THE FRAUD VICTIMS WHO LOST THEIR LIFE SAVINGS
In heart-rending interviews, Santander fraud victims reveal how their lives have been shattered — and the pitiful help they’ve had
IT HASN’T been easy, but Alex Luke has always put on a brave face for her two children. For nearly ten years, she has been the sole breadwinner in her household, working long hours in the recruitment business she set up after her divorce in 2008.
But in December last year, her resolve cracked when she burst into tears in front of her bewildered 15-year-old son.
Having worked so hard to keep the family going, the intelligent, articulate 49-year-old had just learnt that every penny of the £180,000 she had saved from her business had been stolen by fraudsters. Crooks snatched the money in 33 withdrawals in just 24 hours. Each time they took between £6,000 and £8,000, and the transactions were separated by as little as three minutes.
The alarming pattern of withdrawals could not be more different to how Alex, who lives in London, normally uses her Santander business account.
She treats it as her ‘rainy day’ fund, typically taking out cash no more than twice a month.
Yet, at no point did Santander call to check Alex had authorised the highly unusual payments. Instead, it blamed Alex, saying she had authorised the transactions and that it had no responsibility to check they were legitimate.
On the day the fraudsters struck, Alex was racing to finish work and pack for a family holiday to France. She received a call on her landline from a well-spoken woman who said she was from Alex’s internet provider BT. The caller said BT had been hacked and crooks were snatching money from customers’ bank accounts.
The woman said she needed to run checks on Alex’s computer. Alex agreed and was passed to a man who claimed to be a senior fraud investigator who said he would connect to her computer.
He asked her to log into her online banking and in the background Alex could hear the sounds of a call centre. A window opened on Alex’s PC with the words ‘BT User Hub’. Her screen turned black and then lists of numbers and letters appeared. She was told this was evidence hackers were taking her cash.
Next, the man told her she would receive a series of messages on her phone with different codes.
These were so-called One Time Passcodes, which are sent to Santander customers to authorise online transactions. You have to enter the codes into the Santander website to move your money. The messages did not show details of the transactions, such as the amount being transferred.
Alex was asked to type each code into the screen in front of her, so that BT could safeguard her cash. She was told to keep her computer running overnight. The man called back the next morning and the pattern continued.
By the afternoon, all her money had gone. But Alex was told everything was safe and didn’t realise she’d been duped until she returned from holiday nine days later.
Around £50,000 has since been recovered from the fraudster’s account by Santander — but it says the rest of Alex’s cash is lost.
‘The people on the phone knew I was a customer of BT and Santander, so when they mentioned fraud I went into a meltdown,’ says Alex, who also has an 18-year-old daughter. ‘I just did as they said. It seemed so rational and helpful. It makes me sick to talk about it.
‘This is the money I’ve worked for over the past ten years. It was meant to be my safety net and something to leave my children. When I realised it was gone I sat on the floor and howled. My poor son did his best to help but I was inconsolable.’
She now wants to know how Santander could have allowed her account to be emptied without contacting her to question the payments.
Santander says its fraud detection system didn’t flag the payments as suspicious as they were not unusual for a business account and Alex provided the fraudsters with One Time Passcodes on 16 occasions. ‘We cannot accept any responsibility as Mrs Luke allowed strangers access to her account and provided them with personal security information,’ it says.
Widow who had her savings raided
PAM KETLEY weeps as she explains how she fell victim to a similar ploy in February. The 68-year-old widow, from Colchester, feels let down by the bank, which refuses to cover her losses of nearly £20,000. Like Alex Luke, she was also called by someone claiming to be from BT — but this time to fix her slow internet connection.
Pam allowed the man to access her computer using software that IT engineers often employ to help fix problems remotely.
In fact, he wasn’t an engineer but a trickster who kept her on the phone for hours. When she logged into her online banking to pay £10 for the repair, her account was hacked and vast sums siphoned off. The pattern of payments was totally out of character for Pam’s personal bank account.
Her husband David, who died of a heart attack four years ago, used to handle all the couple’s financial affairs. So, worried about the risks, Pam said she didn’t want to bank online when she opened a new Santander account in April 2016. The sales assistant convinced her she might as well have online access, even if she didn’t use it.
Pam normally does all her banking in branch and has never made a transaction online. On the Friday in February when the fraud occurred, the sudden online payments going out of her account were flagged up by Santander as a potential fraud. The bank tried to call Pam’s landline on four occa-
one had been left earlier that day by the bank about potential fraud on her account. She called Santander and instantly realised she’d been scammed. However, she was told that the fraud team didn’t work over the weekend and she would have to wait until the next day to see whether any of the money could be recovered.
On the Monday, after the fraud had been acknowledged by Santander, another transfer of £ 9,999.99 left her account. Santander says the payment had been cleared on the Saturday afternoon and only later showed up on Pam’s bank balance. In total, the criminals stole just under £30,000.
Santander has since managed to recover around £10,000, leaving Pam’s losses at nearly £20,000. The bank is refusing to refund the money as it says Pam compromised her security by letting the fraudster access her computer.
It says several One Time Passcodes it sent to her phone were entered to allow the payments to be processed. Pam says she only received two messages. One of them was to ‘amend a payee’. She entered the code believing she was making a £10 payment to BT.
The second message was to approve a payment of ‘£0.00’. Pam says she didn’t enter this code, although Santander insists someone must have done. Neither message showed the sums of money leaving Pam’s account.
Pam says she was told Santander does not routinely tell the police about individual frauds and that it was down to her to pass this information on.
She says: ‘When I found out the money was gone I felt sick. They should have waited to get through to me before releasing the money. Why would I suddenly have paid tens of thousands of pounds out of my account when I’d never paid anyone online before?’
Santander says when it didn’t hear back from Pam it blocked her account on Sunday. It also contacted NatWest and Barclays — which held the accounts the payments were being made to — over its concerns, but says it will not cover the fraud because she allowed a third party remote access to her computer.
Blamed for a crime that can’t be solved
SIAN NEWMAN has been off work since October, after £10,000 was stolen from her Santander account by a caller claiming to be from TalkTalk. The 42-year- old from Rickmansworth, Hertfordshire, suffers from multiple sclerosis, and her nausea and balance problems have become significantly worse since the fraud occurred in June.
The fraudster said he needed to clear a virus from her computer following the recent data breach at TalkTalk. Sian was kept on the landline for five hours. She allowed them access to her computer, but says she didn’t log into her online banking in this time and that passwords were not stored in her computer. While she was on the phone, £ 5,800 was paid out followed by a further £ 7,486. The account was also credited with £3,100.
Santander says someone entered One Time Passcodes sent to Sian’s mobile to confirm the transactions. But Sian says her mobile phone — an old fashioned Nokia with no internet access — was in another room at all times.
After her claim for fraud losses was rejected, she took the bank to the Financial Ombudsman Service. But the independent complaints body found against her saying it ‘could not safely say’ Sian hadn’t inputted the passcode herself.
Tricked by text into calling con artists
OuR investigation revealed that one of the fastest types of fraud — and hardest to spot — is so-called smishing. This is where a fraudster sends a text message that appears to be from Santander itself.
Crooks use a technique called ‘number spoofing’ to make the message appear underneath genuine texts from Santander. So to the customer, it is indistinguishable from a legitimate message.
The text message usually warns of a fraud risk on the customer’s account and advises them to call the bank on a number provided. When you call, a con artist picks up and pretends to be from Santander’s fraud department.
The crook then advises the victim to transfer their cash to a ‘safe’ account and provides the necessary instructions. In fact, the money goes straight to the criminal’s own account and is rarely recovered.
Debra Evans, 55, from Jarrow, Tyne and Wear, lost £1,960 to a smishing scam earlier this month.
She received a genuine call from Santander about a suspicious £17 transaction, which was blocked.
The next day, she was called by crooks claiming to be from Santander’s fraud department. They tricked her into reading out One Time Passcodes from her phone while she was walking her dog. ‘The money was inheritance from my dad who died last year, so it is really upsetting,’ she says.
A similar thing happened to a 46-year-old woman who lost £1,700 and a pensioner couple from Rugby, in Warwickshire, who lost £22,159 at Christmas.
Adrian Sear, 32 from Rickmansworth in Hertfordshire, is due to get married in May and is having to work seven days a week after losing £ 32,000 to the scam in December. The bank refused a refund on the basis that he had handed scammers his One Time Passcodes. Adrian says he has sent proof from his mobile operator that this is not the case.
A 35-year- old from Orpington, who wishes to remain anonymous, had £41,500 stolen from his account in November.
The cash was set aside for a house deposit and the fraud happened as he was about to exchange contracts. He had been a victim of fraud two weeks earlier, having set up the account for the high interest rate. He gave out two One Time Passcodes codes after being warned another attack was imminent. Seven payments were sent to fraudsters on the same afternoon and the victim says he was told it was only when Halifax and Nat-West became suspicious that the transactions stopped. Santander has managed to recover £6,000.
Mandy Jones, 48, a healthcare practitioner from Kent, lost £15,000 in February. Santander allowed three unusual transactions of £2,500, £5,000 and £7,500 without flagging them as suspicious because a One Time Passcode was used each time.
Archie Moyes, an 18-year- old from Leicester, lost £2,650 this month. Santander sent him a letter, seen by Money Mail, saying the bank was not responsible for his losses and making no mention of the complaints procedure or his right to approach the Financial Ombudsman Service for help.