Last update: 20/03/2024

Companies communicate with their customers through email, phone calls, or text messages. However, relying solely on the number or sender to confirm authenticity can be dangerous. Learn about this scam technique and how to avoid being deceived by communications that seem legitimate.

Spoofing is when cyber criminals impersonate people or public or private organizations (like a bank) to trick people. Criminals can falsify the sender of emails, sandwich fake SMS messages in a legitimate thread, or alter a phone number or caller ID to appear trustworthy.

But to what end? To earn your trust so that you'll release personal information, bank details or your digital banking login, download malicious programs, or make payments. 

Think before you click or reply

Cyber criminals’ favourite spoofing mechanisms are:

  • Email: Cyber criminals can impersonate the sender of an email to make you believe it has come from a trusted person or company. You can hover your mouse over the address or press and hold the name on your smartphone to check it. But be careful, because cyber criminals might use the actual address of a legitimate company, making it even more likely you’ll fall into the trap.

 

  • SMSSpoofing can also come in the form of SMS messages. They might "look the part", but they’re a scam. Criminals can change the name of the company that appears on your device. What’s more, they can even embed a message in a thread of the actual correspondence you’ve had with a company.

  • Phone calls: Cyber criminals can change the phone number that appears on your screen when they call you. To convince you that the call is authentic, they might even ask you to check that the number they’re calling from matches the one on the company's website.

If they’re pretending to be your bank, they might say they’re calling from the anti-fraud department about a fraudulent payment from your account. They might also ask you to download the new version of an app or software to protect your devices. Don’t believe them!
 

Essentially: 

Be wary if...

drop dowm
  • you receive an unexpected SMS, email or phone call.
  • a person or message points out an urgent situation that requires a quick solution.
  • you’re asked to open a link, download a document, call a number, provide sensitive information or make a payment.
  • you’re offered products under good terms and conditions or told that something bad could happen if you don’t do a certain action.

Get protected

drop dowm
  • Never share your passwords or security codes with anyone, not even Santander employees.
  • Never download software or let somebody access your computer or other devices remotely, especially if you didn’t begin the conversation. 
  • Never enter your online banking login after clicking on a link. 
  • If something doesn’t seem right, contact the company that the criminals are impersonating.
  • If you receive a suspicious SMS or email that could be impersonating Santander, report it to reportphishing@gruposantander.com.

Spoofing at work

Companies of all sizes, including SMEs, can also be a target of this identity theft technique. Scammers tailor their communications, pretending to be a supervisor, colleague, or provider, aiming to persuade staff to make an urgent payment, disclose sensitive information (such as customer data), or download an infected document.

Training employees to detect suspicious communications and implementing technical solutions to protect the email is crucial to prevent this threat. At Santander we offer you, Cyber Guardian. A centralized cybersecurity platform to help you detecting and blocking suspicious messages 24/7, educating employees to recognize malicious communications, and identifying areas to improve your online security.

Our cyber security pledge

Santander runs several initiatives to help customers and non-customers understand cyber security and stay safe online.

We use financial education to teach people about finances and cybersecurity so they can bank online safely, protect their personal details, and avoid falling victim to fraud. What’s more, our online training Cyber heroes and award-winning fictional podcast on cybersecurity, Titania, are helping us get closer to diverse audiences through interactive and innovative content.

You might like