A woman typing using her laptop on a wooden desk.

Keeping your information safe

homecustomer help centre help and advice keeping your information safe

Everyday security measures

Beware of scam phone calls

You might get a call sometime from a person pretending to be from a company you trust. They may ask for your account information or passwords.

If you're suspicious about a call or if someone is putting you under pressure to give them your personal information, hang up.

If you're concerned about a call from someone who says they're from SSE Energy Solutions, call us back using one of the phone numbers on your bill or our website, so we can help you.

Don't open suspicious emails

Sometimes criminals will try to get your personal details by sending emails that look like they're from a trusted source, like a bank or utilities supplier. These are known as “phishing” emails.

Phishing emails often don’t address you by your name. They might also have strange-looking web or email addresses, bad grammar, poor-quality images and website URLs that are different when you hover over them.

If you have doubts about an email, don't open it. Instead, get in touch with the company or person who supposedly sent it, either by phone or through their website. Don’t use the web address given in the email. Search for it online instead.

Never act on an email that asks you for personal information, such as your bank account details or your password. At SSE Energy Solutions, we'll never ask you for your password or other personal information by email.

Use strong passwords, keep them safe

Use different passwords for your different online accounts and make sure they’re “strong” – difficult to guess. Here’s how to create a strong password:

  • Make it at least 12 characters long.
  • Make sure it’s unique by combining random words.
  • Use a mixture of upper- and lower-case letters, numbers and characters such as punctuation marks.
  • Don't use people's names, company names or place names.
  • Avoid obvious numbers and phrases such as “12345” or "QWERTY".

Keep your passwords safe but it’s best not to write them down. Use a password manager to store them securely instead.

Keep your devices up to date

Update your operating system, apps and antivirus software when they offer you a new version. If your device doesn’t update automatically, it’ll usually tell you when there are new versions available to download.

Identity theft and fraud

Identity theft is when a person’s personal details are stolen. Identity fraud is when stolen personal details are used to get money or goods in the victim’s name, for example, by stealing money from their bank account.

Identity theft and fraud are becoming an increasingly common problem in the UK, as fraudsters discover more ways to get the information required to steal someone’s identity.

Here are a few ways to protect yourself and your personal information:

  • Don’t be tricked into revealing personal data in response to an email, text, letter or phone call. Never divulge private information unless you’re certain that the request is from a genuine source.
  • Keep sensitive documents, like your bank statements, utility bills, tax returns, passport and driving licence, in a secure place. Shred those you no longer need, preferably with a cross-cut shredder.
  • Don’t share private information with family, friends or people who take you into their confidence.
  • Look out for “shoulder surfing” – people looking over your shoulder when you’re shopping or banking online or using an ATM.
  • Check there are no entries you don’t recognise on your credit card or bank statements.
  • Always use good antivirus/anti-spyware software and make sure it’s updated.
  • If possible, opt for paperless bills and statements.

If you think your information has been stolen, act quickly to minimise the impact of the theft:

  • Contact any websites where you think theft has taken place and let them know.
  • If you can, log in and change your password immediately to a strong password.
  • If you can’t log in, contact the website immediately for further advice.
  • Ask your bank, building society or credit card company for help (for example, to freeze your accounts or get new cards, passwords, and PINs). Most will refund any money you’ve lost, providing you weren’t negligent in some way.
  • Change your password on other websites in case they have also been compromised.
  • Check for other transactions, items for sale or items purchased in your name which you haven’t made and cancel them.
  • Report all lost or stolen documents (passports, driving licences, statements, credit cards, etc) as soon as possible to the relevant issuing authorities.
  • Check that credit reference agencies haven’t registered any unusual transactions and ask for advice if necessary.
  • Consider registering with the CIFAS Protective Registration service.

Invoice redirection

Invoice redirection is when criminals pose as a creditor or supplier and tell a business that their company’s bank account details have changed. They ask the business to make all future payments to a new account. The business then makes a payment believing that it’s going to a genuine supplier, but instead the money is redirected into the new fraudulent account.

Often the business doesn’t know it’s a victim of this crime until the real supplier sends a reminder invoice for payment. Victims of invoice redirection fraud range from very small businesses to large corporations.

Stop criminals targeting your business

When reviewing invoices, check for any suspicious details, such as:

  • An altered sender address if sent by email.
  • Other alterations, like low quality graphics or mismatched fonts.
  • Spelling and grammatical errors.
  • Unusual figures or descriptions of products and services.
  • New bank account details or “how to pay” information.

If you receive a request from a creditor or supplier to change their bank account details or contact information, such as a telephone number:

  • Be careful and treat the request as suspicious – challenge and check it.
  • Contact the creditor or supplier to check the request using contact details you know are genuine, not those included in the request.
  • Don’t change any contact or payment details until you’re certain it’s genuine, however urgent they say it is.
  • Once you’ve made a payment, check that the business you meant to pay has actually received it.

Stop criminals impersonating your business

It’s important for your business to take steps to avoid being impersonated by criminals. Make sure your computer operating systems and cybersecurity software are regularly updated, and use strong passwords for all email accounts.

And keep a look out for “phishing” emails that could give criminals access to your business systems. Once inside, the fraudsters could target your customers, which risks damaging their business and eroding their trust in yours.

Find out more

Protect yourself and your business

Check your credit score