DF Capital

Fraud Protection

Customer security is of the upmost importance at DF Capital. Our systems employ modern technologies and security which are independently and regularly tested. We take a proactive approach to cybersecurity and protecting customer data is always at the forefront of our mind.

This guide looks at some of the common types of fraud and scams and how to avoid them.


Phishing is an email-based fraud, and is a form of social engineering. Phishing involves a fraudster, posing as a legitimate source, sending emails that aim to trick people into divulging sensitive information or transferring money into other accounts. The emails typically contain a link to a fake website, which will request that you enter financial information, passwords or other sensitive information.

Vishing and Smishing

Vishing (voice phishing) and smishing (SMS phishing) involves fraudsters calling or texting purporting to be from the police, utility providers, delivery companies or even your bank.

Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as ‘number spoofing’. The caller will then try to persuade you to:

  • transfer money to another account for ‘safekeeping’ or ‘holding’
  • withdraw cash and hand it over ‘for investigation’
  • give private information, which can then be used to gain access to your finances

Smishing is similar — but is carried out through SMS text message


‘Malware’, short for ‘malicious software’, is used by criminals to disrupt computer operations and access confidential information. Malware can be installed into your computer through clicking a link in an email, opening an attachment to an email, or by downloading software from a malicious source.

Covid-19 Fraud

Fraudsters are always looking for new opportunities to steal money and information. There are a number of coronavirus-related scams and malware campaigns in the UK, which are designed to encourage you to give away sensitive banking and personal information, or download malicious files onto your personal or work devices.

Here are a few simple steps you can take to keep your details safe from fraud.

Buzzwords to look out for

Be extra vigilant if you receive emails, texts, calls or letters claiming to be from, or containing links to, these organisations:

  • Centers for Disease Control & Prevention (CDC)
  • Global Health Centre
  • Organizzazione Mondiale della Sanità (OMS)
  • Shipping company customer service teams
  • Updates from presidents of corporations
  • World Health Organisation (WHO)

You should also take care if you get any emails that mention coronavirus, especially if they also reference:

  • A link for an app that tracks the virus using an interactive map
  • Business working conditions or policies
  • Campaigns raising money for research into cures, or funds for victims
  • Information about hospitals in affected areas
  • Mortgage repayment holidays or rent relief
  • Parcel shipping cancellations
  • Refunds from airlines or entertainment bookings
  • Money transfer requests for victims trapped abroad
  • Services claiming they can diagnose coronavirus
  • Tax refunds from gov.uk
  • Websites where you can buy coronavirus masks, test kits, sanitiser gels or protective equipment.

Ways to stay safe

There are also steps you personally can take to help stay safe when you are online and to protect yourself from fraud and scams. We hope the below information will give you some tips to help reduce your risk and protect yourself.

Check websites URLs
  • On sites that require you to input personal or payment details, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.
  • Avoid using websites that display an IP address (e.g. in your web browser’s address bar instead of the domain name (e.g. https://www.dfcapital.co.uk).
Keep your computer secure and up to date
  • Install anti-virus software from a well-known and trusted company.
  • Always keep your operating system, internet browser and security software up to date. This will help to keep your device secure.
  • Only download files and software from trustworthy sources.
  • Run regular security scans on your devices.
Be aware of any suspicious emails, phone calls or texts.
  • Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name (e.g. “Dear Sir/Madam”).
  • Don’t enable macros in any attachments.
  • Do not assume a caller or an email sender is genuine because they know information about you or the email address looks familiar – fraudsters are skilled in collecting enough information to sound convincing and can spoof email addresses or change caller display IDs to a genuine number.
  • If you are suspicious, terminate the call and call back using your usual contact number, and not one provided by the caller
  • Remember that your bank may ask you for some information, but will never ask for your full password, all your personal information, your personal security details, provide you with details to make a payment, or request that you grant them access to your systems or PC.
  • We will never text customers a link that leads to any online banking log-in page, or to ask for confirmation of account or security details.
  • Don’t respond to emails that are unsure about or that you’re not expecting to receive.
  • Never click on a link you don’t trust or recognise. You can hover your mouse over a link in an email to see its true destination. It’s always best to verify an email or text you are unsure about before clicking on any links.
How we will communicate with you

At DF Capital we use a Secure Messaging Service provided by Mimecast to ensure your personal information is treated with the highest level of care. Mimecast is a global company which provides email security services.

Once you have opened a Savings account with DF Capital you will receive all email correspondence through our Secure Messaging Service, this will include emails with any personal details including account details. The Secure Messaging Service will hold all emails in a secure account for you to login at any time and view. You are also able to respond to the messages using the same system. You can find out more about our Secure Messaging Service here. If we contact you by telephone, we will never ask for all of your personal or security information and will never ask you to make a payment into a different account.

How to report Fraud

We will never ask you to share your account details like user ID, password and memorable information via email, text message or social media. If you receive a request for this, or any other suspicious email, text message or contact on social media that appears to be from DF Capital, please forward it to phishing@dfcapital.co.uk and then delete the email or any communications you’ve received immediately.

Please contact us immediately at savings@dfcapital.co.uk if you have any concerns about your account security.

Useful links

For more information about how you can keep safe online you can visit:

Action Fraud: https://www.actionfraud.police.uk/

Cyber Aware: https://www.ncsc.gov.uk/section/information-for/individuals-families

Get safe online: https://www.getsafeonline.org/

Take Five: https://takefive-stopfraud.org.uk/