The scam: Impersonation scams happen when a fraudster contacts you pretending to be from your bank, the police, or another trusted organisation to convince you to send them money. Within the wide range of tactics used by criminals in this category, fraudsters are even impersonating Santander’s Head of Fraud Risk Management Chris Ainsley. Fraudsters are cold calling potential victims claiming their account is compromised and that they must urgently transfer their funds, often to an alternative ‘safe’ account.
Volume (Santander data): £10.2 million worth of impersonation scams between January-March this year, up 11% from the same period last year, with the average reported loss per customer £6,906 for this period.
Chris Ainsley, Head of Fraud Risk Management at Santander said: “Scammers leave no stone unturned in tricking victims, and as somebody working with colleagues across Santander to protect customers from fraud, it was quite a surprise to discover scammers impersonating me. Imitation is certainly not a form of flattery in this case, but instead a timely reminder that nobody from a bank or legitimate organisation would ever attempt to rush you into transferring funds into another account.
“People should not hesitate to cut contact with anyone they are suspicious of and refer to trusted sources of information such as their bank’s website or by phoning 159 where they can be put through to customer support.”
How the scam works
1. Customer receives an unexpected call or text message that appears to be from their bank. Fraudsters use a genuine bank employee’s name to help it appear authentic.
2. Criminals use a tactic called ‘spoofing’ to make their call or text appear genuine by cloning the number or sender ID, meaning it looks identical to the genuine contact details customers would expect to see from their bank.
3. Criminals tell customers that they’ve been fraud victims and they need to move their money, often to a ‘safe account’, which has been opened and is controlled by the fraudster to urgently prevent further losses.
4. To help further convince the customer that they are a genuine bank employee, they’ll direct the customer to a trusted site such as LinkedIn or Google to search for the employee’s name – in this case Santander’s Head of Fraud Chris Ainsley.
5. When making the transfer the fraudster tells the customer to lie to their bank about the payment purpose. This tactic will help prevent a bank from giving a customer a relevant warning and stop them both identifying the scam.
6. Once the customer has transferred the money from their account, all contact abruptly ends and the customer has no access to the funds.
7. Often by the time the customer contacts their bank the funds will have been moved on from the recipient account and cannot be reclaimed.
Santander case study: Mrs Wilson* received a text message asking her to confirm a £500 payment and she responded immediately to confirm ‘No’. The customer then received a call from a spoofed caller ID appearing as a Santander number. The caller introduced himself as Chris Ainsley, Head of Santander’s Fraud Team, but it was in fact a fraudster impersonating him.
The fraudster thanked Mrs Wilson for confirming the £500 payment was fraudulent, but claimed further payments were being attempted. As a result of this Mrs Wilson was told that a new ‘safe account’ had been opened and that she should transfer her current account balance to the new account urgently. After cross-checking Chris Ainsley’s name on LinkedIn, on the instruction of the impersonator pretending to be Chris, Mrs Wilson transferred over £60,000 in funds to the fraudster’s account. She was also instructed by the fraudster to mislead the bank about the true reasons for her payments, this was to avoid the bank uncovering the scam.
The criminal then ended the call and cut all contact. After a few days when Mrs Wilson didn’t receive her new online banking details she contacted Santander and was informed she had unfortunately been a victim of a scam.
In this case, due to the individual circumstances, Santander was able to refund the customer but this may not always be possible. This is why customers should be alert on how to protect themselves from becoming the victim of a scam.
*Name and some details changed to preserve anonymity.
What to do
If you receive unexpected contact from your bank asking you to urgently act – don’t. Stop, wait five minutes, and call your bank by dialling 159 or using the number on the back of your card.
If you think you’ve already been the victim of an impersonation scam, report it to your bank straight away.
How to protect yourself
• Never withdraw or transfer money out of your account if you’re instructed to do so for security reasons. No bank will ever ask you to do this.
• Never give out your full personal or security information over the phone, in an email or by responding to a text message.
• Never rely on caller ID as the sole means of identification, the number can be spoofed to look like a recognised number.
• Never share a One Time Passcode with another person, not even a bank employee.
• Never enter your Online Banking details after clicking on a link in an email or text message.
• Remember, just because a caller claims to be someone, an internet or social media search won’t actually confirm that it is the same person you are speaking to.
- Ends -
The information contained in our press releases is intended solely for journalists and should not be used by consumers to make financial decisions.
Notes to Editors
Santander UK is a financial services provider in the UK that offers a wide range of personal and commercial financial products and services. At 31 December 2022, the bank had around 19,000 employees and serves around 14 million active customers, via a nationwide branch network, telephone, mobile and online banking. Santander UK is subject to the full supervision of the FCA and the PRA in the UK. Santander UK plc customers’ eligible deposits are protected by the FSCS in the UK.
Banco Santander (SAN SM, STD US, BNC LN) is a leading commercial bank, founded in 1857 and headquartered in Spain. It has a meaningful presence in 10 core markets in the Europe, North America and South America regions, and is one of the largest banks in the world by market capitalization. Santander aims to be the best open financial services platform providing services to individuals, SMEs, corporates, financial institutions and governments. The bank’s purpose is to help people and businesses prosper in a simple, personal and fair way. Santander is building a more responsible bank and has made a number of commitments to support this objective, including raising €220 billion in green financing between 2019 and 2030. In the first quarter of 2023, Banco Santander had €1.2 trillion in total funds, 161 million customers, 9,000 branches and 210,000 employees.