www.marcus.co.uk

If you want to check whether an investment or pension opportunity that you’ve been offered is legitimate, you can visit the FCA’s ScamSmart page.

What we do to protect you

Nothing is more important to us than protecting your personal information and your savings – here are some of the things we do to help keep you safe.

Last logged in

When you log into your account, we show you the last date and time you logged in on your dashboard. If something doesn’t look right, call us as soon as possible.

Recent transactions

You can check your recent transactions by logging into your Marcus account and selecting ‘view’. You can also download and print a copy of your transaction history for your records.

Linked account

You can only withdraw money from your Marcus account to one external bank account – we call this your linked account. This stops money being transferred from your Marcus account to anywhere but the linked account you’ve chosen and verified with us.

It’s still important that you take every care to keep your account and money safe. For example, if you transfer money from your Marcus account to your linked account to pay for something, make sure that you’re confident you know who it is you’re paying.

Data encryption

Your data is encrypted and transferred between our systems securely, and we monitor our systems 24 hours a day, seven days a week.

Recognised devices

When you try to log in from a device we don’t recognise, we’ll send a verification code to your mobile phone to help us check that it’s you. This helps us stop someone that isn’t you logging into your account. 

Contact us

If you suspect you’ve been a victim of fraud or if you have any other questions about how to keep your account secure, please call our Customer Care Team on 0800 085 6789, or +44 203 901 3353 if you’re calling from abroad. Our lines are open from 8am to 8pm, Monday to Friday (excluding bank holidays).

Out of hours advice

If you suspect you’ve been a victim of fraud:

  • Change your Marcus password immediately by clicking the ‘reset password’ link from the login page. 
  • Contact your linked account provider as soon as you can and tell them what’s happened.

Connect with us on social media

 

Follow us on social media for news, insights and tips from Marcus by Goldman Sachs.