Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Santander Online Banking Software Upgrade Phishing Scam

Outline
Email, purporting to be from large banking group Santander, claims that, due to a scheduled security software upgrade, the recipient must click a link to upgrade their account immediately.



Brief Analysis
The email is not from Santander. In fact, the message is a phishing scam designed to steal login and banking details from Santander customers.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 30th April 2012
First published: 30th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Santander Online Banking Notice

Dear Valued Customer,

Santander Online Banking technical services department is carrying out a scheduled software upgrade to improve the quality of services for the bank's customers. Please upgrade immediately by clicking on this link below:

Secure Sign-In Access

Thank you for your prompt attention to this matter.

Regards,
Security Department




Detailed Analysis
This bogus message falsely claims to be from the security department of large banking group Santander. In a tried and tested phishing technique, the criminals responsible for this scam attempt claim that recipients must immediately click a link to update their banking details due to a scheduled software upgrade. Supposedly, this software upgrade will result in improved services for customers.

But, of course, the message is certainly not from Santander and the claim that the recipient must upgrade his or her account is untrue. The supposed account upgrade requirement is simply the bait used to trick victims into visiting a fake "Santander Online Bank" website and submitting their personal information. The fake site has been made to look very similar to the genuine Santander website. Those who fall for the trick and click the "upgrade" link will first be taken to a bogus bank login page as depicted in the following screenshot:

Santander Phishing Scam Login

Next, the victim is taken to a second fake page that asks for the account passcode, pin and contact details:

Santander Phishing Scam Bogus Form

After submitting the requested information, the victim is taken to a third fake page that asks for the security verification questions attached to the account:

Santander Phishing Questions and Answers

Finally, the victim receives a pop-up message advising that the verification request has been successfully completed:

Fake Verfication Successful message

After clicking the "OK" button, the victim is then automatically redirected to the UK branch of the genuine Santander website. Meanwhile, the criminals behind the scam will be able to collect all of the submitted information and use it to hijack their victim's real Santander account and commit fraud and identity theft.

130advises its customers about such scams via its website. As with other legitimate banks and financial institutions, Santander will never ask customers to provide online bank details via an email.

Phishing is a very common form of online scam. To learn more about phishing scams and how to avoid them, see:
Phishing Scams - Anti-Phishing Information

Bookmark and Share References
Common Threats - Phishing
Phishing Scams - Anti-Phishing Information

Last updated: 30th April 2012
First published: 30th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer