Our tips for protecting yourself from fraud and scams
With fraud costing people in the UK around £10.9 billion every year, here are our top 5 tips to spotting scams and staying safe.
- Never share a Santander One Time Passcode (OTP) with another person. Not even with a Santander employee. OTPs are used to verify online transactions. Only you should enter these to authenticate a request. We’ll never ask you to share one with us, ever. If you get a request that asks you to do this, it’s fraudulent.
- Never move money out of your account for security reasons. Criminals impersonate bank staff. They also pretend to be the police and other trusted organisations. They may say that your account is at risk and to keep your money safe you need to move it to a new account. If this happens, it’s always a scam. Always take time to double-check what you're being asked to do before doing anything. A genuine organisation will never rush you in to taking action.
- Confirm all new payment requests or requests to change bank details. Criminals can trick you into making a payment. They do this by sending fake invoices or intercepting emails. Always confirm the receiving bank details. You should do this in person or on a publicly available number. Don't use the phone number that’s in the email asking you for payment. This can lead to you checking with the criminal.
- Complete extra checks to make sure the request is real. Take time to do checks when making any payments. You need to make sure the payee and the request is genuine. You can read reviews, research companies or websites. You should also check the person or company is who they say they are. If it’s for an investment, check the company is authorised. This Financial Conduct Authority have a register you can check. Their 'ScamSmart' tool can be used to help check if an investment is a scam or not.
- Never allow anyone access to your computer after a cold call. Criminals want to access your computer or devices. This is to get control of your digital banking. They may ask you to download software, or ask you to let them remotely log on. They may say they can help with computer or internet issues.
Here are some of our top tips. You can find more detail on how to keep yourself secure in the articles below.
Our tips for protecting yourself online
Cybercrime now costs $10.5 trillion globally, here are our top 5 tips to protect yourself online.
We save a lot of information on our electronic devices. Follow our simple tips to keep your device safe.
Choose automatic updates
Updates on your phone, devices and apps often include security benefits. Your devices will be better protected by enabling automatic updates (where possible). This will help keep your information safe.
Choose when to connect
Turn off the option to automatically connect to Wi-Fi. Especially to public networks. That way, you’ll be in control of when and where you connect. Avoid making bank transactions and online shopping if you connect to public Wi-Fi.
Websites starting with HTTPS (instead of HTTP) are more secure, but you should remain vigilant when sharing information. Never make bank transactions or share personal information on HTTP sites.
Keep control of your devices
Using 'auto-lock' and 'Find my phone' features help avoid anyone accessing information on your device. These features allow your device to lock on its own and allow you to wipe the contents remotely if you needed to.
We’re told not to talk to strangers from a young age. This should be the same for when you make an online interaction. From social media, cold calls to doorstop sales, anyone could be watching or listening to the information you share. It’s important that you are discreet when sharing information.
Sharing information on social media and other platforms is part of most of our daily lives. However, you should always pay attention to what you publish, especially if it includes financial details. You should configure your security settings to make sure it is 'friends only' that can see your social accounts. That way, strangers won’t be able to use your information for other purposes, such as answering verification questions. They can also use your information to create more believable phishing scam emails.
In person or by phone
Don’t share information with people you don’t know, or can’t identify. Ask for more details to make sure people are who they say they are. If you’re in doubt, don’t give any personal or sensitive details out. It's best to contact the company directly through their official channels.
Phishing is where cyber criminals send you emails in an attempt to steal your information. They usually pretend to be a reputable company, and it’s one of the biggest causes of fraud today. Emergency situations and hard-to-refuse offers are just some of the methods used to try and get your information. Read our tips below for how to spot a fraudulent email.
Do you know the sender and does the email address match one you already know? Most malicious emails address you generically, rather than by your name. We will always address you personally when we contact you by email.
An email may contain links, which take you to a different website than it suggests. If you hover your mouse over the link (without clicking), you can see a preview of the actual link that you will be taken to.
Most malicious emails play to emotion or the urgency of a situation. Many urge you for quick payment or personal information. Always confirm that this type of request is genuine and never share sensitive information if you’re unsure.
Spelling and grammar
Many phishing emails contain poor spelling and grammar. It could be a phishing email if you:
- don’t recognise the sender
- were not expecting the email
- see lots of mistakes
- notice it isn't in the same tone as emails you've received from the company before
Having the same or similar passwords for all your accounts is common, but it’s not secure. Follow these simple steps to improve the way you manage passwords.
Passphrases are passwords that contain 3 or more random words. For example, it will take much longer to crack “ChickenDogRabbit” than “#sK8/aD”, and it’s much easier to memorise. Remember, it’s how long a password is that makes it strong, and not always how complex it is.
Use multi-factor authentication (MFA)
As well as having a strong password, using MFA where you can will increase your security. This is now commonly used for accounts, such as email logins. It requires additional forms of identification that only you would have, such as a code sent to your mobile or your fingerprint.
Use a password manager
Never write down your passwords on sticky-notes or on devices. If you need to keep track of passwords, instead use a password manager. These applications allow you to save all your passwords in one place and it’s kept secure with a master code.
Don’t repeat passwords and avoid default ones
Never use the same password more than once. You should change your passwords regularly. Avoid using pre-populated or default ones.
If you’re ever unsure of an email, call or text, whether that’s because you don’t know the sender or the contents, or you’re just unsure, you should always report it. You’ll know that an email is genuinely from us because we will always:
- address it to you personally
- include the last 4 digits of your account or card number
- never ask you to log on to Online or Mobile banking through a link.
- never ask for your personal information, such as passwords or security details.
If you get an email that says it’s from us but you suspect it’s not, please forward it to email@example.com
For suspicious text messages, known as smishing, please forward them to 7726 and firstname.lastname@example.org
To report a fraud or scam, please visit our How to report fraud page.
These websites explain more about online security and how to protect yourself from fraud and scams. As well as general advice.
It’s important to point out that these are external sites. Santander have no control over their content. When you click on these links it means you’ll be leaving the Santander website.
Action Fraud – information about fraud and financially motivated internet crime. This site contains information on the different types of fraud and scams. It also has information about how you can avoid becoming a victim.
Age UK – providing a free national advice line and local advice.
CIFAS – a UK fraud prevention service offering ‘Protective Registration’ to those who have fallen victim to, or are at risk of, identity theft.
Citizens Advice – provides free, independent and confidential advice on rights and responsibilities.
Experian – access your credit report and score. You can also get online identity protection and alerts.
Financial Ombudsmen Service – supports customers with most financial services.
Payment Systems Regulator (PSR) – makes sure that payment systems are operated and developed in a way that considers and promotes the interests of all the businesses and consumers that use them.
Trading Standards – provides leadership, influence, support and resources to help combat consumer and business detriment nationally, regionally and locally.
Trusteer Rapport – provides free security software to help protect you against Online Banking identify theft and fraud.
National cyber security centre - Top tips to ensure you are doing all you can to secure you and your family online.