Santander Customers Warned of Smishing Scam

Posted byDaniel Tannenbaum | Category Blog | Date 13 July 2017

Several Santander customers have been duped out of their life savings following a controversial smishing scam that continues to affect existing customers.

What is Smishing?

Smishing is a type of phone number spoofing or SMS fraud where fraudsters are able to send you a text message or phone call taking the name of a contact on your phone that you already know and trust.

In this case, it has been Santander bank and for customers, they have already received messages from Santander in the past, but using spoofing, the fraudster is able to continue to send you fraudulent messages under the same name and existing message thread. For the customer, it is impossible to distinguish this and believe that it could be anyone else – after all, the name comes up and everything!

Smishing stands for SMS Phishing – so it is considered a type of cyber hacking, similar to trojans and worms. Here is an example of Smishing from Santander below.



How Do The Fraudsters Make Money?

Very simple. The criminals lure you into believing that it is really your bank, like Santander (and it is very convincing). The message says something to induce a phone call e.g money has been taken from your account, your account has been frozen or similar.

  1. They send you a message stating that something is wrong with your account.
  2. Encourage you to phone their fraudulent line where you will speak to a polite person and they will ask you to provide your card details, mother’s maiden name and date of birth (getting your personal information).
  3. To access your account, they state that you need to reset your password via Online Banking and then provide them with a One-Time-Passcode (OTP) to reset the account.
  4. By now they have your personal details and access to your online banking and then they just take all the money from your account.

Sadly there have been several victims of this crime, including Ruth Quinn from Kent, Ron Williams from Southampton and Rod Owens from Coventry have had £15,000, £12,000 and £9,200 in February 2017. (Source: This is Money)

In a huge case, Alex Luke from London lost over £180,000 of her life savings taken in £6,000 and £8,000 chunks over 33 withdrawals.

This is a very serious problem for UK banks who claim that  internet banking fraud, which has risen by 64 per cent in a year to £135 million.

Are Santander Offering Refunds?

Sadly not. The victims of the smishing scams were told by Santander that they will not be receiving any refunds because out of ‘negligence’ they are voluntarily giving their passwords and access to their bank accounts to a third party. The victims mentioned above have not received any refunds from Santander except for one that received £1,500 based on the amount available in her bank overdraft (not sure why they decided that outcome).

How to Spot A Fraudulent Text Message and Stay Safe

Santander claim that they will never ask for your account details, Pin or your OTP code in a text message or over the phone. You need to be aware that the One-Time-Passcode (OTP) is for you and you only.

Banks will only ask you to confirm a transaction whereas a fraudster will ask you for exact details e.g card numbers, passwords etc

The video below shows how smishing works, step-by-step:


Some advice –  banks will only ask you to confirm a transaction whereas a fraudster will ask you for exact details e.g card numbers, passwords etc. Therefore, you should try take a moment and think about what you are being asked to do and be cautious for a moment with everything you receive.

If you have any reservations, you can call your bank or card provider directly on a number that you know is legitimate, such as the one on their website on the one on the back of your credit card.

If you have any further questions or believe that you might have been impacted in the same way as the cases above, speak to Action Fraud by calling 0300 123 2040.