Bank users lose more than £1million to fraudsters — Six steps to stay safe this Christmas

The Cyber Defence Alliance has joined forces with fraud prevention service Cifas and UK Finance to expose the scam ahead of the awareness campaign running from November 16 to 22.

Their intelligence reveals how fraudsters masquerade as legitimate banking security personnel to manipulate victims into surrendering control of their accounts.

The elaborate deception employs multiple techniques including bogus websites, malicious software and psychological manipulation.

Businesses, charitable organisations and individuals with substantial bank balances have been identified as primary targets of these criminal operations.

The criminals initiate contact through telephone calls, occasionally preceded by text messages, with callers claiming to represent the victim’s financial institution.

They alert targets to supposed fraudulent activity requiring immediate action, creating panic to cloud judgement. Victims are then directed to counterfeit banking websites designed to appear authentic. Once there, they are instructed to activate a chat function which covertly downloads malicious software onto their devices.

|

GETTY

This programme grants criminals complete control over the victim’s computer and banking access.

When banks dispatch security verification codes to customers’ mobile phones, the fraudsters manipulate victims into disclosing these credentials.

The scammers can then establish new payment recipients and transfer funds freely. Some victims are even convinced to activate call diversion services, preventing their actual bank from making contact.

Mr Garry Lilburn, operations director at CDA, said: “If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems off, end the call and report it using your bank’s official contact methods.”

Tips to avoid remote access bank scams:

1. Hang up and call your bank back using a number from your bank card or app.

2. Never trust a call just because it sounds professional – always verify the caller.

3. Try using the 159 service to connect directly to your bank’s fraud team. Many banks have signed up to this.

4. Never share one-time passwords or allow remote access to your device.

5. Report suspect text messages by forwarding them to 7726.

6. Visit the Take Five to Stop Fraud website for further support and advice.

|

GETTY

Mike Haley, chief executive officer of Cifas, said: “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”

Ms Dianne Doodnath, principal of remote banking channels at UK Finance, said: “Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk.”

Several warning signs can help potential victims identify these scams before falling prey.

Being instructed to return calls on specific numbers supplied by the caller should raise immediate suspicion, as should any pressure to act hastily.

Legitimate financial institutions will not request customers to install programmes on their devices or demand access to banking platforms.

Requests to divulge authentication codes sent via text message represent another major indicator of fraudulent activity. The criminals may also attempt to persuade targets to configure call redirection on their phones.

This tactic ensures genuine bank representatives cannot reach customers to alert them about suspicious transactions. Any unexpected communication claiming urgent account issues warrants careful scrutiny, particularly when accompanied by demands for immediate action or system access.

Those who suspect they have been targeted should immediately contact their bank and report the incident to police. Prevention remains the most effective defence against these sophisticated schemes.

A separate study found that young Brits are now the most vulnerable to scams, with 47 per cent of 18–34 year-olds losing money in the past year—compared to just 15 per cent of over-55s.

Average losses for younger victims topped £3,000, nearly double the amount lost by older age groups.

Banks have reported a sharp rise in scam-related losses, with 78 per cent saying customer losses have increased over the last year.

Fake websites, social media cons, and crypto scams are driving the surge, prompting calls for stronger protections and AI-powered fraud defences.

Jason Blackhurst, SVP, Head of Featurespace and Acceptance Risk Solutions at Visa, said: “Young consumers are losing thousands to increasingly sophisticated scams. With Black Friday and Christmas around the corner, banks must act fast.

“AI-powered fraud prevention is becoming increasingly essential, with those who lag behind at risk of losing customer trust and market share.

“As scams evolve, so must our defences. It’s time for banks, tech providers, and regulators to collaborate and protect the next generation of consumers.”

| GETTY

Experts recommend terminating suspicious calls and contacting banks through telephone numbers displayed on official cards or applications.

The service offers direct connection to participating banks’ fraud departments, providing a secure communication channel. Customers must never divulge one-time authentication codes or permit strangers to access their devices remotely. Suspicious text messages should be forwarded to 7726 for investigation.

Ms Doodnath said: “Pause, check the source and only respond using verified contact details.”

Additional resources and support are available through the Take Five to Stop Fraud website for those seeking comprehensive protection strategies.