Staying safe online
Here are some simple tips to help you stay safe and secure when you’re using websites and apps.
Impersonation Fraud (July 2022)
What is Impersonation Fraud?
This is a scam where fraudsters contact you and pretend to be from a trusted organisation – like your bank or UW. They may claim to be from a fraud or security team and say that your account has been compromised, or is at risk of fraud. They will ask you for account details, passcodes, or other sensitive information and may say they need it to protect your account. They will often say that the situation is urgent, and that you must give them information immediately.
You can read more general information about this type of scam.
Please stay aware, read our tips below, and report anything suspicious to us.
What to look out for
Unexpected calls that appear to be from a UW number. If you’re not expecting a call from us and someone calls asking for information relating to your UW account, hang up immediately. Then, report it by calling the number on our website or your bill, or via the UW app.
Callers asking for sensitive information. Never give out your account passwords, one time passcodes or other sensitive information to anyone that calls you. Our staff members will never ask for this information. If you do get a call you are not expecting, please contact us to let us know.
One time passcodes or in-app Cashback Card approvals for payments you didn’t make. If you receive passcodes or approval requests you didn’t initiate, block your Cashback Card in your account and contact our customer service team immediately.
Top tip for staying safe
We strongly recommend enabling push notifications in the UW app to receive real-time alerts for all your Cashback Card purchases. You can then easily spot anything unusual.
What to do if you think you’ve been affected
Contact us immediately so we can review your account
Change your UW account password via ‘Account settings’ in the UW app or via ‘forgot password’
Block your Cashback Card via your online account or in the UW app
Consider freezing any cards used to top up your Cashback Card, until we've confirmed everything is safe
Ofgem Rebate Scam (May 2022)
What to look out for:
Ofgem has issued a warning that cyber criminals are sending realistic-looking - but fake - emails telling recipients that they are eligible to apply for an energy rebate, and must do so by clicking a button that directs them to a fake Ofgem-branded website, where they are asked to enter personal details to set up a direct debit for receiving the rebate.
Remember: you can’t claim the energy bill discount (you’ll begin to receive this from October) or council tax rebate (this is distributed/this comes from local authorities) from Ofgem.
Neither UW, nor anyone else, will ever contact you to ask for financial or personal details in order to arrange your energy bill rebate.
If you receive a scam email or text message, report it:
Forward emails to.
Forward phishing text messages to 7726.
Report suspicious websites and links via the.
If you think you may have been scammed:
Call your bank directly or through the(a new pilot scheme that provides a trusted way to get through to your bank).
Report the scam by contacting Action Fraud on 0300 123 2040 or through.
Scam Awareness (August 2021)
What to look out for:
What will UW ask of me when I call them or they call me?
When you speak to one of our UW contact centre staff, we will ask you some basic security questions to verify your identity so that we can discuss your account with you.
UW will never ask you to verify things like:
The password to your online account
Details about your debit or cashback card, such as card number, expiry and CVC code
Sensitive information that you may use as part of your account security
Any security codes that you may be texted or emailed to authenticate a transaction
If someone does ask you for any of these details, chances are they are trying to scam you. If something doesn’t feel right, hang up the phone immediately and give us a call.
As we mentioned above, we do our utmost to protect all of our customers from scams. However, if you think you may have fallen victim to a scam involving your UW account please do get in touch on 0333 777 0777 so we can help.
Impersonation scam awareness (June 2021)
What to look out for:
Were you expecting a call? Unless you requested a callback and the person calling knows exactly what the issue was about, you should be wary of anyone claiming to be UW. Faking phone numbers or names are both possible, so if you’re not expecting the call, or you just want to reassure yourself, please hang up and call us back on the number on our website or your bill. Your security is important to us, so if it’s really us, the representative you’re talking to won’t mind you taking extra steps to confirm that you are talking to us.
Have you been asked to install software? We will never ask you to install software on your device, especially remote access software. If someone claiming to be us does ask you to install something on your device, please hang up and call us from the number on our website or your bill immediately so we can look into this.
Only share information with us that we need We’ve seen some scammers ask to see bank balances or payments in statements. UW will never need this information from you as we can verify payments with our own systems. If you’re ever asked to provide this information, please don’t as it can then be used to make the scam seem more realistic such as mentioning your last payment amount, or editing it to show you were refunded money you shouldn’t have, for example.
If you believe you have fallen victim to one of these scams, contact Action Fraud ator 0300 123 2040 immediately, and then when you feel comfortable doing so, let us know so that we can provide reassurance and the methods we have to help verify ourselves and secure your account.
The latest SMS scams (May 2021)
What to look out for:
Unexpected SMS messages If you’re not expecting an SMS message, for example you’ve not placed any online orders and you receive a delivery message, check it directly on the company’s website. Don’t interact with the SMS itself, such as clicking on any links.
Mobile application downloads from unofficial sources Applications should always be downloaded from the official app store for your phone. This could be the Google Play store, Apple Store or other vendor-specific stores. If anyone asks you to download it from another website, or to change your settings to allow the install of unknown apps: close the website, delete any downloaded files and report the SMS message by forwarding it to ‘7726’.
Links in SMS messages Just like with our advice on phishing emails, check the domain name in the link (i.e. our website domain is www.uw.co.uk) to see where it really goes. For example, if a message mentions tracking a delivery on ‘DHL’, but the domain name in the link has another unrecognisable reference in it - it is not a legitimate DHL SMS or website link. If you’re ever in doubt, you should visit the company website directly or by using a search engine rather than clicking on the link in the SMS. If you believe you've been a victim of an SMS scam, please follow the advice from the NCSC.
Consider what you share on social media
Data from your profiles or posts – like email addresses, phone numbers, your date of birth and even your pet’s name – could be the key to your digital castle in the wrong hands. Never share your password or PIN, and make sure it's hard to guess. Avoid using your year of birth, or your date of birth.
Use technology to keep your computer secure
Keep all your devices protected by using a reputable antivirus software. Some software will include licences for multiple devices, including mobile phones and tablets.
Use online security when available
Wherever you can, enable two-factor authentication (sometimes known as 2FA or MFA) on your online accounts. This provides you with an extra layer of protection.
Use unique passwords
Avoid using the same password on multiple accounts. If you find it hard to remember all your passwords, use a password manager to keep track of them. Then you'll only have to remember the password for your password manager.
Always check who sent the message
Be cautious when opening attachments or clicking on links in an email you aren't expecting. It's always safer to log in to your account via a trusted method to check any notifications.
Keep up to date with your accounts
Check your bank statements, accounts credit report regularly for suspicious entries or accounts you don't recognise. There are many free options available.
Be careful of convincing stories
Be wary of anyone telling you've been a victim of fraud, either online or over the phone. Fraudsters may try this tactic to gain your personal or banking information and can sound very convincing. Fraudsters can even spoof telephone numbers; pretending to call or text from a number you trust. A legitimate business won't mind if you hang up and call a number that you trust or log into your account.
Your rubbish is another person’s opportunity
You should shred or destroy any documents that contain your personal details before you throw them away.
Keep up to date and learn more
You can find news, updates and information on the latest scams. And if you think you are or have been a victim of fraud, report it to as soon as possible. Other useful sites for information about staying safe online, include: