Spoof or phishing emails tend to have generic greetings such as “Dear Shieldpay member”. Emails from Shieldpay will always contain your name or display name and will only be sent from a @shieldpay.com address.
Phishing or Scamming
Phishing is a scam where fraudsters send emails or SMS fraudulently to thousands of people without their knowledge or consent.
These emails pretend to come from well-known companies (like Shieldpay) including banks, credit card companies, online shops and auction sites as well as other trusted organisations. They usually try to trick you into going to the site, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that may look exactly like the real thing but is actually a fake designed to trick victims into entering personal information or extract money.
The email itself can also look as if it comes from a genuine source. Any emails sent from Shieldpay will only come from an email address authorised by Shieldpay. Fake emails sometimes display some of the following characteristics, but as fraudsters become smarter and use new technology, the emails may have none of these characteristics. They may even contain your name and address.
Examples of how scammers operate
- The sender’s email address may be different from ours.
- The email may be sent from a completely different address or a free webmail
- The email may not use your proper name, but a non-specific greeting such as “Dear customer.”
- A sense of urgency; for example the threat that unless you act immediately your account may be closed. We will not close your account unless you request so.
- Pay attention to website links. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website. We only operate through www.shieldpay.com
- A request for personal information such as username, password or bank details.
- You weren't expecting to get an email from the organisation that appears to have sent it.
- The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site. ShieldPay only sends emails in HTML or Plain Text and generally includes an email reference.
If you believe you've received a phishing email, follow these steps right away:
- Forward the entire email to firstname.lastname@example.org
- Do not alter the subject line or forward the message as an attachment.
- Delete the suspicious email from your inbox.
We'll look into it and email you a response to let you know if it is indeed fraudulent. In the meantime, don't click any links or download any attachments within the suspicious email. If you‘ve responded to a fraudulent email and believe your Shieldpay account may now have been accessed, you should immediately let us know of the unauthorised access.
SMS SPAM or unsolicited texts (also known as smishing) from people you don’t know can be more than just annoying. At worse it may contain suspicious content or links to malicious websites designed to steal your personal details and, ultimately defraud you. Many carriers will let you report SPAM by simply forwarding the message to ‘7726’ (which is the keys for ‘SPAM’ on most phones and should generally be free of charge). Check with your service provider to find if this service is supported.
Authentic text message should include our name and contact details. Also we will only send text messages where you have given your consent to be sent. If you have received a spam text, do not reply or forward it, but delete it – otherwise if in doubt you can always contact us about it to make sure it is genuine as we know you may have forgotten about whether you have previously given consent.
You’ll know that an email/SMS is not from Shieldpay when:
- The email/SMS uses a generic greeting like ‘Dear user’ or ‘Hello, Shieldpay member’ or ‘Dear Customer’. We'll always address you by your first and/or last name or the business name on your Shieldpay account.
- The email/SMS requests financial and other personal information. A real email/SMS from us will never ask for your bank account number, debit or credit card number etc. Also we'll never ask for your full name, your account password, or the answers to your ShieldPay PIN.
- When the email comes from a different address other than an @shieldpay.com address and only contains an image rather than text.
Here are some security tips to help you stay protected online:
- Even if a URL contains the word 'Shieldpay', it may not be a Shieldpay webpage.
- When using Shieldpay, always ensure that the URL address listed at the top of the browser displays as https://www.shieldpay.com. The 's' in ‘https’ means the website is secure.
- Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.
- If you provided any personal information in response to a phishing email or on a spoof website, change your Shieldpay password and PIN immediately.
- If you provided any financial information, contact your bank and your credit card issuer and tell them about the situation.
- Review your Shieldpay account history to check that you recognise all recent payments.
Shieldpay is committed to helping you stay safe online and ensure that you’re able to spot phishing immediately.
For more information on Phishing and Scam emails and how to stay safe online please visit getsafeonline.org and cyberaware.org.uk