Santander UK has issued a warning for businesses to be on “high alert” to impersonation scams after seeing the number of its customers targeted by fraudsters double last month.
The banking group said criminals were using sophisticated methods to impersonate a bank employee and trick people into sending thousands of pounds to a fraudster’s account.
It told the PA news agency that more than 200 of its corporate and commercial banking customers are known to have been targeted in September.
The bank flagged one example where a business customer was defrauded of a five-figure sum after being called by someone acting as a Santander staff member.
In these cases, scammers call a business and pretend to be from the firm’s bank, often in its fraud or security department, and say that a “fraudulent payment” has been made from the firm’s bank account.
The callers, who in some cases go as far as to give a fake reference number or employee ID, direct the person to a fake website or phone number to resolve the issue.
They then instruct or trick them into installing a remote access system on their device, which gives the criminals access. One customer was told to instal the app AnyDesk, Santander said.
The customers are then directed to log into their mobile banking and authorise a transaction that will stop the “fraudulent payment” from leaving the firm’s bank account.
It means that people are tricked into sending money directly to a criminal’s account.
Chris Ainsley, Santander UK’s head of fraud risk management, told PA: “Impersonation scams are rampant and the criminals perpetrating these crimes can be particularly devious in their approach.
“Businesses should remain on high alert to this threat.
“Don’t trust people who make an unsolicited call to you and say they are from your bank, and make sure you validate any requests from cold callers by hanging up and contacting your bank using the phone number on the back of your bank card.”
A voice recording taken by a business customer, who is not named, and shared with PA reveals an attempted scam by a caller impersonating the bank.
The caller says they are from “Santander’s business banking team” and that they have blocked a payment of more than £18,000, which the customer is asked to validate before being given a phone number to contact the “higher fraud department” to deal with the issue.
Santander stressed that businesses should never share any passwords or security codes with anyone, not even a bank employee, nor allow anyone to remotely access their device.
People should only use a mobile app to authenticate a transaction they have selected themselves in online banking, it said.