What are they?

Phishing, pronounced ‘fishing’, is a form of online attack that’s generally aimed at obtaining your personal data or access to your money. Common targets include login credentials or bank/credit card details, but there are many opportunities fraudsters may want to take advantage of.

These attacks often come in the form of spoofed emails or websites that attempt to disguise themselves as the real deal.

How to spot a phishing attack?

Phishing emails often appear to be from legitimate companies like banks, internet service providers or credit card companies. Always check if the full email address or website URL you are interacting with is legitimate by validating it with an external source.

For example, you bank with Barclays and receive an email redirecting you to their website. Check both the domain you received the email from and the URL you are being redirected to:

• Google their website, in this example, their real UK landing page URL is "https://www.barclays.co.uk"
• An example of a spoofed version of this might be as similar as "https://www.brclays.co.uk”

Both websites might look exactly the same to begin with, but a spoofed attack might be collecting your login credentials.

If unsure, reach out to the company directly by searching for an alternative contact and verifying that the communication you received is legitimate. When in doubt, it’s always best not to answer any questions, click any links, or download any files.

Some telltale signs of these attacks are:

• First time or infrequent senders
• Poor spelling and/or grammar
• Asking for items like usernames, passwords, or account numbers
• Offer something seemingly valuable, like a prize or discount

Verifying your details with Lightyear

As a regulated financial institution, we may occasionally need to reach out if we spot something unusual to make sure your account is safe and secure.

It’s important to note, we’d never

• Ask you for things like your login credentials, one-time passcodes sent by SMS, or your bank/credit card information
• Place any orders for you by phone - only you can do so yourself through our platform

To ensure that you’re speaking with a Lightyear team member and not a fraudster, you can check the handle of the email you’ve received, or ask for a verification message to your device where you have Lightyear installed.

Our domain is lightyear.com and our support email address is support@lightyear.com. For certain communications initiated by us, @email.lightyear.com and @info.lightyear.com may be used. Only download our app from official app stores: Use the Apple App Store, Google Play Store, or access Lightyear directly via our website.

Reporting suspicious activity

If you receive or spot any email, website or phone call impersonating Lightyear, or have concerns about the safety and security of your Lightyear account, please report it immediately to our support team.