Criminals are targeting Santander customers using a text message trick to steal funds out of current accounts.
All of the victims who have lost money are now struggling to recoup their losses as they all revealed their One-Time Passcode to the scammers. This is a vital piece of information fraudsters need to steal money.
Here’s what you need to know to keep your accounts safe.
How the scam works
In the latest spate of incidents criminals are reportedly using a technique called number spoofing to send messages to victims that appear to be from the bank and part of an existing thread.
These warn that there has been unusual activity on the account and that the customer needs to call a number or click a link to verify information.
Scammers then convince the victims to provide account details for their online banking and generate a One-Time Passcode (OTP), which allows them to empty the accounts.
The OTP is an extra layer of security Santander uses to authorise things like setting up a new payee or changing details on the account.
At least three Santander customers have lost more than £36,000 in total this month thanks to this ‘smishing’ scam, according to This is Money.
Ruth Quinn from Kent lost £15,000, Ron Williams from Southampton had £12,000 stolen and Rod Owens from Coventry is £9,200 out of pocket.
More and more people are using current accounts as savings accounts as they offer more interest than traditional deals.
This means more cash is likely to be held in a current account, which makes them a prime target for fraudsters.
The Santander 123 Current Account pays 1.5% on savings up to £20,000 and is especially good for large balances.
Of course the scammers can easily imitate any other bank, so it's not just Santander customers who need to be vigilant.
The industry as a whole has seen an alarming rise in the use of ‘social engineering techniques’, including targeted smishing.
Figures from Financial Fraud Action UK show that the amount lost to financial fraud has increased from £755 million in 2015 to £768.8 million in 2016.
Take a look at our guide to the common tricks scammers use to keep up to date with how criminals are trying to steal your money.
Can victims get their money back?
Sadly, Santander will not refund the victims of this nasty smishing scam because they handed over the essential OTP code, which allowed the fraudsters to siphon the money.
A spokesman for Santander told This is Money: "Each of these customers provided the fraudsters with their OTPs and allowed the fraudsters access to their online banking.
"OTPs are security measures we put in place to protect customers, and we have specific warnings on our online banking log-in screen and when sending OTPs not to divulge these to anyone.
"In two of the cases our fraud detection flagged the transactions and contact was made to the customers' registered telephone where these transactions were confirmed as genuine, authorising them to go ahead.
'Whilst we are very sympathetic to customers who are victims of scams, as there was no Santander error and all three customers divulged personal, security information, we therefore cannot accept any responsibility for the losses on these accounts.
'We assess all fraud claims on a case by case basis, in line with the Payment Service Regulations and the Consumer Credit Association.'
How to stay safe
Your bank will never contact you to ask for your account details, Pin or your OTP code.
You should ignore and report any message, call or email you get asking for this sort of sensitive personal information.
If you think if you have become a victim of a smishing scam, contact your bank as soon as possible using the number on the back of your debit card.