The bank impersonation scam: Criminals call a business and pretend to be a bank employee, then trick the business鈥 staff member into giving them remote access to their device, their business鈥 online banking credentials and into authorising payments into criminals鈥 bank accounts.听
Volume (Santander UK data): The number of attempted impersonation scams reported to Santander UK by its Corporate & Commercial Banking clients increased 100% during September, with over 200 clients known to have been targeted.听
Chris Ainsley, Head of Fraud Risk Management at Santander UK said: 鈥淚mpersonation scams are rampant and the criminals perpetrating these crimes can be particularly devious in their approach. Businesses should remain on high alert to this threat.听 Don鈥檛 trust people who make an unsolicited call to you and say they are from your bank, and make sure you validate any requests from cold callers by hanging up and contacting your bank using the phone number on the back of your bank card.鈥澨
Impersonation scam - how it works:听听
You receive a call or SMS on your mobile from someone purporting to be from your organisation鈥檚 bank, often from its fraud or security department. In some cases, the caller gives you a 鈥榗ase ID鈥 or 鈥榚mployee number鈥 as part of their effort to appear legitimate. The caller advises you that a 鈥榝raudulent payment鈥 has been made from your organisation鈥檚 bank account. They direct you 鈥 either over the phone or by sending you a link - to a fake website impersonating the bank so you can resolve the fraudulent payment issue. The caller either instructs you to install a remote access system onto your device or tells you to click on part of the fake website that, without you realising, installs remote access. Now the caller has access to your device they instruct you to log into mobile banking and authorise transactions in order to stop the 鈥榝raudulent payments鈥 from leaving your organisation鈥檚 bank account. You then authorise the transactions and your organisation鈥檚 funds are sent to the criminal鈥檚 accounts.听
Case study听
Adam (not his real name) is a signatory on his organisation鈥檚 Santander UK bank account. He received a phone call from a person who said they were 鈥淒aniel Robinson from Santander鈥檚 lower security department鈥 who went on to give Adam a fake 鈥渞eference number鈥 and 鈥渆mployee ID鈥. The caller told Adam that the bank had stopped a large payment being made from his organisation鈥檚 Santander UK bank account, which had been traced to the IP address of a device inside a hotel in the Midlands. Adam followed the caller鈥檚 instructions to install the remote desktop app, AnyDesk, onto his device. The caller then made payments from Adam鈥檚 organisation鈥檚 bank account, each of which Adam authorised on his mobile at the instruction of the caller. The caller also asked Adam to authorise an additional text alert which the fraudster told him was 鈥渏ust for future notification鈥. He suggested Adam call 0333 339 6086 to verify the situation. When the call ended, Adam told his colleague, Anna (not her real name), who was suspicious. Anna called the phone number the fraudster gave Adam, reaching a person who said their name was 鈥淎aron McCaulay鈥, who advised her that the call to Adam had been genuine and that the bank did ask customers to install AnyDesk on their device.听 Adam鈥檚 organisation was defrauded a five-figure sum by the criminals.听听
How to keep your business safe from impersonation scams听
Don鈥檛 share any passwords or security codes with anyone - not even a Santander employee.听听
Never share your token code with anyone. These can only be used to authorise log in, account changes or payments, and Santander UK never asks you to use them to authorise a refund or stop a payment leaving your account.听
Don鈥檛 allow anyone to remotely access your devices.听
Never use a mobile app to authenticate a transaction you鈥檝e not selected yourself in online banking.听
Never click on a link, download an app, or open an attachment related to your organisation鈥檚 mobile or online banking in response to a call or SMS asking you to do so. Santander UK will never ask you to do this.听
Never trust caller ID as contact numbers on phone calls and SMSs can be spoofed. Instead, validate all requests made through unsolicited contacts by calling your bank directly. Check the phone number using the phone number on the back of your bank card. Never use a phone number in an SMS message or which has been given to you by a cold caller.听
Ensure all your organisation鈥檚 staff keep up to date with fraud trends and advice.听
For more advice about protecting your business from fraud, please visit our Corporate & Commercial Banking .听
听
- Ends -听
听
The information contained in our press releases is intended solely for journalists and should not be used by consumers to make financial decisions.听
听
Santander UK is a financial services provider in the UK that offers a wide range of personal and commercial financial products and services. At 30 June 2023, the bank had around 19,400 employees and serves around 14 million active customers, 7 million digital customers via a nationwide 445 branch network, telephone, mobile and online banking. Santander UK is subject to the full supervision of the FCA and the PRA in the UK. Santander UK plc customers鈥 eligible deposits are protected by the FSCS in the UK.听
Banco Santander (SAN SM, STD US, BNC LN) is a leading commercial bank, founded in 1857 and headquartered in Spain. It has a meaningful presence in 10 core markets in the Europe, North America and South America regions, and is one of the largest banks in the world by market capitalization. Santander aims to be the best open financial services platform providing services to individuals, SMEs, corporates, financial鈥痠nstitutions and governments. The bank鈥檚 purpose is to help people and businesses prosper in a simple, personal and fair way. Santander is building a more responsible bank and has made a number of commitments to support this objective, including raising 鈧220 billion in green financing between 2019 and 2030. In the first half of 2023, Banco Santander had 鈧1.25 trillion in total funds, 164 million customers, 9,000 branches and 212,000 employees.听
听
Media Enquiries听
Lara Lipsey 听听听 M: 07713 560 209 E: Lara.Lipsey@santander.co.uk听听
mediarelations@santander.co.uk听
听