Impersonation scams happen when a fraudster contacts you and pretends to be someone else. They’ll pretend to be your bank, HMRC, a colleague, a supplier or another trusted person or organisation to convince you to send them money.
An example of this could be:
You receive a call from Santander on a known and trusted number. The caller claims to be from Santander Fraud department and tells you that one of your payments have been stopped due to suspicious activity. You're asked to confirm security before they give you any more detail, but the information being asked is actually your log in details. Once revealed, they'll log in, amend the beneficiary account details on a recent payment to an account in their control. They'll tell you the details of your recent payment that they have stopped, you confirm you did want it to go, so they ask you to authenticate the payment to continue. What they’re actually doing is tricking you into authenticating the payment they've just diverted into their account.
Here are some techniques used to convince you they’re genuine:
Impersonation
Social media fraudsters send messages or make contact through messaging services like WhatsApp, LinkedIn, direct messages, Facebook and any social media platform pretending to be someone you know. Again, they can impersonate anyone, and use this to build trust.
Spoofing
Many fraudsters use something called ‘spoofing’. This is where someone deliberately falsifies how their contact number appears on the caller ID, messenger name, or email address to disguise their identity and try to convince you that they’re someone else.
Phishing (email), smishing (text), and vishing (voice calls)
These are when a criminal sends a fake email, text, or calls you pretending to be someone else. It can be hard to know if they’re genuine. Never reply or act on anything without checking that it’s from a genuine source. It is so easy for criminals to make contact details appear genuine, sometimes by changing the email address slightly so you don’t notice. These are clever ways to trick you into sharing personal or security details which they can then use to commit fraud on your accounts.
If you get a suspicious email that claims to be from us, please forward it to phishing@santander.co.uk. Or if it’s a text message, you can forward it to 7726 and email it to smishing@santander.co.uk.
Protect yourself
Remember, always verify the person asking you to take action. Call them back on a known and trusted number, instead of the one on the email, invoice or message. If you input your details onto a “contact us” page and receive a call you should still check that the caller and website are legitimate by calling them back using a trusted phone number.
Our top tips
- Your bank, or the police will never ask you to move money from your account. If you’re asked to do this, it’s a scam.
- Always check the caller is genuine by calling them back on a known and trusted number.
- Never reply to a message from an unknown or unconfirmed contact.
- Never give control of a computer or device to a cold caller.
- Remember your bank will never ask you to disclose your passwords, token codes or any other secure information.
- Santander will never send you an email, text or website link asking for you to enter your Santander connect details or card details.
- Avoid clicking on any links in an email, unless you can verify it is genuine first.