Latest fraud updates

Scams involving existing mandates 

Criminals impersonate Santander so they can get access to your account. They’ll get you to share OTP codes with them. This is so they can gain access to your Online Banking. Then they’ll send payments out of your account. 
We’ve seen cases where criminals who get this access then send payments to people/businesses you’ve sent money to before. The criminal then impersonates your business and contacts that company to ask for the money to be ‘refunded’. What they’re really doing is getting the money sent to their own account.

You can help protect your business with a couple of simple steps:

  • Never share an OTP with anyone, not even a Santander employee.
  • Always read the whole OTP message. The message will explain what the code is approving. Such as access to online banking or a card payment. If the message doesn’t match what you’re trying to do STOP and call us.

For more information on how to protect your business, visit our Spotting fraud and scams page.

Check it's genuine with ScamSmart

To check if your investment’s genuine or a potential scam, use the Financial Conduct Authority's ScamSmart tool

Answer 4 easy questions to find out:

  •  about the potential investment and any risks
  •  if the investment firm is FCA regulated, or could be a clone.

Before you invest, it's always smart to do extra checks on any details you've been given. For example, make sure any phone numbers you have for a firm match those registered to it. That way, you can contact the firm on a number you know is genuine, if you need to.

For more on how to protect your business, go to Spotting fraud and scams

Do you know who you're really talking to?

Criminals trick people and businesses by pretending to be someone you know or trust. 

See our tips on how to spot an impersonation scam below. 

  • Criminals will create a sense of urgency so you can’t think straight.
  • They’ll say you’ve been a victim of attempted fraud or have an overpayment that needs to be returned.
  • You’ll be urged to move your money to a ‘safe’ or newly opened account to protect your money.
  • They’ll ask you to amend existing payment details or set up a new payment.
  • Criminals can ‘spoof’ telephone numbers, email addresses and text messages so they look like they're coming from a known, trusted source. They use this to try and prove they’re from the genuine organisation. Always be careful and double-check a request is genuine. Don’t ever rely on caller ID alone. Always take time to think about what you're being asked to do, and if you’re not sure or feel uncomfortable, stop.

At Santander, we’ll never get in touch and ask you to tell us your One Time Passcode (OTP) or ask you to take urgent action. If you get a call like this, hang up, wait five minutes and call us back using the number on the back of your card.

Criminals send fake invoices to trick you into making payments to their accounts. We want to help you protect your business.

Find out what typically happens with an invoice scam below.

  • The criminal pretends to be a supplier, business contact or colleague.
  • They’ll send a fake invoice by email, fax or post.
  • They’ll ask you to make a new payment or change the account details of an existing payee. 
  • Your money is sent to the criminal’s account.
  • You’ll only know it was fraud when you speak to the genuine contact.
  • By this time, it’s unlikely you’ll be able to get your money back.

Protect your business

Always confirm new payment requests or to change bank details. Do this in person or use a publicly available or trusted number. Never use the number given in the invoice or email.

Criminals ‘spoof’ telephone numbers. This makes it look like they're calling from a known, trusted source.

Always take time to think about what you're being asked to do. If you’re not sure or feel uneasy, stop.

Criminals want your business to pay upfront for something before you have even received the goods or service. These scams often start on social media or with an email. It might even be a letter sent by the criminal to try and make the scam look believable.

Examples of this could be:

  • Paying an ‘admin fee’ to release funds from a business loan
  • Paying a deposit for a new business premise which doesn’t exist. Or this could be office space or storage
  • Paying a fee to release money in an investment
  • Paying a ‘recovery fee’ to get back money lost in a previous scam. If you have been a previous victim of a scam, you can be targeted.

Keeping your business safe

Don’t pay money upfront for anything unless you are certain it is genuine and have taken steps to check it.
If you have any doubts, stop and take some time to think it through. Don’t ever feel pressured into paying quickly for anything.

Criminals don’t take time off, are your staff fraud aware?
So that you can relax and enjoy your time off, make sure your staff know how to protect your business from fraud and scams. Share our top tips:

  • Contact numbers, messages and emails can be spoofed, don’t trust the contact ID. Never use a number that’s given to you by the caller. To confirm contact from Santander use a number from our website.
  • Confirm new or changed payment details over the phone or in person. Emails and messages can be intercepted or hacked. Use a number you know to be genuine when calling to confirm payment details.
  • We’ll never call you and ask you to click on a link, download an app or open an attachment.
  • Don’t share any passwords, login details or OTP’s with anyone. Not even with a Santander employee. We never ask you to use them to authorise a refund.
  • Don’t allow anyone to remotely access your computers or devices during or after a cold call.

Take a look at our Spotting Fraud & Scams page. This has more information and tips to protect you and your business. 

QR codes are black and white squares which you can scan using your phone or tablet to take you to a link quickly. You may have seen them in restaurants, car parks or on letters. Criminals are taking advantage and creating their own to try and steal your money. Once you scan the QR code you’ll be taken to fake screens asking for your information and card details. Fake QR codes are being used in public car parks, restaurants and by people approaching you in the street. They may offer free products or money to scan their code.

Here’s an example of how the scam works.

  • You scan the QR code to pay for public parking.
  • You enter your personal information and card details.
  • A criminal will then use these details to attempt payments on your card.
  • You’ll then receive a call from a criminal who is pretending to be your bank. They’ll asking about some recent activity that you don’t recognise.
  • The criminal will tell you that you’ve been a victim of fraud and to keep your money safe you need to move it to a new account.

What's really happening is criminals are using the information you shared, when you scanned their QR code, to impersonate your bank and convince you to move your money.

How you can keep yourself safe when using QR codes.

  • Check for tampering. When using a QR code in a public space, such as a restaurant or car park you should check to make sure it hasn’t been tampered with or got a sticker placed over an original code.
  • Preview the link. When you scan a QR code the link to the page will appear for you to click on. Check the URL of the link before clicking. HTTPS are the most secure, you should avoid entering personal or financial information in HTTP website.
  • Double check the URL. Criminals will make a small change to try and trick you e.g. instead of
  • Don’t scan or open QR codes from people you don’t know. Criminals may approach you on the street or message you online offering money or free products if you scan their QR code.
  • Contact the company. If the information you’re being asked for doesn’t seem right, stop and speak to the company directly.
  • Santander QR codes. Our QR codes will only take you to information pages.
  • Install anti-virus software. You can use this to verify original QR codes that do not contain malicious links. This will help you avoid having a virus or other malware downloaded onto your mobile.

If you are worried you might have scanned a fraudulent QR code, you can contact us on 0330 123 9860.

Fraud can happen to any business. At Santander, we're committed to helping you protect yours. Our Head of Fraud and Risk Management, Chris Ainsley, shares his tips on how to stay safe and what to look out for.

Impersonation scams

Through impersonation scams, fraudsters might try to convince you to send money to them by pretending to be from a trusted source such as your bank, or even the police. Take a look at the video below to learn about how to spot the signs.


Fraud prevention culture by Santander

Learn what we're doing to combat fraud and how we're protecting your business with our controls.

Fraud prevention culture - what you can do

Practical advice on how you can stay safe.



Fraudsters use spoofing to gain trust by targeting businesses over the phone and posing as bank staff, police officers or other officials or companies in a position of trust.

Social engineering

Learn how to spot when fraudsters are trying to trick you into doing something you wouldn't normally do.


Summary advice

Head of Fraud and Risk Management at Santander, Chris Ainsley, shares his tips on how to stay safe and what to look out for.


Payment redirection

Fraudsters intercept genuine payment requests that contain an invoice or bill, asking you to pay a new account number. Here's what to look out for.


Protecting your business with fraud controls

Practical advice on how you can use fraud controls to protect your business.

Was this helpful?

Do your banking online

Ways for you to manage your money without leaving home

Trouble logging on

You can reset your details if you already have Online Business Banking