While fraud and scams are not new, advances in technology give criminals more ways to attempt to access your money. Knowing the techniques they use can help you protect yourself and your money.
If you think you've responded to a scam or been a victim of fraud, contact us straight away and report it to Action Fraud on 0300 123 2040.
Tips for spotting fraud and scams
While there’s no one-size fits all approach when it comes to protecting yourself, we've come up with a list of things that can help you spot and avoid fraud and scams.
- Always take time to think before making a payment, especially if it’s a lot of money. Speak to someone you trust first, like a friend or family member.
- Pay extra attention to the warnings we provide when making a payment. They’re in place to help you bank safely and avoid being scammed.
- Anyone can be easily impersonated, and criminals can make the caller ID, email address or name look exactly like the genuine caller. So, if you get an email, text or call, check it’s genuine by phoning them back on a known and trusted number.
- Always take time to complete extra checks when you make a payment. This is to make sure the person and the payment are genuine. This can be reading reviews, researching companies or websites, and checking the person or company is who they say they are.
- Don’t allow anyone remote access to your devices. Criminals can ask you to click on a link or download an app which will give them control over your device.
If you’re worried or think you've responded to a scam email or text or given your details out to the wrong people, you should contact us first on 0330 9 123 123 or 0800 313 4321 (freephone). Also report it to Action Fraud on 0300 123 2040 |
Social engineering
Social engineering can happen in person, digitally or over the phone. You don’t know it’s happening because criminals use sophisticated techniques. They may create fear, panic or build a friendship.
Criminals use social engineering to make you do something that you normally wouldn’t. This might be:
- sending a payment to an account without checking that it’s genuine
- allowing someone access to your device
- giving away personal or security information without realising the other person is a criminal.
Common social engineering techniques
Remote access
Criminals convince you to give them remote control over your device. They ask you to download legitimate apps such as AnyDesk or TeamViewer. They might ask you to click on a link. Once you give them control they can see everything on your device.
With remote access scams the criminals goal is to steal your money or access your financial information. They do this by tricking you into giving them access.
Never give anyone remote access to your device, unless you’ve checked the caller is real and you trust them. Even if access is granted, never open any banking apps or windows. Remote access gives the other person full access to view and act on everything you can.
Phishing (emails), smishing (text), and vishing (voice calls)
The most common social engineering tactics are:
- Phishing (emails)
- Smishing (text)
- Vishing (calls)
We know criminals can make messages look real, and sound very convincing when they call. Our advice would be never act on any request without checking that it’s from a real source. Visit our ‘How to report fraud’ page to learn more.
Common types of scams and fraud
There are lots of different types of scams and fraud. See our list of helpful links below to find out more about each type.
HMRC scams
Criminals pretend to be HMRC to try and get you to make an urgent payment, or click on a link in a message. They might send an outstanding bill or tax rebate message asking for payment. They may even threaten you with court action, bailiffs, or police arrest if you don't take urgent action.
Criminals can contact you at any time of year. They might make contact through:
- text messages
- instant messaging services like WhatsApp
- emails
- phone calls
- social media.
The caller ID or email address might say it's from HMRC or HM Revenue and Customs. They can fake these details to appear the same as the genuine ID. HMRC will never call you out of the blue about something you're unaware of and will never call threatening legal action.
How you can protect yourself
- Never make a payment to HMRC if they contact you out of the blue. Especially if they threaten you with police or court action.
- Always check what you owe directly with HMRC on the GOV.UK website.
- Never rely on the number that's shown on the caller display as proof that it's HMRC you're talking to. This can be falsified (known as spoofing).
- Never be pressured into sharing personal or financial details with anyone.
- HMRC will never tell you about a tax rebate or refund by email.
Romance and friendship scams
Criminals take advantage and trick you into thinking they want to be friends or a romantic interest. Scammers typically create fake online profiles designed to lure you in. They may use a fictional name or falsely take on the identities of real people such as military personnel, or professionals working abroad.
These criminals can spend a long time building trust with you. Or it could all happen very quickly. They’ll make up a reason to ask for your help using the emotional attachment they've built with you, and say that they'll pay you back.
For example, they might say they need help with travel costs or hospital bills. Or they may prey on your sympathies by telling you a family member or someone else they're responsible for is ill and needs money for medical treatment.
How to protect yourself
- Never send money to someone you haven’t met in person.
- Always consider that the approach may be a scam. Especially if the warning signs listed above appear. Try to remove the emotion from your decision making no matter how caring or persistent they are.
- Online friendships are based on profile. It is important to check if the person you’re talking to is who they say they are. For example, you can check if profile photos are genuine by performing a reverse image search on a web search engine. This can find photos that have been taken from someone else.
- Be wary of requests for money. Never send money, give security details, or copies of important personal documents to anyone you have met online.
Here’s an easy read guide. This guide gives a basic explanation of what a scam is, and tips on how to keep yourself safe. The content was created with Take Five and Mencap, and is not owned by Santander.
Investment scams
Investment scams are evolving and are very common. Criminals use clever and pushy techniques to trick you into putting your money in to fake or worthless investments.
They might get in touch with you if you've shown interest in their fake firm on social media, or found them using a Google search. Or they might just call you out of the blue. They might say they can offer you a big return in a short amount of time. These criminals can be very convincing.
Warning signs to look for that can help you to spot a possible investment fraud:
- An unexpected email, message or cold call that offers any form of investment. Did you know that cold calling to sell you shares or investments is illegal?
- 'Limited time only' offers that don't give you enough time to think the investment through.
- A pushy and persistent sales technique.
- Company names which sound familiar or have a slight change to a legitimate company that's registered with the Financial Conduct Authority. These are known as clone companies.
- A company that wants you to keep your investment a secret to get maximum returns.
Be ScamSmart
The FCA has created ScamSmart, an online tool to help consumers find out if their investment is a scam or not. It aims to help you understand whether the company you’re going to invest with is regulated by the FCA, and whether it could be a cloned or spoofed company. Remember, you must carry out your own due diligence checks on the company. That could include checking the telephone numbers you’ve been given match those registered to the company and contacting them directly using the genuine number to confirm the details.
How to keep yourself safe
- Check it out. Check the Financial Conduct Authority (FCA) register. You should use their ScamSmart tool to check the investment and the company are regulated.
- Avoid clones and fakes. Confirm you’re dealing with a genuine and registered company. Only contact firms using the contact details on the FCA register.
- Stay in control. Avoid uninvited investment offer. These could be made on social media or over the phone. Research the company first and think about getting independent financial advice. You should always check the IFA firm and people you’re dealing with are genuine.
- Take extra crypto care. Never let anyone set up a cryptocurrency wallet or upload ID documents. Make sure you don’t let anyone remotely manage an investment for you.
- Don't assume it's real. If a website, advert or social media post looks professional, it doesn’t mean they are genuine. Well-known brands or people can be cloned to make scams look real.
- Never download software or apps that allow someone remote access to any of your devices. When you allow remote access you give the person full access to see what you can.
Visit the FCA website to learn more about how to avoid investment scams and protect yourself.
Remember: If something sounds too good to be true, it's probably a scam.
Purchase scams
Purchase scams
Criminals make you believe you're dealing with a genuine seller or company. They advertise on social media, genuine selling sites, create fake websites or hack genuine accounts.
Buying scams
These scams can happen when you find something online that you want to buy. This could be a holiday, flights, concert tickets or building materials. Once you've paid, you lose contact with the seller. You may not receive any of the goods. Or you might get something different to what was advertised.
Selling scams
These scams can happen when you sell items online. You may send the goods as agreed and never receive payment. Or you may be tricked into returning an overpayment. The criminal may send you a cheque for more money than the value of the item being sold. They ask for the extra money to be transferred back or sent on to a third party, for example a ‘shipping agent’.
How can you spot them?
These criminals are very clever, but sometimes warning signs could help you identify them.
- An item priced under the recommended selling value – does it sound too good to be true?
- The seller makes extra effort in communication to push the sale through.
- The buyer sends you more money than they need to pay for the item. They'll ask you to return the difference.
- A seller you don’t know asks you to use ‘PayPal Friends & Family’ service or to pay for goods by bank transfer.
- Facebook Marketplace is a great way to buy and sell locally. Be cautious when buying an item that you can’t see in person. The seller may be using a fake profile. Buying this way is high risk.
How can you protect yourself?
Even if there are no warning signs, we’d recommend that you consider:
- If buying from a reputable buying site such as eBay, Airbnb or Autotrader stick to the payment advice they provide. Use secure payment channels if they're offered. Never communicate outside the site.
- Always use secure payment methods where you can. PayPal (buying goods), debit and credit cards can offer more protection than bank transfer.
- Where possible view items in person before making payment. Never pay for large items like a car in advance.
- Be wary of accepting payment for goods by cheque.
- Never send personal or financial details by email. Emails can be intercepted.
- Research the seller and site and always read the reviews. Check several review sites and compare them. This helps rule out any fake reviews left by fraudsters.
Impersonation scams
What are impersonation scams?
These are when a fraudster contacts you and pretends to be someone else. They’ll pretend to be your bank, HMRC, or another trusted person to convince you to send them money.
An example of this could be: You get a call from Santander on a known and trusted number. The caller claims to be from Santander’s fraud department. They tell you that your account is at risk and you need to move your money into a newly opened account to keep it safe. They will tell you the account details of this account, and ask you to transfer the money across to it. They will tell you which options to select if you are sending it online, or tell you what to say to the advisor if you choose to transfer it over the phone or in the branch. They do this to avoid suspicion. What you’re really doing is sending the money to an account in the criminals name.
Here are some techniques used to convince you they’re genuine:
Social media
Fraudsters send messages or contact you through messaging services like WhatsApp, LinkedIn, direct messages, Facebook and any social media platform. They can impersonate anyone and use this to build trust.
Spoofing - telephone, messages, or email
Many fraudsters use something called ‘spoofing’. This is where someone fakes how their contact number appears on the caller ID, messenger name, or email address. This is to disguise their identity and try to convince you that they’re someone else.
If you get a suspicious email that claims to be from us, please forward it to phishing@santander.co.uk. Or if it’s a text message, you can forward it to 7726 and email it to smishing@santander.co.uk.
Here’s an easy read guide. This guide gives a basic explanation of what a scam is, and how you can keep yourself safe. The content was created with Take Five and Mencap, and is not owned by Santander.
Safe account scams
Criminals pretend they’re us to steal your money. They’ll say anything to convince you they’re for real.
If you’re contacted by anyone and told to move your money to keep it safe, stop. This is always a scam.
Criminals tell you your money’s at risk. And you need to move it to keep it safe.
Protect yourself with these simple steps:
- We’ll never ask you to move your money to keep it safe. And no other organisation will either. If this happens to you, it’s a scam.
- Criminals will tell you to lie to us. If you’ve been told what to say, stop and tell us now so we can help.
- Make sure you know who you’re talking to. Do this before taking any action. Make sure you call the company on a trusted number, or a number found on their website.
- If the call is from your bank, dial 159. This is a safe and secure number. It’ll connect you straight through to your bank.
Invoice or mandate scams
Invoice fraud happens when a criminal sends a fake invoice, or bill, asking you to pay for goods or services. It might look like this:
- a criminal pretends to be a builder or someone providing a service. They do this by hacking their email system or sending you a request by email or message.
- they trick you into changing the bank account details for an outstanding or future payment.
- the message will usually urge you to pay straight away.
- your money is then paid to the criminals bank account.
How to spot invoice fraud
- The main thing you should look out for, is unusual grammar and spelling mistakes. Also any requests to change your usual payment details.
- If the invoice comes in the post on headed paper, look out for minor discrepancies. This could be a change in font or a change in the usual payment details.
- Your contacts email address may be altered very slightly to give the impression that it’s correct, but it’s actually fraudulent. Instead, you might receive an email directly from someone you’ve dealt with before, but their account may have been hacked or spoofed.
Protect yourself
- Before paying a new bill or changing existing details make sure you confirm the payment request is genuine.
- Always call a number you know to be genuine for recipient or check in person.
Cryptocurrency fraud
Crypto related scams are common. These types of investments are accessible and available to all budgets. Criminals will use attractive adverts and fake celebrity endorsements. They do this to make people believe the investment is real. Remember, if something sounds too good to be true, then it probably is.
Most firms who advertise and sell investments in cryptoassets are not authorised by the Financial Conduct Authority (FCA). This means that if you invest in certain cryptoassets, you will not have access to the Financial Ombudsman Service or the Financial Services Compensation Scheme if things go wrong.
See our investments scams section above for more ways to protect yourself.
You can also check our cryptocurrency page for more information.
SIM swapping
SIM swapping happens when a criminal gets your mobile phone provider to issue a new SIM card. Once they get the new SIM they can access your mobile banking messages. Your SIM card is deactivated and the messages are sent to the criminals device.
Santander has developed award-winning SIM swapping detection technology. However you still need to be aware of any issues with your mobile phone which could be related to SIM swapping.
The warning signs are:
- getting an unexpected text message to say your SIM is transferring
- losing connection for an unusual length of time in a place where you would normally have a connection
- your phone showing the message ‘invalid SIM’ or ‘no SIM’
If you think any of the above has happened with your phone, contact your mobile phone provider. Always use a number from their website.
How to protect yourself:
- set a secure password with all phone service providers
- dispose of your phone bills securely
- use online bills instead of post where you can
- keep your phone switched on at all times – this way you’ll spot if it’s not working.
Identity theft
Identity theft affects lots of people and can have devastating impacts on its victims. Criminals are able to open new accounts, claim benefits and apply for official documents using only a few details. These accounts are then opened in your name and can be traced back to you.
The warning signs are:
- 'lost' mail - your statements or bills suddenly stop arriving
- your rubbish bags have been tampered with
- you start getting bills you don’t know about
- strange Direct Debits or payments appear on your account.
How to protect yourself:
- shred all sensitive information. Never throw it away or recycle it.
- delete suspicious emails that ask for personal information. Remember we'll never ask for that by email
- think twice before giving out personal information
- if you move house, redirect your mail
- use online bank statements instead of printed or posted ones
What you should do if you think you might be a victim:
If you think any of your account or personal information has been stolen, cancel your card or freeze your account straight away.
If you are not receiving mail, contact the company to let them know. You should also contact Royal Mail to make sure that a mail redirection has not been placed.
If you see a transaction on your statement that you don't recognise, call us on 0800 092 3300.
If you've been a victim of identity theft, get a copy of your credit file. This will allow you to check if anything has been applied for in your name. Look for new accounts and for credit searches that you didn't authorise. This can suggest there's been an attempt to impersonate you. Remember, it's the data holder's responsibility to make sure that all data held is correct. Any credit searches not authorised by you will need to be deleted from your credit file.
Money mules
Criminals use money mules to help them move stolen money from one account to another. They will make contact in many ways such as social media or waiting outside your place of school or university to speak to you. They’ll use different stories to trick you into moving money for them. They do this to try and hide the money that they’ve stolen.
Remember
- Your bank account must only be used by you.
- You must never let your account be used by anyone else.
What can happen to a money mule?
We may block or close your account. Any money that was given to you for your help will be taken back too. You may also:
- find it hard to open another bank account. Which may affect your ability to get employment or rented accommodation.
- struggle to get a loan or mobile phone contract.
- be liable for the full amount of the money that was paid to your account.
- face criminal prosecution.
Card fraud
Payment card fraud is when criminals steal your cards, or get your cards details so they can steal your money. You might notice this by seeing unexpected transactions on your statements or suddenly seeing that you have gone over your overdraft or credit limit.
Card-not-present (CNP) fraud: When a criminal uses stolen card details to make payments online, by phone or mail order.
Counterfeit card fraud: this occurs when criminals make an illegal copy of your credit or debit card. Most of this fraud involves skimming. This is when your cards magnetic stripe data on the back of the card is copied by a criminal. Criminals often skim cards by using a device that is fitted to a cash machine or any card reader. This data is then transferred onto a fake magnetic stripe card and used to make purchases.
Lost and stolen card fraud: When your debit or credit card is physically stolen or lost and then used by a criminal.
Card ID theft: this happens when a criminal has got details other than your credit or debit card such as stolen personal information, to takeover a card account in your name.
ATM (Cash Machine) fraud, this could be:
Card entrapment, physical card is captured.
Card skimming, details of the card captured.
Cash entrapment, where a device is fitted to the cash dispenser to capture the cardholders cash.
Digital card Fraud – This is when a payment has been made using the contactless feature on your credit/ debit card or using a digital wallet e.g. Apple/Google pay. Contactless card payments have a £100 limit per transaction, but digital wallet transactions have a larger limit.
Advance fee scams
This is when a criminal asks you to pay upfront and you don't receive what you're expecting.
This could be:
- paying an ‘admin fee’ to release funds from a loan
- paying a deposit for accommodation which doesn’t exist
- paying a fee to release money in an investment
- paying a fee to recover money lost in a previous scam. If you've already been the victim of a previous scam you can be targeted
- paying for uniform or checks for a job before you've been given a contract.
- paying a fee to release lottery or competition winnings.
Criminals will use different ways to contact you. This can be email, text message, a phone call, social media or a mix of two or more to build trust. Always be cautious and think about how you can check that the person, organisation or opportunity is genuine.
How to stay safe:
- Use legitimate companies when applying for any credit. Don’t use companies that ask for an admin fee to be paid to release funds.
- Always read reviews and complete checks to check the company exists. Don’t believe everything in the job advert is real.
- Always take time to think about any request you are asked to do that involves paying upfront.
- Avoid applying for jobs on social media, use legitimate job sites.
- Don’t pay to release winnings on any competitions or lottery, especially if you have not entered anything.
- Don’t pay money to an employer, especially prior to starting the role.
- Don’t pay any deposits for properties until you have seen it in person and have a tenancy agreement. Use a reputable company to avoid any problems.
WhatsApp impersonation scams
Criminals impersonate people you know and trust – even members of your own family.
They’ll send a WhatsApp or message pretending to be a loved one.
The message will come from a new, unknown number claiming that their old phone is broken or lost. They’ll go on to ask for money to buy a new phone or to pay an urgent bill.
The criminal will want you to act straight away, so they’ll tell a story to try and push you to do something differently. This stops you taking time to reflect on what’s happening and make you more likely to fall victim to their scam.
Always speak to the person before making any payments, either face to face or by calling their old number. Taking a moment to stop and think, could save you losing your money.
Digital Wallet fraud
We’ve seen a rise in Apple Pay and Google Pay being set up fraudulently. This means criminals can access victims card details through their digital wallets. We’ve got some simple information that can help you protect yourself from these frauds.
What it looks like:
- Jane sees a social media sale advert by a well-known company.
- Tempted by the offers, she makes a purchase. She enters the usual card payment information to make the transaction.
- The website asks her to authenticate the payment using a One Time Passcode (OTP).
- She follows the instructions on the page and completes the order.
What’s really happened:
Jane entered her card and personal information into a fake site. This information was used by a criminal to add Jane’s card to their digital wallet. The OTP Jane received wasn’t for the card payment, it was to register the digital wallet. This gave the criminal access to Jane’s card to make purchases through their digital wallet.
Here are some steps you can take to avoid this happening to you:
- Always read the full OTP message. The message will explain what the code is for. If the message doesn’t match with what you’re trying to do, STOP and call us.
- Turn off AutoFill on your device. Change your device settings to stop codes, such as OTPs, being entered automatically without opening and reading the full message.
- Check it out. Do your own research of the company and check their website directly. If they have a sale on, it will be included on their website too. Don’t just trust that a social media ad is genuine.
Once a criminal has your details, they can use these to commit further, more costly scams. They can use the information to pretend to be your bank or the police. If anyone contacts you and asks you to move your money to keep it safe, it’s a SCAM.
You can find an A-Z of fraud and scams on Action Fraud's website