Latest fraud updates

Keep your OTP safe

We use One Time Passcodes (OTPs) to protect your money. They’re a bit like the key to your front door. You wouldn’t give that to anyone else. An OTP is similar, it’s the key to your account. And it shouldn’t be shared with anyone. Not even with Santander staff.

An OTP is a message sent to the mobile phone registered to your account. They’re sent when you pay someone new, make an online card purchase or make any changes to your account digitally. Each one is unique to the transaction you’re making.

Criminals try and trick you into telling them your OTPs. This is because they need them to carry out transactions. It’s how they can get your money into their account. There are a few red flags:

  • If you receive an OTP when you're not making a transaction, it's likely to be fraud. 
  • If someone asks you to read or send an OTP to them, it will be fraud.


Keep your business safe

  • Don’t share an OTP with anyone. Not even with Santander staff.
  • Make sure the detail in the OTP message matches with the transaction you’re making.
  • Make sure you know who you're talking to. Do this before taking any action. 
  • Call on a known and trusted number. 
  • If the call is from your bank, hang up then dial 159. This is a safe and secure number. It will connect you directly to your bank.

If the message doesn’t match what you’re trying to do STOP and call us.

For more information on how to protect your business, visit our spotting fraud and scams page. 

Criminals impersonate Santander so they can get access to your account. They’ll get you to share OTP codes with them. This is so they can gain access to your Online Banking. Then they’ll send payments out of your account.  We’ve seen cases where criminals who get this access then send payments to people or businesses you’ve sent money to before. The criminal then pretends to be your business and contacts the person or business to ask for the money to be ‘refunded’. What they’re really doing is getting the money sent to their own account.

You can help protect your business with a couple of simple steps:

  • Never share an OTP with anyone, not even a Santander employee.
  • Always read the whole OTP message. The message will explain what the code is approving. For example, access to Online Banking or a card payment.

If the message doesn’t match what you’re trying to do STOP and call us.

Check it's genuine with ScamSmart

To check if your investment’s genuine or a potential scam, use the Financial Conduct Authority's ScamSmart tool

Answer 4 easy questions to find out:

  •  about the potential investment and any risks
  •  if the investment firm is FCA regulated, or could be a clone.

Before you invest, it's always smart to do extra checks on any details you've been given. For example, make sure any phone numbers you have for a firm match those registered to it. That way, you can contact the firm on a number you know is genuine, if you need to.

For more on how to protect your business, go to Spotting fraud and scams

Do you know who you're really talking to?

Criminals trick people and businesses by pretending to be someone you know or trust. 

See our tips on how to spot an impersonation scam below. 

  • Criminals will create a sense of urgency so you can’t think straight.
  • They’ll say you’ve been a victim of attempted fraud or have an overpayment that needs to be returned.
  • You’ll be urged to move your money to a ‘safe’ or newly opened account to protect your money.
  • They’ll ask you to amend existing payment details or set up a new payment.
  • Criminals can ‘spoof’ telephone numbers, email addresses and text messages so they look like they're coming from a known, trusted source. They use this to try and prove they’re from the genuine organisation. Always be careful and double-check a request is genuine. Don’t ever rely on caller ID alone. Always take time to think about what you're being asked to do, and if you’re not sure or feel uncomfortable, stop.

At Santander, we’ll never get in touch and ask you to tell us your One Time Passcode (OTP) or ask you to take urgent action. If you get a call like this, hang up, wait five minutes and call us back using the number on the back of your card.

Criminals send fake invoices to trick you into making payments to their accounts. We want to help you protect your business.

Find out what typically happens with an invoice scam below.

  • The criminal pretends to be a supplier, business contact or colleague.
  • They’ll send a fake invoice by email, fax or post.
  • They’ll ask you to make a new payment or change the account details of an existing payee. 
  • Your money is sent to the criminal’s account.
  • You’ll only know it was fraud when you speak to the genuine contact.
  • By this time, it’s unlikely you’ll be able to get your money back.
     

Protect your business

Always confirm new payment requests or to change bank details. Do this in person or use a publicly available or trusted number. Never use the number given in the invoice or email.

Criminals ‘spoof’ telephone numbers. This makes it look like they're calling from a known, trusted source.

Always take time to think about what you're being asked to do. If you’re not sure or feel uneasy, stop.

Criminals want your business to pay upfront for something before you have even received the goods or service. These scams often start on social media or with an email. It might even be a letter sent by the criminal to try and make the scam look believable.

Examples of this could be:

  • Paying an ‘admin fee’ to release funds from a business loan
  • Paying a deposit for a new business premise which doesn’t exist. Or this could be office space or storage
  • Paying a fee to release money in an investment
  • Paying a ‘recovery fee’ to get back money lost in a previous scam. If you have been a previous victim of a scam, you can be targeted.
     

Keeping your business safe

Don’t pay money upfront for anything unless you are certain it is genuine and have taken steps to check it.
If you have any doubts, stop and take some time to think it through. Don’t ever feel pressured into paying quickly for anything.

Criminals don’t take time off, are your staff fraud aware?
So that you can relax and enjoy your time off, make sure your staff know how to protect your business from fraud and scams. Share our top tips:

  • Contact numbers, messages and emails can be spoofed, don’t trust the contact ID. Never use a number that’s given to you by the caller. To confirm contact from Santander use a number from our website.
  • Confirm new or changed payment details over the phone or in person. Emails and messages can be intercepted or hacked. Use a number you know to be genuine when calling to confirm payment details.
  • We’ll never call you and ask you to click on a link, download an app or open an attachment.
  • Don’t share any passwords, login details or OTP’s with anyone. Not even with a Santander employee. We never ask you to use them to authorise a refund.
  • Don’t allow anyone to remotely access your computers or devices during or after a cold call.
     

Take a look at our Spotting Fraud & Scams page. This has more information and tips to protect you and your business. 

QR codes are black and white squares which you can scan using your phone or tablet to take you to a link quickly. You may have seen them in restaurants, car parks or on letters. Criminals are taking advantage and creating their own to try and steal your money. Once you scan the QR code you’ll be taken to fake screens asking for your information and card details. Fake QR codes are being used in public car parks, restaurants and by people approaching you in the street. They may offer free products or money to scan their code.

Here’s an example of how the scam works.

  • You scan the QR code to pay for public parking.
  • You enter your personal information and card details.
  • A criminal will then use these details to attempt payments on your card.
  • You’ll then receive a call from a criminal who is pretending to be your bank. They’ll ask about some recent activity that you don’t recognise.
  • The criminal will tell you that you’ve been a victim of fraud and to keep your money safe you need to move it to a new account.
     

What's really happening is criminals are using the information you shared, when you scanned their QR code, to impersonate your bank and convince you to move your money.

How you can keep yourself safe when using QR codes.

  • Check for tampering. When using a QR code in a public space, such as a restaurant or car park you should check to make sure it hasn’t been tampered with or got a sticker placed over an original code.
  • Preview the link. When you scan a QR code the link to the page will appear for you to click on. Check the URL of the link before clicking. HTTPS are the most secure, you should avoid entering personal or financial information in HTTP website.
  • Double-check the URL. Criminals will make a small change to try and trick you e.g. santanber.co.uk instead of santander.co.uk.
  • Don’t scan or open QR codes from people you don’t know. Criminals may approach you on the street or message you online offering money or free products if you scan their QR code.
  • Contact the company. If the information you’re being asked for doesn’t seem right, stop and speak to the company directly.
  • Santander QR codes. Our QR codes will only take you to information pages.
  • Install anti-virus software. You can use this to verify original QR codes that do not contain malicious links. This will help you avoid having a virus or other malware downloaded onto your mobile.
     

If you are worried you might have scanned a fraudulent QR code, you can contact us on 0330 123 9860.
 

Was this helpful?

Do your banking online

Ways for you to manage your money without leaving home

Trouble logging on

You can reset your details if you already have Online Business Banking