It's an unfortunate reality that online scams are a growing threat. Criminals have taken advantage of our increased reliance on technology and our shift to home working with opportunistic scams.

At the National Cyber Security Centre (NCSC), we?ve seen this increase in scams first-hand. Our Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public, took down over 700,000 online scams in 2020. This was a fifteen-fold increase on the number of takedowns the year prior.

Many organisations will be all too familiar with fraudsters impersonating their brands to entice members of the public into giving away personal details or financial information. This can be via a scam text, call, email, or advert. When customers unfortunately fall victim to these scams, the spoofed organisations can also suffer with a detrimental impact to their brand's reputation and customer confidence in their service.

Common phishing scams spoof the correspondence and web pages of UK banks to trick customers into giving away their personal details, including banking information. A common scam involves victims being told by their ?bank? that their account has been compromised and that money needs to be moved to a 'safe account? - which is being operated by the fraudster to bank stolen money. 

The NCSC has published new guidance setting out how SMS and telephone messages can be issued in a trustworthy and consistent way that protects customers from fraud and makes it harder for criminals to exploit these telecoms channels. This new guidance follows previously published advice on email security and anti-spoofing.

In practical terms, we explain how organisations should conduct their due diligence and make considerations before contacting customers with SMS messages or call. It lists the following nine best practices that go a long way to help customers identify legitimate messages:

1. Keep messages simple and consistent
2. Use minimal phone numbers, SenderIDs and email addresses
3. Publicise your contact details - The numbers and email addresses, websites and SenderIDs
4. Do not ask for personal details
5. Use links sparingly and make them human readable
6. Apply this guidance to your supply chain due diligence 
7. Provide a way for your customers to independently check your communications
8. Provide a means for your customers to contact you independently
9. Provide guidance on how customers can report scams 

Consumers place a significant amount of trust in their bank when using their service. Issuing secure customer communications that's clearly distinguishable from scams will help maintain this trust.

In addition to securing their own external communications, organisations can point customers to scam reporting methods so that they feel empowered to act against them. Reporting via the following methods will ensure that malicious content is removed from the internet where found:

• Scam emails can be reported to the NCSC by forwarding to report@phishing.gov.uk
• Scam texts can be reported by forwarding to 7726
• Scam websites can be reported to the NCSC through our website - www.ncsc.gov.uk/scams. 
• Scam adverts can be reported to the Advertising Standard Authority via their website - www.asa.org.uk.

Scams can feel ubiquitous these days, but this doesn't make it inevitable that we?ll see more victims losing out. The banking sector can play a significant part in the fight back against scams by following the NCSC's best practices on customer communications.