/security

News and resources on cyber and physical threats to banks and fintechs worldwide.
Customer loses £60,000 to criminal posing as Santander's head of fraud

Customer loses £60,000 to criminal posing as Santander's head of fraud

A customer of Santander Bank had £60,000 scammed from her account after transferrring funds to a criminal impersonating the bank's head of fraud, Chris Ainsley.

The customer received a text message asking her to confirm a £500 payment to which she responded ‘No’. The customer then received a call from a spoofed caller ID appearing as a Santander number. The caller introduced himself as Chris Ainsley, head of Santander’s fraud team.

The imposter thanked the customer for confirming the £500 payment was fraudulent, but claimed further payments were being attempted. As a result of this the customer was told that a new ‘safe account’ had been opened and that she should transfer her current account balance to the new account urgently.

After cross-checking Chris Ainsley’s name on LinkedIn, on the instruction of the impersonator, the customer transferred over £60,000 in funds to the fraudster’s account. She was also instructed by the fraudster to mislead the bank about the true reasons for her payments, in order to avoid the bank uncovering the scam.

The criminal then ended the call and cut all contact. After a few days when the customer didn’t receive her new online banking details she contacted Santander and was informed she had been a victim of a scam.

Banks have a spotty record in reimbursing customers who fall victim to authorised push payment fraud, but in this case, "due to the individual circumstances", Santander made good on the losses.

Santander recorded £10.2 million worth of impersonation scams between January-March this year, up 11% from the same period last year, with the average reported loss per customer £6,906 for this period.

Says Ainsley: “Scammers leave no stone unturned in tricking victims, and as somebody working with colleagues across Santander to protect customers from fraud, it was quite a surprise to discover scammers impersonating me. Imitation is certainly not a form of flattery in this case, but instead a timely reminder that nobody from a bank or legitimate organisation would ever attempt to rush you into transferring funds into another account."

Comments: (3)

Kevin Smith
Kevin Smith - Riskskill - Reading 05 May, 2023, 10:041 like 1 like

OK I get the point that the scammers are very good at what they do, they sound very credible and trick consumers. Reimbursement is indeed patchy when the originating bank questions what more the consumer could/should have dome. However the new UK Fraud Strategy published yesterday makes no reference to pursuing the financial institution that set up the receiving account, the £60k in this news item. We are not punishing banks with poor AML/KYC checks. Follow the money.

Martin Sansone
Martin Sansone - Sansone Projects - Glasgow 05 May, 2023, 13:151 like 1 like

AML/KYC checks are not always the issue! Too many money mule accounts have zero issues within the AML/KYC process, simply because our current solutions are not robust enough - and the criminal mind easily works around them.
Proper collaboration across industries needs to happen with verified responsible data sharing.  The noise around privacy only serves bad actors - and needs to change to a conversation about informed consent.

A Finextra member
A Finextra member 10 May, 2023, 17:02Be the first to give this comment the thumbs up 0 likes

An account that had £60k deposited out of the blue should have had a delay/cooling off period to lock the funds - especially if the account did not have a normal trading pattern attached to it.... Your, or My current accounts, business accounts etc will all have a logical pattern of behaviour... this IS a legitimate use for AI to be put to - policing non-typical bank account behaviour

 

Trending