Urgent PIN code warning to millions of Brits making the same mistake

Scammers will go to great lengths to con you out of your money - but there are ways you can protect yourself. banking and expert Chiara Cavaglieri has shared five things she would never do, to help lower your risk of being caught out.

She said: "I’ve spent more than a decade researching threats and battling to get bank victims their money back, yet I’ve never felt unsafe using online or mobile . Staying alert to phishing attempts, keeping software updated and making use of your bank and mobile phone’s security features will stop most bank scammers in their tracks."

Never use the same PIN or password twice

It is important to never use the same PIN or password twice, even if you have two-factor authentication, which is a security measure that requires you to provide two forms of identification to verify your identity when logging into an account.

Chiara said: "Even with 2fa, don’t be tempted to use the same Pin or password twice, as this is still your first line of defence. If an attacker has got hold of your login details for one online account, perhaps following a data breach, or stolen through a phishing message, they will use automated software to test these login details across countless other accounts."

You can minimise your risk by choosing strong, unique passwords. Which? recommends combining three random words to create a new password. It suggests using a password manager such as Bitwarden or Dashlane so you don’t need to remember each different password.

Never use an unsupported device for banking

If your PC, tablet or mobile phone is no longer receiving security updates, Which? says don’t use it for banking. This is because unsupported devices are more likely to fall victim to malware and other cyber attacks because criminals will try to abuse their weaknesses.

Chiara said: "Windows 10 is ending security support in October 2025, for example, which means it won’t get security updates or fixes after this date. Your PC won't become riddled with viruses overnight (so don't panic), but it may become more vulnerable over time."

Never download an app outside of an official app store

Which? says you should always use an official app store - for example, the Apple App Store or Play - as they vet and remove rogue developers. However, you should still always read the reviews even on official app pages.

Chiara said: "Malicious apps still slip through in official stores (many reportedly pose as QR code readers and PDF apps), so it’s sensible to read any negative reviews carefully and check the app’s permissions. One red flag is requesting access to your contacts without a clear reason why this is necessary."

Never give remote access to an unsolicited caller

It is common for IT professionals to use remote access tools to help fix computer issues - but be aware that scammers also use these too to get access to your devices and personal information. They may pretend to be from your bank, broadband provider or even a retailer such as Amazon.

Chiara said: "If a cold caller wants you to share your screen or give them access to your device, this should be an immediate red flag. Never share bank security codes (those used to log in to online accounts and authorise payments) either. Your real bank will never ask to share these over the phone or in a message."

Never trust Caller ID

Always be wary of who is calling you - scammers can use number spoofing to mimic official numbers and make it look like a bank or another company is calling you. Spoofed texts can even appear in the same message thread as genuine ones, making it impossible to distinguish between the two.

Chiara said: "A common tactic is to refer to unauthorised transactions, or another security breach, to create panic. The same scammers may try both tactics, for example, I’ve previously warned about fake delivery texts being followed up by bank impersonation scams over the phone.

"This can be extremely effective, as they only need to refer to the initial bogus text to establish trust. Call your network immediately if you receive an unexpected message about your Sim being ported or a PAC request, or you unexpectedly lose phone service."

READ MORE: