/ Scams

Scam alert: fake Santander ‘new payee’ texts

Fake texts claiming to be from Santander are circulating, suggesting that suspicious ‘new payees’ have been set up on your account. Here’s what they look like.

More fake text messages are trying to trick people into following potentially malicious links. This time they’re targeting Santander customers with ‘new payee’ notifications in different ways.

The first message tells the recipient that a ‘new direct debit’ has been established to a ‘Ruby Davies’ based in Glasgow. This name has presumably been made up entirely – the recipient had never heard of them, and the link is nothing to do with Santander.

The text appears convincing, but it’s attempting to panic you into following its own URL. If you receive a message like this and aren’t sure if it’s real, make contact with your bank via its genuine channels instead.

After we spotted a similar fake NatWest new device registered text circulating a couple of weeks ago, our browser stopped us from visiting the site and warned us of a phishing attempt to try and trick us into handing over personal details.

This time was no different: we we were warned that the site hosted ‘potential adware/spyware’ and we were blocked from entering the website.

‘A suspicious attempt was made’

Sticking with the theme of ‘new payees’, the following examples attempt to convince you of their authenticity by claiming that the ‘new recipient’ attempts on your account are suspicious:

Ultimately the most suspicious thing here is that, once again, the links take you to a site that’s nothing to do with Santander.

Text messages and the formats used by banks are notoriously easy to clone. That’s why we launched a guide to SMS Best Practice in September.

Santander’s tips for avoiding text scams

We showed Santander the examples above. A spokesperson said:

“Protecting our customers from fraud and scams is a top priority for everyone at Santander. We will always take appropriate action where scam messages such as these highlighted by Which? are provided to us, including sharing details with industry bodies such as the Mobile Ecosystem Forum”

Santander’s top tips for avoiding text message scams are:

⚠ Scammers can make a text message appear in a thread of genuine messages from Santander, such as previously sent OTP numbers. This is easily faked and isn’t proof that it’s from us.

⚠ Do not click on any links included in text messages or emails – instead contact your bank directly using the number on the back of your bank card, or through the 159 Stop Scams number.

⚠ If you do click on a link do not provide bank or security details and never download software on to your device.

⚠ You can report any suspicious text messages to your mobile network provider by forwarding the text message to 7726.

If you think you may have fallen victim to a fake text message, let your bank know via its genuine channels as soon as possible.

Guide: how to spot a scam

Guide: how to get your money back after a scam

Have you received a fake text purporting to be from a bank recently? Let us know in the comments, and send us the details via our scam sharer tool.


I received a text from number xxxxxxx saying: santander : login attempt made from new device 18-feb if you do NOT recognise this activity visit : http://santander.auth-user-15.com obviously I didn’t click … I’ve had previously HSBC and I don’t even bank with them and a call from fake DWP it’s actually never bloody ending.. they are wasting their time with me cus they’d have to actually put something in my account before they take it … #broke .. lol

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Lynda says:
5 April 2022

I have received a text from ‘My Santander’

A new payee A KHABIB was added at 16:02 on a new device REF – ABK663. If this was NOT you please remove here: https://onlinebanking.review-unapproved-payee.com

I clicked on the link but did not fill any information in. I went to my online banking and logged on to make sure this A KHABIB was not in my payee list and obviously he wasnt. Becuse i clicked on the link though does it put my phone data at risk?