Financial fraud and scams

These scams happen when you receive an email asking you to set up a payment to a new account or to amend existing payment details. Sometimes these come out of the blue, but normally they seem to come from someone you’re already dealing with, such as a solicitor, builder or business contact. The scammer can spoof the contact details to make it look genuine, or they could even hack a genuine email address. There is normally a sense of urgency to try to make you panic into making the payment quickly and without checking first. If you make this payment, the money goes straight to the criminals and never arrives with the intended person or business. By this time, it’s unlikely you’ll be able to recover the money.

Things to watch out for:

• Receiving new bank details from your solicitor or estate agent to complete on premises acquisition.
• Receiving an invoice from a supplier that needs paying before you receive goods.
• Receiving an email from an employee who has asked to change his bank details for his next wages.

How to protect yourself

• Before paying a new bill or changing existing details make sure you confirm the request directly with the company or colleague. Always call on a known and trusted number, one from their direct website or check in person if possible.
• Never respond to requests via the email address it came from or the contact details in the letter.
• Set up a single point of contact for companies you pay regularly.
• Review your payment approval process and use dual authorisation for an extra layer of security.
• Review payments due at a future date where account details have been changed to confirm the request is genuine.
   

Stop and take time to think about what you’re being asked to do. Never feel rushed into making a payment.

Invoice scams

These happen when you receive a fake invoice or bill, asking you to pay for goods or services. It’s often an email and appears to be from a genuine business contact, asking for existing payment details to be changed, or to pay a new bill.

CEO fraud

This is when a criminal pretends to be a senior person in your business to persuade staff to make an urgent payment. The request is usually an email and has new account information belonging to the criminal.

Impersonation scams happen when a fraudster contacts you and pretends to be someone else. They’ll pretend to be your bank, HMRC, a colleague, a supplier or another trusted person or organisation to convince you to send them money. ​

An example of this could be:​

You receive a call from Santander on a known and trusted number. The caller claims to be from Santander Fraud department and tells you that one of your payments have been stopped due to suspicious activity. You're asked to confirm security before they give you any more detail, but the information being asked is actually your log in details. Once revealed, they'll log in, amend the beneficiary account details on a recent payment to an account in their control. They'll tell you the details of your recent payment that they have stopped, you confirm you did want it to go, so they ask you to authenticate the payment to continue. What they’re actually doing is tricking you into authenticating the payment they've just diverted into their account.​

Here are some techniques used to convince you they’re genuine:​

Impersonation

Social media fraudsters send messages or make contact through messaging services like WhatsApp, LinkedIn, direct messages, Facebook and any social media platform pretending to be someone you know. Again, they can impersonate anyone, and use this to build trust.​

Spoofing​

Many fraudsters use something called ‘spoofing’. This is where someone deliberately falsifies how their contact number appears on the caller ID, messenger name, or email address to disguise their identity and try to convince you that they’re someone else. ​

Phishing (email), smishing (text), and vishing (voice calls)

These are when a criminal sends a fake email, text, or calls you pretending to be someone else. It can be hard to know if they’re genuine. Never reply or act on anything without checking that it’s from a genuine source. ​It is so easy for criminals to make contact details appear genuine, sometimes by changing the email address slightly so you don’t notice. These are clever ways to trick you into sharing personal or security details which they can then use to commit fraud on your accounts. ​​

If you get a suspicious email that claims to be from us, please forward it to phishing@santander.co.uk. Or if it’s a text message, you can forward it to 7726 and email it to smishing@santander.co.uk.​
 

Protect yourself​

Remember, always verify the person asking you to take action. Call them back on a known and trusted number, instead of the one on the email, invoice or message. If you input your details onto a “contact us” page and receive a call you should still check that the caller and website are legitimate by calling them back using a trusted phone number.
 

Our top tips​
 

• Your bank, or the police will never ask you to move money from your account. If you’re asked to do this, it’s a scam. ​​
• Always check the caller is genuine by calling them back on a known and trusted number.​​
• Never reply to a message from an unknown or unconfirmed contact.​​
• Never give control of a computer or device to a cold caller.​​
• Remember your bank will never ask you to disclose your passwords, token codes or any other secure information.​​
• Santander will never send you an email, text or website link asking for you to enter your Santander connect details or card details. ​​
• Avoid clicking on any links in an email, unless you can verify it is genuine first.​

Remote Access scams will often begin with a browser pop-up saying that your computer is infected with a virus, or maybe a call from someone claiming to be from your bank or a well-known computer support centre such as Microsoft or McAfee. Their goal is to access your financial information by tricking you into letting them remotely connect to your computer.

To get connected to your computer or other device, such as a mobile phone or tablet, they’ll ask you to download a legitimate app such as TeamViewer or AnyDesk, or by simply getting you to click on a link. Remote access gives the other person full access to view and act on everything you can.

What to do if you allowed remote access
 

If you installed any apps or clicked on any links that have downloaded remote access software, then you need to:

• hang up the phone and close your session
• report it to your bank straight away
• uninstall team-viewer or any new apps/software
• have the PC professionally cleaned, and
• keep your security software up to date on all devices.

Buying scams

These scams can happen when you find something online that you want to buy. This could be a holiday, flights, concert tickets or building materials. Once you've paid, you lose contact with the seller. You'll either receive no goods, or goods that are less valuable or different to those advertised.
 

Selling scams

These scams can happen when you sell items online. You may send the goods as agreed and never receive payment, or you may be tricked into returning an overpayment that was deliberately made using stolen card details or a fraudulent cheque. The fraudster will ask for the overpayment to be transferred back to them at different bank details.
 

How to spot a purchase scam?

These criminals are very clever, but there are sometimes warning signs that could help you identify them.

• An item that is advertised as priced under the recommended selling value – does it sound too good to be true?
• The seller makes extra effort in communication to push the sale through.
• The buyer sends you more money than they need to pay for the item, asking you to return the difference.
• A seller you don’t know asks you to use ‘PayPal Friends & Family’ service or to pay for goods by bank transfer.
• Facebook Marketplace is a great way to buy and sell locally. Be cautious when buying an item that you can’t see in person. The seller may be using a fake profile, buying this way is high risk.
   

Protect yourself?

Even if there are no warning signs, we’d recommend considering the following:

• If buying from a reputable site such as eBay, Airbnb, Autotrader or Gumtree, stick to the payment options they’ve provided. Never communicate outside the site.
• Always use secure payment methods, such as PayPal or your credit card where you can.
• If you’re buying a large item such as a car, make sure you see it in person before making any payment.
• Be wary of accepting payment for goods by cheque.
• Never send personal or financial details by email.
• Research the seller and site and always read the reviews. Check several review sites and compare them. This helps rule out any fake reviews left by fraudsters.

Staying safe when using Docusign

Criminals use DocuSign to send documents for payment redirection scams, or to download malware to your device. The email address they’re sending from looks like the real DocuSign one, but the document inside is fake.
 

What can you do to stay safe?

DocuSign have tips on spotting these messages. For example, you can check for the security access code found at the bottom of each message. For more tips on how to stay safe visit DocuSign's website.
 

Protect yourself from payment redirection scams.

Make sure you confirm payment details in person or over the phone using a known and trusted number.
 

Cheque scams start when a criminal pays a business for goods or services by cheque. They may even make it out for a higher amount than the actual value in an overpayment scam.
 

What may happen
 

1. A new ‘customer’ contacts your business to order goods or services.
2. Once the ‘customer’ has made the payment, they phone or email to reduce or cancel the order, or to say that they’ve made an error, e.g. that shipping fees were accidentally included in the payment, and request an urgent refund. Your payments team may also spot the overpayment and think it was just a simple typo, e.g. £16000 instead of £1600, and offer to return the difference.
3. Your business wants to keep the relationship with this new ‘customer’ and processes the refund quickly, using a more immediate electronic payment service such as a Faster Payment.
4. In due course, the original cheque is returned unpaid, because it the account it is drawn on has no funds or does not exist. Your business is left with a financial loss because it refunded the amount ‘overpaid’.

Protect yourself

• Never accept a cheque for a higher value than you were expecting.
• Never feel pressured into making a refund or payment.
• Keep your chequebook in a safe place, report any missing cheques to your bank straight away and always check your statements thoroughly.
• If accepting payment by cheque, treat the payment with caution and don’t provide the service or goods, or refund the payment, until you are certain the cheque has cleared and credited your account.
• Never pre-sign blank cheques. When writing cheques, be sure to complete all sections leaving as little space as possible.
• We strongly recommend you use a dual authorisation process for all payments. This provides independent verification as at least two people can review the details.