As an online-first scheme NEST takes security very seriously. It’s never been more important to make sure your personal details are secure online. That’s why we ask our users to take extra care when responding to requests for information from NEST.
We communicate with our members and customers through secure mailboxes. To keep your information secure, we never ask you to share your online passwords with us, either on email or over the phone.
It’s also important to remember to log off after using your NEST account. This helps protect the security of your account.
To help ensure your personal information and data remains safe and secure, we have put together the following recommendations.
To protect your account online:
- Register your NEST account online to prevent anyone else from doing so.
- Keep your login details secure and don’t tell them to anyone – not even us. We’ll never ask for your online password.
- Give your NEST account a unique password. This way, your NEST account will be secure even if you have problems with other online accounts are compromised.
- When you log in to NEST, make sure you can see a padlock symbol in your internet browser window. This shows you have a secure connection.
- Always click ‘log out’ when you have finished your session. Closing the browser or navigating to another web page without first logging out of your NEST account may not be enough to prevent your information from being accessible.
- Keep your contact information updated so we can always get in touch.
Over the phone
If you get a phone call from NEST that you haven’t asked for:
- Ask questions to make sure it really is NEST before giving any personal information.
- If you have any doubts, hang up. Wait at least five minutes and contact us yourself on our main number, if possible from a different telephone.
- Alternatively, you can email us or send a secure message from your NEST account to check whether we’re trying to get in touch with you.
- Remember, we’ll never ask for your online password, although we will need to confirm your NEST ID.
NEST will never ask you to give away any personal details by email. We always send emails with attachments through your secure mailbox.
If you get an email to your work or personal email account claiming to be from NEST asking for this kind of information, please do not respond. See below for more information on phishing scams.
Your annual statement
- Read your annual statement and make sure you agree with your investment balance and the value of your contributions over the past year.
- If your employer pays contributions to NEST on your behalf, you should contact your employer in the first instance if you have any queries.
- If your employer can’t answer your queries, then contact NEST by sending a secure message from your NEST account. Once you’re logged in to your account, you can also use secure webchat. Or call the NEST contact centre.
Here are some more tips to keep secure online:
- Make sure your password is strong, contains a combination of numbers, letters and special characters, and is changed regularly.
- Ideally you should have a different password for every online account you have. Never reveal your passwords to anyone.
- Take care who you disclose personal information to. Be wary of people befriending you online, including by email and on social networks.
- Make sure your WiFi network is secured, and you have effective and updated anti-virus and anti-spyware software running on your computer..
- Check suspicious emails against a known spam list. Some internet security vendors such as McAfee and Symantec feature these on their websites.
- Always use secure websites when shopping or banking online. Look out for the padlock symbol when logging in and make sure you log out when your transaction is complete.
- Shred unwanted personal or financial documents.
More information around how to protect yourself online, and on data privacy can be found at the following websites:
Scams and online threats
Phishing emails pretend to come from trusted organisations such as banks, credit card companies and online shops.
They are often sent to thousands of people by criminals who try to scam them into clicking on a site or giving away personal information.
Signs an email that seems to come from NEST might be a scam:
- You weren’t expecting an email from NEST. Its email address is different from our website address.
- It uses a generic greeting such as ‘Dear customer’, rather than your name
- It asks for personal information such as username, password, account or bank details.
- It gives you a time limit, for example, your account may be closed unless you act immediately.
- It shows a prominent website link. This might be similar to NEST’s official website address, but even one wrong character means it’s a different website.
- The entire text of the email is contained within an image rather than the usual text format. The image may contain a link to a false site.
If you are suspicious of an email you receive that seems to come from NEST:
- do not open it
- if you do open it, do not click on any links
- if you have clicked on a link, do not give away any personal information
- do not reply to the email or open any attachments
If you think you may have given away any personal information, such as bank details or account details
- contact your bank immediately
- contact NEST using our telephone contact centre
- send us a secure message from your online account
Be wary of outside organisations that claim to grow your money with overseas investments or offer ways to access your money before you reach retirement age.
Scams that target people with retirement pots are designed to be appealing. But once you’ve signed over your money you could lose it all and won’t be able to get it back.
You could also face large tax charges for taking an unauthorised payment from your retirement pot.
It’s sensible to get independent financial advice on any offers to transfer your pension, and never rush a decision about your pot or sign anything under pressure.
The following links offer more information around how to protect against scams: