We don’t support this browser anymore.
This means our website may not look and work as you would expect. Read more about browsers and how to update them here.

Security Centre

Security Centre

We work hard to ensure our clients' accounts and online dealings are as safe and secure as possible

Hargreaves Lansdown is dedicated to making your HL Account safe and secure. Our Security Centre is here to keep you informed of the threats and issues that may affect you and your account. We explain some of the measures we take to help keep your details safe and show you the things you can do to help protect yourself.

Cyber security

We have a highly experienced team and sophisticated tools in place to ensure the continued safety of client assets and their data – it is the most important thing we do.

You’ll understand that we can’t go into too much detail, however you can be assured, HL are confident in our defence in depth range of security measures. We remain vigilant and ensure as an organisation we are up to date with the very latest cyber threat intelligence.

Specific threats

Clone firm investment scams - what are they and how to spot them.


Suspicious email?

If you've received an email from Hargreaves Lansdown which you think might not be genuine; do not click on any links or reply to the email. Instead please contact our Online Support team.

Contact us

Trouble logging in?

We’ll never ask you for your secure number in full online.

If you have any concerns about the information you are asked to provide, do not continue with your log in.

Contact us

Suspicious activity?

If you've noticed suspicious activity, or think that your account may have been compromised, don't hesitate:

Contact our Online Support team to report it immediately.

Contact us

Protecting yourself

No matter how sophisticated our controls are, we can’t do it alone.

You have a vital role to play in ensuring the safety of your accounts.

Find out more

How we protect you

We take your security very seriously. We have invested in multiple measures to help protect you and your money, using a range of physical, electronic and procedural controls.

Find out more

Common threats

Fraudsters come up with new tactics all the time.

Here you can find more information on the most common types of fraud which could affect you.

Find out more

Frequently asked questions

  • If you have reasons to believe your details may be at risk, there are steps you can take to protect yourself from fraud. You can regularly obtain a copy of your personal credit file from one of the credit reference agencies to see which financial organisations have completed checks on your details as this would indicate they have received an application in your name. Those credit reference agencies may also be able to offer a protective registration service which will alert you whenever your details are used to apply for financial products – please note there may be a fee for this service. You should inspect your post – many organisations will send out welcome letters which should alert you if anything untoward is happening. If you believe your post is being intercepted please contact Royal Mail who will be able to offer further guidance on how to tackle the problem. If you are an existing Hargreaves Lansdown client and experience problems with your post, please let us know.

    If your personal details have been used for fraudulent purposes (for example to open an account in your name), you should make a report to Action Fraud as a victim of identity fraud. You should also contact the company who received the application directly, to inform them of the situation.

  • Boiler rooms are financial operations which involve high-pressure selling tactics in order get investors to purchase shares that are either worthless or do not exist. The initial contact from a boiler room will often start with a telephone call that comes from out of the blue. These operations will obtain your contact details from a variety of sources, for example the old share registers. In recent years boiler rooms have evolved to employ different tactics whereby they offer to buy shares. In this situation they will offer to buy shares at a premium, perhaps stating this is due to an imminent takeover. They can also contact you with an offer to buy your delisted shares. Once this has been agreed they will then ask for an upfront payment in order to complete the sale, which will usually be masked as an overseas tax charge or dealing fee. Boiler rooms are almost always based outside the UK. In order to promote or sell shares in the UK, firms must be registered with the FCA. It is illegal to carry out this activity whilst unauthorised. This includes any firm that is based overseas and is operating within the UK.

    If you deal with an unauthorised firm, you will not be eligible to receive payment under the Financial Services Compensation Scheme.

    If you ever receive an unexpected high-pressure telephone call and are concerned about the legitimacy of the company you should always ask for the caller’s full name, company name, company registration details, their telephone number and where they are located. You should then conduct your own independent research to check if the details you’ve been given correspond to the information available publicly. Bear in mind however that some boiler rooms may use legitimate companies’ details as their decoy. You can verify any contact you have received by contacting the company directly, using the details you have found independently rather than the ones given to you by the caller. Where you are dealing with a call regarding investments you should also ask whether they are authorised by the FCA and request their FCA reference number. You can check for FCA regulated firms by searching the Financial Services Register. You can also contact the FCA’s Consumer Helpline on 0800 111 6768.

    How can I protect myself?

    • Reject cold calls.
    • Always do your own research.
    • Remember, if something sounds too good to be true it most likely is.

  • If you are experiencing difficulties logging into the secure section of our website or are being asked to log in repeatedly at inappropriate times during a session we would suggest clearing your internet cache. If using a Windows PC, you can do this by holding 'control' and pressing 'F5' whilst on the relevant web page.

    Hopefully this will resolve the issue for you however if it does not it is worth trying a more extensive reset. To do this please hold 'control' and 'shift' and then while holding these press the 'delete' key. This will open a window titled 'Clear browsing data'. If there is an option to set the time range to clear, please set that to the furthest back you can and ensure that if 'Preserve favourites website data' appears then that is not ticked. You will also then need to check that any option that mentions 'Cookies' or 'Website data' are ticked and then confirm this action with the 'Delete' or 'Clear browsing data' button at the bottom of this window. If using Safari, navigate to the privacy tab, and click 'Remove All Website Data'.

  • Once you’ve logged in click ‘Account settings’. ‘Password and timeout preferences’ and then ‘edit details’ for Online Password & Secure Number.

  • You can change your Trading Password by clicking on ‘Account settings’, ‘Passwords and timeout preference’ and then ‘Edit Trading Password’.

  • You will not be able to change your unique username, however if you believe that it has been compromised, please contact our online support team on 0117 980 9953.

  • This could be the result of your web browser having a setting called 'Autocomplete' or 'Autofill' enabled. This is where the web browser saves your log in details or card details for websites to either simplify or speed up a log in procedure or payment.

    For security reasons this is something that we would not usually advise having enabled and our website will try to prevent this from being used. It is possible to disable this feature within your browser's settings. For example to do this on Google Chrome, navigate to 'Settings' then 'Show advanced settings'. Under 'Passwords and forms' ensure that both boxes are unselected.

  • If you believe your email account has been compromised you need to take immediate steps to secure it by resetting your password. You should use strong passwords with a variety of characters and avoid using dictionary words or real names associated with you.

    If you use combinations of the same passwords across various sites, then you will have to also reset those credentials. Check your spam/junk folders for traces of any password reset requests or replies to emails which have not been sent by you, as fraudsters may have tried to launch a phishing attack to your contacts.

    If you use email programs or you get your email on your phone or tablet, you will have to swap the compromised details on each device for the newly created secure password. Consider all the implications of a compromised email account – think what information a third party would be able to glean from the emails stored in your account and take action as required.

    Finally, make sure you perform detailed sweeps of your device to check for any weaknesses which could have facilitated the breach of your email account.

    Please remember that if you are set up for paperless service with various organisations you do business with, they will use your email address for vital communications, many of which are designed to alert you of any unauthorised activity. Contact those providers directly to check if any changes or actions have been performed in the time your email account was controlled by the fraudsters.

    If you are concerned about similar breach happening in the future and want protection going beyond strong, unique passwords, you could enquire with your email provider if they have any two-factor or two-step authentication solutions on offer for you to utilise.

  • The exact time and date stamp of your last login session is displayed in the top corner of the page each time you log in. This information is a good way of ensuring you are the only person using your account.

  • We do not place any restrictions on logging in to an account and placing trades while accessing it from abroad. Please bear in mind that public Wi-Fi hotspots are usually unsecured and therefore we would advise that you avoid using them when accessing your Hargreaves Lansdown account regardless of your location. We also do not recommend using public access computers to log in to your Hargreaves Lansdown account.

  • We generally suggest that you avoid public wireless networks to access your Hargreaves Lansdown account. Public Wi-Fi networks either do not require authentication at all or require a password which is the same for all its users, both of which create a playing field for fraudsters who can target unsuspecting individuals and glean precious information floating in an unsecured environment. Turn off Wi-Fi when you are not using it which will prevent your device from automatically connecting to networks.

    Please remember that changing your passwords regularly is one of the most effective ways to ensure the safety of your accounts. If you have accessed your Hargreaves Lansdown account in a public Wi-Fi zone, next time you are within your secure connection consider changing your password.

Still need help?

Write to us

View our address