Online security

The government’s Stop! Think Fraud has info to help you keep safe.

Protect your Nest account

Log in 

Logging in to your Nest account for the first time helps stop scammers from taking control of it and getting access to your hard-earned pension. 
Once you’ve logged in for the first time, don’t tell anyone your password – not even us. Then log in regularly and keep your personal details up to date, for example if you move home or change your name or contact details.

Choose a strong password

A strong password is unique to your Nest account and difficult to guess. This may make it hard to remember. So try making a password out of 3 or more random words, by combining numbers, letters and special characters, or use a password manager.

Be suspicious

Think before you click. Emails from Nest will come from an email address ending in @nestpensions.org.uk or occasionally from @videosmart.com, a trusted partner. Any other address is likely to be fraudulent. Fake emails may use generic greetings like ‘Dear Customer’ or none at all. They may threaten to close your account unless you take action. 

Don’t open, tap or click on anything you find unusual. Just forward these messages to phishing@nestpensions.org.uk and then delete them.

Know your pension pot

If you're a victim of fraud, the faster you notice the better. We recommend you regularly log in to your Nest account and check your pension pot balance, your contributions over the last 12 months and any withdrawals from your pot. Whether you joined Nest yourself or through your employer, get in touch if you have any questions which need answering.

Protect your data

Keep your data private

Be careful who you share your personal details with, whether entering them online or discussing them in person. Take care with physical documents too – make sure you shred important letters before you throw them away and remember to redirect your mail when you move. Learn more about data privacy on the Information Commissioner’s Office (ICO) website.

Use secure connections

Make sure your WiFi network is secure and use up-to-date anti-virus and anti-spyware apps. Look for the padlock symbol in the address bar on the browser, which shows that you have a secure connection with a verified website. Take care when using free or public Wifi – don’t let your devices connect automatically. Log out after using your online accounts. You can find more information about protecting yourself online on the National Cyber Security Centre (NCSC) website.

Use Nest’s bank details

If you're an employer, remember that Nest won’t unexpectedly change bank details or ask you to send contributions to a different account. We certainly won’t ask you to make payments over the phone or via a link in an email. We’ll always direct you to log in to your online account.

Check if your data has been stolen

The website Have I Been Pwned? allows you to check whether your personal data has been put at risk due to data breaches. It has useful tools to monitor your security and privacy, including an alert that tells you when your information has been compromised.

How scammers steal data

Phishing

You could be tricked into revealing data through a fake email or website that looks like Nest but has a slightly different address. Often, you’re asked to reveal personal information, open attachments, click a link or call a number that isn’t our main helpline. Our short video has tips you can follow to protect yourself, whether you’re a member or a business looking to protect your staff’s pensions.

Hacking

Hacking is carried out by fraudsters, usually using software that you’re tricked into installing onto a phone, computer or other internet-connected device. Software that’s used to steal your data is normally triggered when you click on a link or open a file attachment sent by the fraudster.

Identity theft

Your information can be stolen physically or digitally. Letters and documents could be taken from your mail or your home, or an organisation that you’re a customer of could suffer a data breach. Scammers might use this information to steal your identity and then apply for bank accounts, credit cards or documents like passports in your name.

Phone grabbing

Thieves target your mobile phone to get the log-ins you’ve stored on them and access to one-time authentication codes for your accounts. It’s important to keep your phone locked, shield it from view when entering passcodes and be alert when using your unlocked phone in public. Carry debit cards, credit cards and identity documents like your driving licence separate from your phone when possible.

Cyber stalking

This is a type of harassment carried out by a stalker through online channels, like social media, forums and email. What might start as a few seemingly harmless messages can turn into systematic and frightening abuse. It can also include attempts to blackmail you, monitor your activity and steal your identity.

Impersonation scams

Scammers might call, text or contact you through social media and pretend to be from an organisation you trust, like your bank or HMRC. They’ll often claim you need to act urgently to pay a fake bill or to keep your money safe. The scammers will try to convince you to transfer money to them, or to tell them your personal financial details.