Email Scams

Santander Email Scam: How to Spot a Fake Bank Email (UK)

Santander won't email you asking for your password, PIN, or card details—but scammers will.

· · · 5 min read

Santander email scamfake Santander emailSantander phishing emailis this Santander email realSantander scam UKSantander account locked emailSantander verify email scamreport Santander phishing
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.

What a fake Santander email looks like

A Santander email scam is a phishing message that imitates the bank so you click a link and give away login details, card details, one-time passcodes, or personal information. An example of the style is an email from a display name such as "Santander Security" with a subject like Your account has been temporarily locked, followed by a button saying "Restore access".

The pretext changes - a locked account, a blocked payment, a new device, or a security check - but the goal is to rush you onto a fake login page or form. This guide shows how to spot the warning signs, verify safely, and report the message.

Why these emails fool people

Phishing emails can copy Santander logos, colours, and wording. The visible sender name can be set to almost anything, and link text can say one thing while sending you somewhere else. A message can also be sent from a compromised account, so checking only one detail is not enough.

A genuine bank email should not require you to use an email link to reveal a password, share a passcode, or move money. Santander's official fraud page also gives direct reporting routes: suspicious emails can be sent to phishing@santander.co.uk, and suspicious texts referring to Santander can be forwarded to 7726 and emailed to smishing@santander.co.uk.

Signs a Santander email is phishing

  • A generic greeting such as "Dear Customer", especially when paired with an urgent threat.
  • A sender address that is not clearly Santander-owned, or a link that points to an unfamiliar domain. Even a plausible address is not enough on its own.
  • A button or link telling you to "verify", "reactivate", "restore access", or "secure" your account.
  • A request for your full password, PIN, card details, or one-time passcode.
  • An unexpected attachment.
  • A demand to move money to a new or "safe" account.
  • Spelling, spacing, or design that feels off. This can help, but polished emails can still be scams.

How the email scam works

First, an email lands that appears to be a Santander security alert. Second, it pushes you to click a button or link. Third, the link opens a copycat login page or form. Fourth, anything you type is captured by criminals. Fifth, they may trigger a real one-time passcode and ask you to enter it on the fake page. Finally, they try to access the account, approve a payment, steal card details, or use the information in later scams.

Checking independently before you click breaks the chain.

How to check if a Santander email is genuine

Do not click links or open attachments in a suspicious email. Instead:

  • Open the Santander app and check messages and account activity there.
  • Type santander.co.uk yourself, or use a trusted bookmark.
  • Call the number on the back of your card.
  • Use 159. Stop Scams UK lists Santander as a 159 participant.

Hovering over a link can reveal where it points, but it should not be your only check. If you cannot confirm the message independently, contact Santander directly.

If you are unsure whether a linked website is a copycat, our guide on Is This Website a Scam? A Practical Checklist Before You Buy walks through the checks.

If you clicked or entered details

If you entered login details, card details, or a passcode, contact Santander immediately using the app, the number on your card, or 159. Tell them you may have been phished and ask them to secure the account and check for payments or changes you do not recognise.

Change your Santander password only through the official app or by typing the address yourself. Change it anywhere else you reused it. If you shared card details, ask for the card to be stopped and reissued. If you opened an attachment, run a security scan.

If you sent money by UK bank transfer on or after 7 October 2024, mandatory APP fraud reimbursement rules may apply to Faster Payments and CHAPS transfers. The PSR rules include a 13-month claim window, a maximum claim amount of £85,000, possible exclusions, and a possible excess of up to £100. Report the scam to your bank as soon as possible and keep the email and any related messages.

Consider Cifas Protective Registration at cifas.org.uk and check your credit reports if you gave away personal information that could be used for identity fraud.

How to report a fake Santander email (UK)

Forward the email to the NCSC at report@phishing.gov.uk. The NCSC says it can analyse reported emails and websites and, where malicious activity is found, work to remove links to malicious websites.

Report suspicious Santander emails to phishing@santander.co.uk. If it was a text referring to Santander, forward it to 7726 and email it to smishing@santander.co.uk, as Santander advises.

If you lost money, shared sensitive information, or were hacked, report it to Report Fraud at reportfraud.police.uk or on 0300 123 2040 if you are in England, Wales, or Northern Ireland. In Scotland, report to Police Scotland on 101.

Frequently asked questions

Does Santander send emails with links?

Genuine bank emails can contain links, so a link alone is not proof of a scam. The safer rule is not to use email links to log in, confirm details, enter a one-time code, or move money.

How can I tell who really sent a Santander email?

Check the full sender address and hover over links, but do not rely on those checks alone. Sender names can be faked and links can be disguised. Verify through the app, by typing the address yourself, or by calling the number on your card.

I clicked the link and entered my details - what now?

Contact Santander immediately using the app, 159, or the number on your card. Change your password through the official app or site, stop your card if card details were shared, and report any payment you did not make.

Can I get my money back after a Santander email scam?

Possibly. Report it to Santander immediately. APP reimbursement rules may cover eligible UK bank transfers over Faster Payments or CHAPS made on or after 7 October 2024, subject to the PSR rules, limits, and exclusions. Card payments have different protections, such as chargeback.

How do I report a fake Santander email?

Forward it to report@phishing.gov.uk and phishing@santander.co.uk. If it also came by text, forward the text to 7726 and email it to smishing@santander.co.uk.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.

Reporting routes in this guide are checked against our verified canon of official UK sources — Action Fraud, the National Cyber Security Centre, and Citizens Advice — by an automated accuracy gate before publication. Fact-checked and updated by , Founder & Editor, on 2026-06-26. Read about how Beat the Scam writes guides.