The scam: Impersonation scams originating from fake NHS Covid text messages
Volume: £880,000 worth of scams reported since Jan 2022 (Santander data)
Average value of impersonation scam that originated via an NHS Covid SMS was £5,600 (Santander data)
Chris Ainsley, Head of Fraud Control, Santander UK said: “With changes to Covid testing and self-isolation requirements coming into force, fraudsters are exploiting the accompanying uncertainty as the ‘new normal’ beds in. Be on high alert if an SMS or email includes a link to a website, however genuine the website may look and never feel pressured to move your money. No bank or legitimate organisation will ask you to transfer your money to a safe account – ever.”
How the scam works:
1. Fraudster sends an SMS (smishing message) stating that the recipient has been in close proximity to someone who has tested positive for Covid and includes a link to a fake NHS website to order a PCR test.
2. The link in the text messages takes them to a website that asks for their personal details.
3. To cover postage for the PCR test, a nominal payment amount is requested, meaning card details are also harvested by the fraudster.
4. The fraudster then contacts the intended victim pretending to be from their bank (using the information shared on the fake website) and convinces them that they are being scammed and they need to move their money into a safe account.
5. The name on the safe account is often someone else’s and the fraudster will provide a rationale about why it isn’t in the customer’s own name. This means when the account number is checked with the name as part of the payment process, there will be a ‘match’. The account will in reality be controlled by the fraudster.
6. The fraudster is able to use the information shared on the fake website to socially engineer their intended victim and legitimise their request, making their intended victim think that they are really speaking to their bank.
7. Once the money is sent, the fraudster cuts off all contact. Sometimes their details are then sold on to other fraudsters.
Santander case study:
Mrs D received a SMS purportedly from the NHS warning her that she had been in close proximity to someone who had tested positive for the Omicron variant. She clicked on the link contained within the SMS to order a free PCR test and paid £1 for postage. She then received a call on 21 February from an individual claiming to be from the Santander Fraud team, who advised her that she had recently fallen victim to an NHS PCR scam and that her account was now at risk, and she needed to move her money to a safe account immediately.
The account details provided were under a different person’s name. When Mrs D transferred the money, Confirmation of Payee – the system in place to show whether the account name matches the account number provided – confirmed that the account was registered to someone else. However, Mrs D continued with the transfer.
Once the transfer was complete, the fraudster asked to speak to her husband. Mr D was advised to move his money from his joint account with his wife into his sole account, as his wife’s details were apparently compromised. He was then provided with the same account details as his wife and told to transfer his money to the safe account. In total Mr and Mrs D transferred over £20,000 to the fraudster.
What to do
If you are contacted by your bank, the police or any organisation and asked to move your money, stop, end the call and call your bank using the number on the back of your card or 159.
If you think you’ve already been the victim of this type of scam, report it to your bank straight away.
- Ends -
The information contained in our press releases is intended solely for journalists and should not be used by consumers to make financial decisions.
Notes to Editors
Santander UK is a financial services provider in the UK that offers a wide range of personal and commercial financial products and services. At 31 December 2021, the bank had around 19,200 employees and serves around 14 million active customers, via a nationwide branch network, telephone, mobile and online banking. Santander UK is subject to the full supervision of the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) in the UK. Santander UK plc customers’ eligible deposits are protected by the Financial Services Compensation Scheme (FSCS) in the UK.
Banco Santander (SAN SM, STD US, BNC LN) is a leading retail and commercial bank, founded in 1857 and headquartered in Spain. It has a meaningful presence in 10 core markets in the Europe, North America and South America regions, and is one of the largest banks in the world by market capitalization. Its purpose is to help people and businesses prosper in a simple, personal and fair way. Santander is building a more responsible bank and has made a number of commitments to support this objective, including raising over €120 billion in green financing between 2019 and 2025, as well as financially empowering more than 10 million people over the same period. At the end of 2021, Banco Santander had €1.15 trillion in total funds, 153 million customers, of which 25.4 million are loyal and 47.4 million are digital, 9,900 branches and 197,000 employees.