A victim of a new banking scam who lost more than £20,000 to fraudsters has set up a website to warn others.
The South Yorkshire man, who asked to remain anonymous, was a victim of a scam known as SMS phishing, or ‘smishing’.
Fraudsters sent the man, from Swallownest, a text that appeared in the same thread as messages from his bank, Santander. It said suspected fraudulent activity had taken place on his account and £2,700 had been withdrawn.
The text asked him to call a false number. When he did, the fraudsters asked him to request a one time password from Santander so the money could be paid back into his account.
The man got the password and then received a genuine call from Santander, asking him to confirm a payment of £2,700 to his name. But the account was not his own and by giving the password he had given Santander permission to take the £2,700.
The fraudsters then went on to take a further £20,000 from a savings account he had set up for his daughter – and tried unsuccessfully to take more.
Because the man gave a genuine password to Santander, the bank has refused to refund the money.
Now he has set up his own website to raise awareness of the scam.
“My big problem is smishing is not known to people,” he said.
“Santander does not do enough to make people aware. I feel so passionately about it. If they had sent me a text to say beware, people could use this to scam you, it might have stopped me.
“I don’t fall for cold calls. I’m not a stupid person.”
The website – www.haveyoubeensmished.co.uk – features hiss story and details about how to identify the scam and will go live in the next few days.
“It was my daughter’s money,” he said. “She’s only four but it was for if she wanted to go to university when she’s older. It was her future.”
A Santander spokesman said: “Whilst we are very sympathetic to his situation and the distress caused by being the victim of a scam, the man disclosed a one time passcode to validate and authorise the transfer, a security measure we put in place to protect customers against fraud.
“He also confirmed the payment as genuine when we called to check. Therefore we cannot accept any responsibility for the losses on this account.”
The spokesman said Santander invested ‘significant’ resources alerting customers to scams, and offered advice online at www.santander.co.uk/securitycentre.
“We will never contact customers by phone, email or SMS to ask them to disclose their one time passcode, transfer funds or tell us their passwords or personal details,” the spokesman said.