1. About Santander UK
  2. Media centre
  3. Press releases
  4. Santander data shows bank impersonation scams targeting businesses are on the rise again

Santander data shows bank impersonation scams targeting businesses are on the rise again

  • Number of attempted impersonation scams reported to Santander UK by its Corporate & Commercial Banking clients increased during Jan and Feb, with over 50 clients known to have been targeted in these two months in 2024 alone
  • 鈥榁alidate all requests made through unsolicited contacts by calling your bank directly鈥, 鈥楥heck the phone number using the phone number on the back of your bank card鈥 and 鈥楴ever use a phone number in an SMS message or which has been given to you by a cold caller鈥 - Santander UK provides tips how to keep your business safe from impersonation scams
  • UK based logistics firm Consolid8 was targeted by scammers pretending to be their bank and instructed to 鈥榓ct now or lose 拢18,000鈥 by the criminals

The bank impersonation scam: Criminals call a business and pretend to be a bank employee, then trick the business鈥 staff member into giving them remote access to their device, their business鈥 online banking credentials and into authorising payments into criminals鈥 bank accounts. The scammers are often highly professional, and their impersonations of legitimate bank staff can be convincing, even to those who speak to their bank regularly.

The numbers: According to UK Finance data, a total of 76.1 million was stolen from people in the UK through impersonation scams in the first six months of last year. The number of attempted impersonation scams reported to Santander UK by its Corporate & Commercial Banking clients increased during January and February 2024 with over 50 clients known to have been targeted in these two months alone.

Chris Ainsley, Head of Fraud Risk Management at Santander UK said:Impersonation scams are rampant and the criminals perpetrating these crimes can be particularly devious in their approach, using convincing but often aggressive tactics. Unfortunately, both businesses who speak to their bank regularly and those who don鈥檛, can be the targets of this type of attack, so all should remain on high alert to this threat. Dont trust people who make an unsolicited call to you and say they are from your bank, and make sure you validate any requests from cold callers by hanging up and contacting your bank using the phone number on the back of your bank card or your trusted relationship teams.鈥鈥赌

Impersonation scam - how it works:鈥赌

You receive a call or SMS on your mobile from someone purporting to be from your organisation鈥檚 bank, often from its fraud or security department. In some cases, the caller gives you a 鈥榗ase ID鈥 or 鈥榚mployee number鈥 as part of their effort to appear legitimate. The caller advises you that a 鈥榝raudulent payment鈥 has been made from your organisation鈥檚 bank account. They direct you 鈥 either over the phone or by sending you a link - to a fake website impersonating the bank so you can resolve the fraudulent payment issue. The caller either instructs you to install a remote access system onto your device or tells you to click on part of the fake website that, without you realising, installs remote access. Now the caller has access to your device, they instruct you to log into mobile banking and authorise transactions to their account, in order to stop the 鈥榝raudulent payments鈥 that they鈥檝e claimed you鈥檝e been a victim of. You then authorise the transactions, but what you are actually doing is authorising payment to the fraudsters鈥 accounts. 听

Case study

Russell is the financial director of UK based logistics firm, Consolid8. Over the course of a week, Russell and his team received several calls from a well-spoken and professional sounding person, claiming to be from Santander. The caller said Consolid8 had been a victim of fraud, and it would need to move money from its account to another provided by the bank impersonator as soon as possible, or they鈥檇 risk losing the money. Russell said that he鈥檇 check with his usual relationship manager as had heard of this type of bait before and was aware of what he needed to do to protect his business.

As the week went on, they tried to call him and several others in his business, each time becoming more aggressive and telling the logistics firm they needed to move the money and 鈥榓ct now鈥 or would lose 拢18,000. This type of behaviour made Russell鈥檚 team feel very uncomfortable. The scammer鈥檚 multiple attempts to fluster staff, which began politely at the beginning, and then became more pressured, were the red flag for Russell, who then informed his regular contact at Santander and was assured that this was not the bank calling and that they had been the target of a bank impersonation scam.

Russell noted that the scammer was hard to spot as they had a lot of information about the business and its banking arrangements and knew just what to say. However, as Santander had advised him previously that his bank would never be forceful about moving large sums of money, to not share personal details or act on phone calls, Consolid8 was better prepared and avoided becoming a victim.

You can watch the full story of Consolid8鈥檚 experience with scammers .听

How to keep your business safe from impersonation scams

  • Don鈥檛 share any passwords or security codes with anyone - not even a Santander employee.鈥赌
  • Never share your token code with anyone. These can only be used to authorise log in, account changes or payments, and Santander UK never asks you to use them to authorise a refund or stop a payment leaving your account.鈥
  • Don鈥檛 allow anyone to remotely access your devices.鈥
  • Never use the mobile app to authenticate a transaction you鈥檝e not selected yourself in online banking.鈥
  • Never click on a link, download an app, or open an attachment related to your organisation鈥檚 mobile or online banking in response to a call or SMS asking you to do so. Santander UK will never ask you to do this.鈥
  • Never trust caller ID as contact numbers on phone calls and SMSs can be spoofed. Instead, validate all requests made through unsolicited contacts by calling your bank directly. Check the phone number using the phone number on the back of your bank card. Never use a phone number in an SMS message or which has been given to you by a cold caller.鈥
  • Ensure all your organisation鈥檚 staff keep up to date with fraud trends and advice.鈥
  • For more advice about protecting your business from fraud, please visit our Corporate & Commercial Bankingwebsite.鈥

- Ends -

The information contained in our press releases is intended solely for journalists and should not be used by consumers to make financial decisions.

Notes to Editors

Santander UK is a financial services provider in the UK that offers a wide range of personal and commercial financial products and services. At 31 December 2023, the bank had around 19,800 employees and serves around 14 million active customers, 7 million digital customers via a nationwide 444 branch network, telephone, mobile and online banking. Santander UK is subject to the full supervision of the FCA and the PRA in the UK. Santander UK plc customers鈥 eligible deposits are protected by the FSCS in the UK.

Banco Santander (SAN SM, STD US, BNC LN) is a leading commercial bank, founded in 1857 and headquartered in Spain. It has a meaningful presence in 10 core markets in the Europe, North America and South America regions, and is one of the largest banks in the world by market capitalization. Santander aims to be the best open financial services platform providing services to individuals, SMEs, corporates, financial听institutions and governments. The bank鈥檚 purpose is to help people and businesses prosper in a simple, personal and fair way. Santander is building a more responsible bank and has made a number of commitments to support this objective, including raising 鈧220 billion in green financing between 2019 and 2030. At the end of 2023, Banco Santander had 鈧1.3 trillion in total funds, 165 million customers, 8,500 branches and over 212,000 employees.