We take every step possible to keep your finances and personal details safe. However, you play an important role too. Together we can make life really difficult for would-be criminals.
More than ever banks are seeing an increase in incidents where criminals are using ingenious ways of persuading customers to part with their personal details, their credit and debit cards and ultimately their money.
Prevention through awareness is the best way to avoid becoming a victim of a scam. The following information is designed to inform you of the types of threats you may encounter, along with some simple steps that can be taken to protect yourself.
If you think you have responded to a scam email or given your details to the wrong people, call our Online Banking Helpdesk on 0800 917 9170 7am to 9pm Monday to Saturday and 9am to 9pm Sundays.
As you would expect, we are always keen to hear about the latest scams - so please forward anything suspicious to firstname.lastname@example.org
Be assured that we do investigate every report we receive, although we can’t guarantee a response to each email forwarded.
How to protect yourself against scams
We want to help keep you protected. This leaflet explains some common scams to look out for and gives you tips for staying safe.
The banking industry has seen an increase in customers and businesses receiving cold calls from scammers who say that they're from telecommunication or computer companies or (for businesses in particular) an IT department. The caller offers:
to fix, upgrade or protect your computer from running slow
upgrades in service for internet connections, devices or phone lines
assistance for refunds of overpayments.
These callers will ask you to log on to your Online Banking and then attempt to remotely access the computer to 'help' you with the problem.
However, the remote access allows them to release malicious software and gain access to personal data. The fraudsters may also ask for banking, card, security or other personal details in an attempt to get access to your Online Banking.
a cold caller saying they can fix your slow computer or refund you money
an unexpected call from someone claiming to be from your IT department
the caller asking you to give permission for them to remotely access your computer
the caller asking for any of your banking or personal details
Never give control of a computer to a third party who calls out of the blue
Never disclose personal or security details such as a PIN, passwords or Security Numbers, or allow anyone to collect a bank card
Never rely on caller ID alone to authenticate a caller: criminals are able to ‘spoof’ caller ID numbers, meaning that you can’t be sure that number displayed is from the company they claim it to be from
Never follow a telephone instruction asking to press keys on the keyboard or run any programmes from a cold caller
Never give a card or any financial information to someone who calls unexpectedly and advises a refund is due
Never transfer money based on an instruction from a cold caller, even if they say it's for a return of an overpayment
Never log on to your Online Banking while a third party is connected, even if you believe the caller is genuine and they ask you to make a payment for their service.
Download the free online security software, Trusteer Rapport. Rapport can help identify and remove malicious software, offering protection when using Online Banking. It can also be used alongside any standard anti-virus product.
If you think you've been a victim of a fraud or a scam, are concerned you may have allowed access to your computer or have potentially downloaded malware, call us immediately on: 0800 9 123 123.
For more information about common frauds and scams, visit our Security Centre
How it usually happens:
1. A cold caller contacts you claiming to be from a ‘tech support’ company and says that your device is running slowly. They might even guess what computer software you’re using.
2. They may ask you to go to your computer and perform a series of complex tasks – sometimes, they target legitimate computer files and claim that they are viruses. Their tactics are designed to scare you into believing they can help fix your ‘problem’.
3. They try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms.
4. Once they’ve gained your trust, they may:
ask you to give them remote access to your computer and make changes to your settings, leaving your computer vulnerable
try to enrol you in a worthless computer maintenance or warranty program
ask for account or card details so they can bill you for fake services, or services you could get elsewhere for free
trick you into installing a computer program that could steal sensitive data, like user names and passwords or
direct you to websites and ask you to enter your banking or card details and other personal information
offer you a ‘refund’ for services and say they’ve transferred too much money into your account, then ask you to send them back the difference by bank transfer or a MoneyGram service such as Western Union. Scammers have even been known to persuade victims to allow them remote access to their computer so they can make the bank transfer for the ‘difference’. In reality they have made no overpayment, and are simply trying to use their victims to help them remove money from their accounts.
Here are some simple rules to follow:
Never give control of your computer to a third party who calls you out of the blue.
Never follow a telephone instruction asking you to press keys on your keyboard, or run any programmes from a cold caller.
Never disclose your security details such as your PIN, passwords or security numbers. These are personal to you and shouldn’t be shared with anyone, not even us.
Never rely on caller ID alone to authenticate a caller as criminals can spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
Never give your card, personal or financial information to someone who calls and claims to be from a tech support company or any other company that advises you are due a refund.
Never log on to Santander Online Banking after a caller tells you too. If they have gained access, they can see what you see, including your account information and your security passwords.
Never transfer money based on an instruction from a cold caller, even if they say it’s to return an overpayment. If you’re ever asked to do this, end the call immediately and call us.
Never give your card or financial information to someone who calls and claims to be from a tech support company or any other company that advises you are due a refund.
If you get a cold call from someone who claims to be from a tech support company, hang up.
A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, call us immediately 0800 9 123 123.
How to protect yourself against scams
We want to help keep you protected. This leaflet explains some common scams to look out for and gives you tips for staying safe.
Banks are seeing an increase in incidents where criminals are persuading customers to hand over their credit and debit cards or to transfer funds from their account.
This scam usually involves a call purporting to be from Santander, the Police or another financial institution.
The caller may:
suggest you call the number on the back of your card or 999 for verification (the fraudster does not hang up and stays on the line so you are still speaking to the fraudster or one of their associates)
want to arrange to have your debit and credit cards collected by a courier
ask you to key in your PIN using your telephone keypad
advise that another account has been set up to keep your money safe and urge you to transfer your money to the new account immediately
insist that it is necessary for you to act urgently to protect your funds
ask you to withdraw and handover cash along with your card as needed for forensic evidence
ask that you do NOT discuss the reason for withdrawal with branch staff.
If you're asked to call a specific number, call a family member or friend first to make sure that the previous call has been disconnected or alternatively use another phone line to call Santander If you are suspicious or feel vulnerable, don't be afraid to terminate the call, say no to requests for information or ask for advice from someone you trust.
Never enter your PIN details into the phone - we will NEVER ask for your PIN details.
Never agree to your cards being collected.
Never be persuaded to transfer funds out of your account.
Don't hand over cash.
If you are concerned that you have divulged your security details, contact us immediately on 0800 9 123 123.
For further information visit Fighting Fraud Action UK
There are an increasing number of 'free trial' offers on the internet, for products such as Acai berries, slimming products, teeth whitening or a free credit report and score. Unfortunately these offers are not always as good a deal as they appear to be and there are often hidden costs in the terms and conditions.
Some of these 'free trial' offers are outright scams, others are simply misleading and rely on you not reading the additional terms and conditions.
You may be offered a product trial where you only have to pay a small fee for shipping and handling
You need to enter your card details - in some cases there appears to be no reason for this
The deal probably seems too good to be true
Always research the company online first. This will show you what other people are saying about the company’s free trials and its service. Complaints from other customers may highlight any catches with the trial.
Always thoroughly read the small print and terms and conditions for the offer before signing up. If you cannot find them, or do not understand exactly what you are agreeing to, do not sign up.
Check which company is behind the offer – just because you are buying something from one company does not mean the offer or additional pop up is from the same company.
Look out for pre-checked boxes if you are signing up for a free trial online. A pre-checked box may give the company permission to continue the offer past the free trial, or sign you up for further products which you have to pay for.
Check the time limit for your free trial – do you have to cancel it within a set time frame to avoid incurring further costs? If so, set yourself a reminder to ensure you remember to cancel it prior to this date.
Look for information on how you can cancel future shipments or services. If you do not want them, do you have to pay? Do you have a limited time to respond?
Regularly check your credit and debit card transactions. This means you’ll know straight away if there are transactions on your account you don’t recognise, or didn’t expect. If you spot transactions you don’t recognise, contact the retailer directly – they may have made a mistake, or may be able to provide you with further details on the transactions. If you are still unhappy with the transactions, contact our Disputes Team on 0800 9 123 123.
Remember, if it sounds too good to be true, it probably is!
Invoice scams happen when fraudsters send an invoice or bill to a company asking for payment for goods or services. They appear to come from a legitimate supplier, business contact or internal colleague at a legitimate email or postal address.
Businesses are being duped into making a new payment or changing the existing payment details of genuine suppliers on the back of a fraudulent instruction.
The fraudster takes on the identity of the genuine supplier or a member of staff, often by compromising email systems or by sending a postal request that appears genuine.
They may send a request, for example:
For the bank account details for an outstanding or future payment to be changed
From a senior colleague such as a finance director requesting a new payment instruction
The message will usually insist on urgent payment to avoid further charges or other consequences. The funds are then paid to the fraudster's bank account.
The fraud is only discovered when the genuine company sending the invoices chases for non-payment. By this time, your chances of recovering these funds from the fraudster are minimal.
The contact email address may only include a minor amendment, giving the impression that it is correct. Or you may receive an email directly from an individual that you have dealt with previously, this email account may have been hacked so look out for unusual grammar or requests to change your usual payment details.
If the request comes in postal form on headed paper, look out for minor discrepancies such as a change in font or a change in the usual payment details.
Always confirm any change of bank account requests with the company or colleague making the change. Remember not to respond to the email address the request has been sent from or use the contact details on the letter requesting the change.
Consider setting up a designated single point of contact with companies to whom regular payments are made.
Review any change of account details already acted on where payment is due at a future date to confirm that the request is genuine.
For payments over a certain threshold, consider additional checks with the company requesting payment to satisfy yourself that the payment will be sent to the correct bank account and recipient.
If you’re a business customer, review your payment approval processes and the controls you have in place to make sure they’re sufficient to combat this type of fraud.
Remember: if you think you have been a victim of scam, or even an attempted victim, call our fraud team immediately on 0800 9 123 123. We’ll set up a case and attempt to recover funds from the recipient bank on your behalf.
Phishing, when criminals try to trick people into revealing their financial information using email, has been around for a while. Now there's a new type of fraud: SMS (text) phishing, otherwise known as smishing.
Fraudsters send texts saying that they’re from your bank, and that they need you to update your personal details or speak with you urgently. The text normally contains either a telephone number to call or a link to a counterfeit website that asks you to enter personal details or download a file to update your records.
If you do give your personal details, you might provide a fraudster with everything they need to take money from your account.
We want to hear about the latest scams so that we can provide information about them to our other customers. If you receive a suspicious text please send it to us. Simply forward the text message and write email@example.com where you’d normally enter the phone number.
Have you had a suspicious email? For more information visit our Phishing section lower down on this page.
We investigate every report we receive, though we can’t guarantee a response to each forwarded text message.
Remember, smishing text messages can look quite convincing, like the examples below. If you're in any doubt, give us a call and never give your details out.
Phishing involves criminals purporting to be from Santander, or other financial institutions, sending unsolicited emails to lure unsuspecting people into handing over their personal details. The email normally contains a link to a counterfeit web-site that requests you to enter a range of personal details.
By entering your personal details on these sites, you are providing a fraudster details necessary to access your account.
A link within the email that leads you to a site where you are asked to enter you log on and Password details.
A message that claims you need to log on to verify movements on your account.
A general, non-personalised greeting.
Receipt of emails from other financial institutions that you have no affiliation to.
Spelling errors and random capitalisation e.g. bAnk 0nline with SanTander.
Our "image and phrase" combination is missing or incorrect (this doesn't apply for Mobile Banking).
Do not click on the link to web-site.
Enter Santander's web addresses directly onto your browser.
If you are concerned about the security of your account contact Santander directly rather than clicking on the link provided.
Install anti-virus software that includes an anti-phishing programme.
Install Trusteer Rapport. It's FREE and provides an extra safeguard when you are banking online.
If you think you have responded to a phishing email or given your details out to the wrong people, please call our online banking helpdesk on 0800 917 9170 7am to 9pm Monday to Saturday and 9am to 9pm Sundays.
As you would expect, we are keen to hear about the latest scams, so please forward anything suspicious to firstname.lastname@example.org.
We investigate every report we receive, although we can’t guarantee a response to each forwarded email.
For more information on protecting yourself online visit www.getsafeonline.org
People recruited by criminals to launder money are known as 'money mules'.
Criminals look to dupe innocent, vulnerable people into laundering money on their behalf by offering what looks like a legitimate job often advertised on the internet or in the newspapers.
The job involves receiving money into your account and withdrawing those funds and sending the money on, while retaining a proportion of the funds as your commission.
Did you know that...?
the money you are asked to transfer is normally stolen or the proceeds of crime
handling the proceeds of crime could result in criminal prosecution
your accounts could be frozen and potentially closed
wages retained by you as part of the transfer will be recovered from your account, and you may be liable for the full value of the funds you received
details of your involvement may be shared with other banks, making the opening of another bank account difficult.
Who do fraudsters target?
Effectively anyone with a bank account can be targeted, however the following groups could be considered at higher risk:
Anyone lured by a seemingly easy way to make cash.
Never give your bank details to anyone you do not know and trust.
Beware of job offers that involve you using your personal account to receive and disburse funds.
Remember, if it sounds too good to be true, it probably is!
For more information please read Money Mules
For further advice please visit Fighting Fraud Action UK
Due to the nature of cheque fraud, a fraudster will normally try and commit cheque fraud in a way that exploits a situation or whereby the fraudster gains the trust of an innocent individual to persuade them to bank the cheque for them.
Overpayment Cheque Fraud
You are selling an item, normally (but not necessarily) of high value. A potential buyer offers to send you a cheque for an amount which is in excess to the value of the item you are selling and asks you to forward excess funds as soon as the cheque has cleared, for taxes or shipping.
You'll usually be asked to withdraw the funds and send the excess funds on via a money transmission agent, or forward the funds to another bank account.
A new acquaintance or a "friend" of a friend asks you to bank a cheque for them
You're asked to place a cheque into your account either from a new acquaintance or a "friend of a friend".
They come up with a story as to why they can't deposit the cheque into their own account.
They may offer you a payment for your assistance.
They ask you to withdraw the funds as soon as the cheque is cleared.
Although different scenarios the outcome is the same. The cheque normally bounces and the customer (e.g. you) suffers the loss.
Be wary of anyone offering you an overpayment for an item you are selling. Think, would you send a complete stranger money in excess to the value of an item?
Be wary of accepting international cheques especially where an overpayment has been received. They are NOT subject to usual sterling cheque clearing cycle and take longer to clear.
Request electronic payment instead, but still be wary of any request to send an overpayment.
Make sure that you know and trust the person you are accepting a cheque from.
Investment scams are better known as boiler room fraud due to the intense, high pressured sales techniques employed by the fraudsters in order to convince you to invest in worthless and or non existent shares.
Contact is made out of the blue by an individual who appears professional and may offer investments in a variety of commodities such as land purchase, carbon credits or vintage wine to name a few. The share offer is supposed to provide the investor an excellent return in a short time frame.
Unsolicited or cold calls.
Persistent sales technique.
Limited-time only offers giving you no time to consider the nature of the investment.
Company names which sound very familiar or have a slight variation to a legitimate company registered with the FCA.
Secrecy of your investment is encouraged to ensure maximum returns.
Issue of false share certificates, research reports or other documentation to make the investments seem credible.
Professional looking websites in order to make their business appear legitimate.
Cold calling to sell you shares or investments is illegal.
Dealing with an investment fraudster will almost certainly result in you losing all your funds.
As they will not be FCA authorised you will have no right to compensation.
If the share offer seems too good to be true it probably is.
If you have fallen victim to a scam beware of cold callers who will help you to recoup your funds and ask for a recovery fee.
Do not sign up to cold call investment schemes.
Only deal with FCA registered stockbrokers.
If you think you are a victim of an investment scam please contact us on 0800 9 123 123.
For further information please visit Action Fraud.
The advance fee fraud is not a new scam. It can be traced back to the 16th century and was known as the "Spanish Prisoner Letter".
Its modern equivalent, the 419 fraud, is named after the section of the Nigerian penal code which prohibits this activity.
Fraudsters contact their victims by letter, phone, fax or email and the scam involves the victim paying a fee upfront for the promise of wealth.
A lottery or cash prize win where a payment is needed to release the funds.
An offer of employment where a payment to cover taxes or visa before you can travel is required.
A once in a lifetime business proposition.
A request from a high ranking government or bank official to release a significant amount of money, (normally an amount in millions), for which you will be given a sizeable percentage when it has been released.
Some fraudsters claim the funds are in a Santander account.
Do not respond to the communication. Thousands are sent indiscriminately.
If the offer looks too good to be true it probably is.
Replying to an advance fee fraud will almost certainly result in you losing your money.
For further information visit the Metropolitan Police website.
With computers and devices, a Trojan is a programme that is designed to conduct a hidden act. An example may be fake anti-virus software that installs malware on your PC, laptop or portable device.
Malware is used by fraudsters to get information from your device or to read information that you input, such as passwords and log on details.
It is difficult to tell if a Trojan is on your device. They are designed to carry out their illegal operations without interfering with the device's normal running.
Trojans could be almost any message / pop up and may contain pictures or documents and if opened, infect your device.
Your device can become infected by simply visiting a website that is hosting malware.
You may be tricked into downloading malware by an eye-catching message like, "Your debit card will be charged", "Someone has sent you a private message" or "You have won a prize".
Use an anti-spam product to filter unsolicited emails.
Treat unwanted emails with suspicion.
Download and install Trusteer Rapport. It's FREE and can block and remove malware.
If your anti-virus software detects a Trojan or any malware take remedial action immediately, follow instructions to remove it and run a full anti-virus scan afterwards to ensure that your machine is clean
If you have used any online banking services recently, contact your bank(s) so they can make sure that your account has not been compromised and take steps to protect your finances.
Telephone number spoofing is when a caller deliberately falsifies how their phone number appears on the Caller ID to disguise their identity. Fraudsters are increasingly targeting consumers over the phone; posing as bank staff, police officers and other officials or companies in a position of trust. The fraudster tries to persuade their victim that their accounts are at risk and that they must move their money to a new account (which will normally belong to the fraudster).
If the victim questions giving out personal details or moving their money, the fraudster tells them to check the caller ID of the phone number they’re calling from, which they have masked, or ‘spoofed’ to look like your bank’s phone number.
Protect yourself - Never give out your security details
Information like your card PIN, One Time Passcode (OTP), password or security numbers are personal to you and shouldn’t be shared with anyone – not even your bank. Santander or the police will never ask you for PINs, passcodes in full or to surrender your card. We will only ever ask you for part of the details, such as the first and fifth letters of the password.
We will never ask for your full security details over the phone. And we will never tell you to move your money to different accounts for security reasons.
For more information on spoofing please visit Action Fraud.
Changes to what you can do with your pension come into effect this year and unfortunately the industry is seeing a rise in fraudsters targeting people with pensions.
The changes mean that people aged 55 or over can take more money out of their pension with fewer conditions attached to the withdrawals. As a result, fraudsters are getting in touch by email, phone, text or even in person, asking people to withdraw from their pension and put the money into fraudulent accounts, which they claim will earn extra income and sometimes ‘bonus payments’ for the victim.
Unsolicited approaches about releasing money from your pension pot before you're 55 (you cannot release money if you’re younger than 55)
Unsolicited approaches about investing money from your pension pot under the new rules
Being asked for personal details such as phone number or financial information, over the phone
Being offered 'cash back' or a 'savings advance' from your pension
Being promised high returns on investments or joining up bonuses
Being asked to move money quickly - fraudsters sometimes offer to use an express courier service for documents to be signed
Never give personal or financial information to a cold caller
Check the credentials of the company and any advisers – who should be registered with the Financial Conduct Authority
Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then
Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice
Never be rushed into agreeing to a pension transfer
You can find more information about pension scams at The Pensions Regulator website.
The Pensions Regulator has also published a booklet about pension scams.
Remember, if an opportunity sounds too good to be true, it usually is.