What we’re seeing
We’re seeing customers being cold called, by people claiming to be from Santander, and told their accounts and money is at risk. They’re told that urgent action is needed to protect the account and the customer is asked to either share token codes, or use the mobile app authentication, to stop these payments.
In fact, this action is enabling payments to be taken from the customer’s account and paid into the criminal’s account. Token Codes and Mobile App authentication will never stop payments.
The criminals may try to legitimise the request by getting the customer to check the telephone number they’re calling from, but this can be spoofed to look like a genuine number and so should not be used to validate a caller.
How to protect your company
The key to protecting your company from these frauds is to ensure all payment processing staff within your business are aware of these important messages:
- Never share a token code with anyone, not even a Santander employee.
- Never use the mobile app to authenticate a transaction you’ve not selected yourself in online banking.
If you’re asked to do either of the above, this will be fraud.
If anyone contacts you out of the blue and tells you your account is at risk, you should hang up the phone and contact us directly.
Make sure your business has robust payment processing procedures and controls, including dual authorisation and payment authorisation limits. It’s important to have a mechanism to keep all staff up to date with fraud trends and advice.
For more advice about protecting your business from fraud, please visit our Support page