Phishing is a common type of fraud where a fraudster tries to trick people into revealing their online security passwords. The passwords will then be used to gain access to online accounts and commit theft.

The attacks are simple

A fraudster sends out a fake email that has been designed to look like a legitimate one from a financial organisation. The email directs or encourages people to visit an internet site to revalidate or reactivate access to their online accounts.

The internet site is fake. It has been designed to look like the target organisation's real internet site so may look very realistic. The website will contain a form for people to enter their passwords and other personal information. Once some passwords have been collected, they will be used to try to commit fraud.

What to do

If you receive a Phishing email, DO NOT REPLY and DO NOT FOLLOW any of the instructions in it, even if the tone of the email suggests that action is required urgently.

We will NEVER ask for the whole of your password (except when you want to change it), only three characters from it
We will NEVER send you an email with a link that directs you straight to any kind of logon page

Always check the URL (address) of the web page you are viewing. All Yorkshire Building Society pages start with one of the following:

Always check the security of the site before you log on by looking for the padlock

If you receive a suspicious email, please forward it to us at This is a service provided by a specialist third party company; your report will be investigated and action will be taken to close down any fake websites to protect you and other customers who may have been targeted. Please note that you will not receive a response to your email.

How we protect you online

An overview of the security measures we take to protect you

How you can protect yourself

There's a lot you can do to protect yourself and your accounts

What you should do to protect yourself

Never reveal your password to anyone or write it down, unless you’re using an authorised online Third Party Provider.  Additional information on accessing your account(s) through a TPP can be found here.
Do not use a password that could be easily guessed by someone else
Change your password immediately if you suspect someone else could know it
Log off from the Chelsea website when you have completed your transaction
Keep your PC updated with current anti-virus software, the latest browser versions and relevant security patches/updates
Use a firewall to protect your PC from hacking attacks
Do not send us any confidential account information via email
Make sure we have your correct email address and check your inbox regularly for new messages
Make sure we have your correct telephone number, in case we need to contact you about unusual activity on your account
Beware of 'phishing' emails or texts. Do not respond to these messages or open any links or attachments within them. If you receive an email or text message you were not expecting, please contact us using a number you have verified as genuine. Click here for more information about phishing and smishing scams

Report a lost/stolen card

Call our helpline 24 hours a day, 7 days a week

0345 9 10 11 12*

*When our office is closed this is an automated service; a colleague will be in touch when we reopen.

Alternatively you can visit your local branch or report it online

Online security issue

You can report an online security issue using our form

How you can protect yourself

There's a lot you can do to protect yourself and your accounts