Spot fake Santander fraud-alert, payee-added and card-blocked texts targeting Santander UK customers
Last reviewed: 11 May 2026 · ScamSupport research
The Santander UK impersonation pattern
Santander UK is consistently in the top five banks targeted by UK smishing campaigns. The mechanic mirrors the broader bank-impersonation playbook: spoofed sender ID, manufactured emergency, phone-call manipulation, and a final instruction to move money to a “safe account” which is in fact criminal-controlled. UK Finance puts the 2024 bank-impersonation loss total above £460m, with Santander customers receiving a substantial share.
Three Santander scam-text variants in active circulation
From: SANTANDER or Santander (spoofed sender ID; lands in the same SMS thread as real Santander alerts)
Body: “Santander: A payment of £1,449.00 to AMAZON.CO.UK has been requested from your account. If this was not you, call 0203 XXX XXXX urgently to dispute.”
Red flags:
Real Santander fraud alerts don’t embed a phone number. They direct you to call the number on the back of your card or use the in-app secure messaging.
The “fraud agent” you reach will tell you that to safeguard your remaining funds you must move them to a “safe account in your name”. That account belongs to the criminal.
Specific transaction amount. Criminals harvest card details from earlier breaches; the figure looks plausible but isn’t one you can verify against the app without first being told to call.
Time-of-day targeting. Many recent Santander campaigns are timed to land during commute hours or just before noon, when reflective seconds are scarce.
From: Santander (spoofed)
Body: “Santander: Your account has been suspended due to suspicious activity. Verify your identity now to avoid permanent closure: santander-verify-uk[dot]com”
Red flags:
Santander never sends customers to third-party verification domains. Real notifications direct you to the Santander Mobile Banking app or santander.co.uk. Domains like santander-verify-uk.com, santander-secure.com, or any “santander-something” are typosquats.
The page asks for your Customer ID, passcode, registration number, full card details, security code, and a One-Time Passcode. The OTP is what the criminal needs to log into your account in real time.
“Permanent closure” urgency. Real Santander suspensions are reversible by walking into a branch with ID. No genuine bank threatens permanent closure via SMS.
From: Santander (spoofed) followed by a phone call within 15 minutes
Body: “Santander Fraud: A transfer of £3,500 to a new payee is in progress. Our fraud team will contact you shortly.”
The phone call follows: caller ID appears as Santander’s real fraud line. The caller knows your name, address, sort code and recent transaction history. They instruct you to immediately move your savings to a “protected Santander internal account”.
Red flags:
SMS + call combination is the organised-fraud signature. The text primes you to expect the call.
Caller-ID spoofing makes the displayed number unreliable. The number on your phone can be made to display 0800 9 123 123 (real Santander fraud) or any number the criminal chooses.
They will know personal details. Sort code, account number, recent purchases — all from data-breach markets. None of it proves they’re from Santander.
Banks never ask customers to move money for their own safety. If you hear the “safe account” phrase, hang up immediately.
How to verify a Santander text is real
Three rules:
Never call a number from the text. Real Santander fraud alerts direct you to call the number on the back of your card or use the app’s secure messaging.
Open the Santander Mobile Banking app to verify. Genuine alerts are also visible in the app’s message centre and recent-activity tab. If the SMS isn’t in the app, it’s a scam.
Never read an OTP, registration number, or security passcode to anyone on a phone call. Santander has other ways to verify your identity. Anyone asking for an OTP over the phone is the criminal.
If you’ve already transferred money or shared an OTP
Call Santander’s real fraud line on 0330 9 123 123 (or the number on the back of your card). Use the phrase: “This was an authorised push payment scam. Please log it under the PSR reimbursement scheme.”
The PSR Mandatory Reimbursement Scheme requires Santander to reimburse APP fraud victims up to £85,000 for transfers made after 7 October 2024 unless the bank can prove gross negligence on the customer’s part. Make the claim in writing within 13 months.
Report to Report Fraud at reportfraud.police.uk. You’ll need a crime reference number for any Financial Ombudsman escalation.