Scammers are impersonating Santander with this sneaky new phishing email
Santander customers should be wary of this convincing new email scam that asks you to log in to your online banking.
Over the last week, the Google search term ‘Santander phishing email’ has increased in popularity by more than 90% and the term ‘Santander email scams’ by more than 5000%, showing the spike in people being targeted with this new scam.
Similar to the fake BT emails we reported on, these emails use branding and a sense of urgency regarding your access to banking services to pressure you into giving away data.
Find out what these emails look like, and how to avoid and report this scam.
Sign up for free Which? scam alert emails to find out about the latest scams news and advice.
Santander scam email
The email uses Santander’s distinctive red and white logo as well as the title ‘We’re changing the way you log on to Online Banking,’ commonly used by the bank.
It goes on to say: ‘We’re making some changes to how you log on to Online Banking as a result of new regulation which affects the whole banking sector.
‘These changes are called Strong Customer Authentication, and they support how we check it’s you when you use Online Banking.’
It goes on to detail the supposed ‘changes’ happening to make banking more secure for you:
‘The new regulation asks us to add an additional check to confirm it’s you. You can do this one of the following ways:
‘By having our personal mobile banking app. When you log on to Online Banking you’ll be referred to the mobile app, which will simply ask you to use your fingerprint, face or Security Number as the additional check that it’s you. You can then continue to use Online Banking as you normally do.
‘By using One Time Passcode (OTP). If you don’t have a smart phone, we’ll send an OTP to your mobile phone as the additional check that it’s you.’
The email concludes by telling you that to ensure you can confirm payments and check your online banking settings, you need to make sure that your mobile number is up to date. It then includes a link entitled ‘My details & settings’ which you are encouraged to click on.
Signs of an email scam
While the branding and tone of the email may look genuine, the sender's email address is a clear indication that this is a scam. This particular email came from customer@7404.yoursantander.co.uk - this is not a Santander email address and Santander customers usually receive emails from dontreply@communications.santander.co.uk.
Chris Ainsley, head of fraud risk management at Santander told us: 'Impersonation scams are rampant and the criminals perpetrating these crimes can be particularly devious in their approach. We’re currently seeing a large swathe of these scams begin with a phishing email and culminate in the criminals using this information to commit fraud crimes such as identity theft and bank fraud. Consumers should remain on high alert to this threat and if something seems suspicious, call your bank using the number on the back of your card, or by dialling 159.'
A genuine email from Santander will always address you personally using your full name, include the last four digits of your account, card number or the last three characters of your postcode in emails. Santander also states that it will only include links to information pages and never ask you for your personal information.
If you receive an unexpected email from your bank which you think could be genuine, you should log into your online banking account through the bank's official website to verify the information before taking any actions or clicking on links in the email.
Reporting email scams
You can report scam emails by forwarding them to report@phishing.gov.uk and make sure to never click on any links within the email.
You can also use Hotmail’s 'Report phishing' button and Gmail’s 'Report spam' button to report scam emails.
