Santander has called for businesses to be vigilant against scams where fraudsters are pretending to be an employee from the bank.
Con artists are phoning businesses up and asking members of staff to give them access to their online banking account with the plan to transfer cash into scammers’ accounts.
In September, the number of reported scams rose by 100% as at least 200 clients of the lender were targeted during the month.
During the scam attempt, the caller gives a ‘case ID’ or ‘employee number’ as part of a fake verification process. Scammers then inform the target there has been a fraudulent payment made from the organisation’s company and direct them to a link that leads to a fake website.
The caller impersonating the bank then asks the customer to install a remote access system to stop the ‘fraudulent payments’ leaving the account. Once the transactions are authorised, the funds in the victim’s funds accounts are then transferred to the scammers.
Impersonation scams are ‘rampant’
YourMoney.com has reported on the scam epidemic throughout the year, while Santander have previously had to warn customers over fake clearance sales involving the defunct retailer Wilko.
Chris Ainsley, head of fraud risk management at Santander UK said: “Impersonation scams are rampant and the criminals perpetrating these crimes can be particularly devious in their approach. Businesses should remain on high alert to this threat.
“Don’t trust people who make an unsolicited call to you and say they are from your bank, and make sure you validate any requests from cold callers by hanging up and contacting your bank using the phone number on the back of your bank card.”
The banking provider has issued seven tips to avoid falling victim to scammers.
How to keep your business safe from impersonation scams
- Don’t share any passwords or security codes with anyone. Not even a Santander employee.
- Never share your token code with anyone. These can only be used to authorise log in, account changes or payments, and Santander UK never asks you to use them to authorise a refund or stop a payment leaving your account.
- Don’t allow anyone to remotely access your devices.
- Never use a mobile app to authenticate a transaction you’ve not selected yourself in online banking.
- Never click on a link, download an app, or open an attachment related to your organisation’s mobile or online banking in response to a call or SMS asking you to do so. Santander UK will never ask you to do this.
- Never trust caller ID as contact numbers on phone calls and SMSs can be spoofed. Instead, validate all requests made through unsolicited contacts by calling your bank directly. Check the phone number using the phone number on the back of your bank card. Never use a phone number in an SMS message or which has been given to you by a cold caller.
- Ensure all your organisation’s staff keep up to date with fraud trends and advice.
