This story was first published on August 1, 2017
This bogus message falsely claims to be from the security department of large banking group Santander.
In a tried and tested phishing technique, the criminals responsible for this scam attempt claim that recipients must immediately click a link to update their banking details due to a scheduled software upgrade. Supposedly, this software upgrade will result in improved services for customers.
But, of course, the message is certainly not from Santander and the claim that the recipient must upgrade his or her account is untrue. The supposed account upgrade requirement is simply the bait used to trick victims into visiting a fake “Santander Online Bank” website and submitting their personal information. The fake site has been made to look very similar to the genuine Santander website.
Those who fall for the trick and click the “upgrade” link will first be taken to a bogus bank login page as depicted in the following screenshot:
Next, the victim is taken to a second fake page that asks for the account passcode, pin and contact details:
After submitting the requested information, the victim is taken to a third fake page that asks for the security verification questions attached to the account:
Finally, the victim receives a pop-up message advising that the verification request has been successfully completed:
After clicking the “OK” button, the victim is then automatically redirected to the UK branch of the genuine Santander website. Meanwhile, the criminals behind the scam will be able to collect all of the submitted information and use it to hijack their victim’s real Santander account and commit fraud and identity theft.
The bank advises its customers about such scams via its website. As with other legitimate banks and financial institutions, Santander will never ask customers to provide online bank details via an email.