Cookies on the Isle of Man Bank website Close

Privacy Statement: How we use cookies
Cookies are very small text files that are stored on your computer when you visit some websites.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. For more information on cookies and how we use them, please visit our website.

Phishing and Vishing

What is phishing?

Phishing (pronounced 'fishing') is a con trick used by criminals to get hold of your personal information. Phishing typically happens when criminals send convincing looking but fraudulent emails or text messages, although they have also been known to use phone contact.

What is Vishing?

These are unsolicited phone calls from fraudsters which encourage you to give out your personal details, such as your card, PIN or card reader codes. The fraudsters can pretend to be your bank, the police, or any other official company.

Sometimes you may get a 'warm up call' where no information is discussed. This is to set the scene for a later call where you may be asked for information.

These emails are often sent to thousands of individuals - in the hope that some will be hoodwinked into supplying personal information. This may include user names, email addresses, passwords, bank account, and credit card details.

These phishing attacks will typically encourage victims to enter details on a fake website - which often seems to come from a legitimate organisation.

What should you look for?

  • Casual or informal wording - that's not in the normal style of an email from a legitimate company
  • Familiar language or tone - but poor grammar and spelling
  • 'Verify your account' request - banks will never ask you to enter full account details, passwords or PINs onto a website
  • 'There is a secure message waiting for you' - these messages work by putting the emphasis on reading a message - not your actual account. However, the link in the email will still ask for your personal account details
  • 'If you don't respond within 48 hours, your account will be closed' - such messages convey a sense of urgency that can make you respond immediately without thinking. Phishing emails might even claim that your response is required because your account may have been compromised
  • 'Click the link below to gain access to your account' - sophisticated email messages can contain links or forms that you may fill out just as you would do on a legitimate website
  • 'Dear Valued Customer' - phishing emails are usually sent out in bulk and often do not contain your first name or surname

You may receive text messages pretending to be from the bank. Some state that sensitive information about you has been posted onto the internet and encourage you to visit a web site. These messages are fraudulent, and visiting the link in the text is likely to result in an attempt to infect your computer or handheld device with a malicious virus.

Other messages state that there is a problem with your bank account and encourage you to phone a number. These are also fraudulent, attempting to trick you into giving away your personal and security information.

Example text messages:

"Your account is closed due to unusual activity. Call us at [number removed]"

"Someone has posted your full Personal & Banking information @ http://[website address removed] You must remove it now."

"Hi, I post your full Personal and Banking information at [website address removed] You can remove it, I am sorry"

What can I do?

Always DELETE text messages like these.

  • Do NOT phone the number, fraudsters will attempt to trick you into disclosing your personal information.
  • Do NOT click on the link or type it into your browser, as you may be at risk of being infected with malicious software.

If you have followed the link, we recommend that you carry out a full check of your computer or handheld device as soon as possible to find out if any spyware, computer virus or other malicious software has been installed.

Important information

We will never ask you for your PIN or password by text or email.

Whilst the Bank now offers a Text Messaging service to give alerts or updates about your account and services available, we will never ask for your full security details or direct you to a page which requires you to enter any logon details or use a card reader device. Smart phones will automatically convert some text into web page addresses - do not click on any link unless you are absolutely certain it has come from a valid source.

If we send you a text, we won’t include specific details but may refer you to our Alerts Service or ask you to contact our Customer Services (without providing a number) or visit your Branch.

You can find our contact details here.

Vishing involves customers receiving unsolicited phone calls pretending to be from the bank or even the police. Often they will encourage you to part with security information as part of an ongoing investigation into potential fraud, or claiming that they need to verify security information following a recent transaction.

Sometimes you might get a "warm-up call" where no information is discussed, but your guard is lowered when you get a subsequent call, which refers back to the initial seemingly innocent call you received.

Example call:

Call 1 - "You recently made a card transaction and we wanted to check your customer experience - you'll be entered into a prize draw - I just need characters 2 and 4 of your four digit card PIN for security".

Call 2 - "You recently took part in our telephone survey - we'd now like to get your views on our online banking service - we need to verify your security information to ensure the right customer goes into our prize draw - could I have characters 1 and 3 of your card PIN?"

What can I do?

Do not give any security information away during a telephone call you have not initiated.

Ask for a contact number for you to call back, but always verify this number independently before phoning back, for example by contacting your branch to confirm the number is valid.

How to avoid becoming a victim of Vishing

- Never give your full PIN or Online/Telephone Banking login details to anyone, even a caller claiming to be from your bank or the police

- If you get a call asking you for this information, end the call immediately

- If you receive a suspicious or unexpected call, always verify the caller using an independently checked phone number such as a contact number from our website

- Remember fraudsters also use techniques to hold your phone line open. When you try to dial out to verify the caller, the fraudster may stay on the line, play a fake dial tone and claim to be the person you're trying to contact. To avoid this, use a different phone line to verify the caller where possible. If not, try calling a friend or family member first to make sure your line is clear