UK businesses, charities, and wealthy account holders are being warned about a new wave of scams where criminals impersonate banks’ anti-fraud teams to steal vast sums of money.
According to the Cyber Defence Alliance (CDA), fraudsters are deploying sophisticated software to gain remote access to victims’ devices, draining accounts of tens of thousands—and, in some cases, more than £1m, claims PA Media.
Ahead of International Fraud Awareness Week, running from November 16 to 22, the CDA has joined forces with fraud prevention service Cifas and industry body UK Finance to raise awareness of this latest threat. The scam typically begins with a phone call, sometimes following a text message, from someone pretending to be from the victim’s bank. The caller claims there has been fraudulent activity and urges the victim to take immediate action by visiting a fake banking website.
Once there, victims are asked to click a “chat” button that secretly installs remote access software, granting criminals full control over the device and its online banking functions. This allows fraudsters to transfer funds, add new payees, and intercept one-time passwords sent by the bank. In some cases, victims are even persuaded to set up call forwarding, blocking genuine calls from their financial institution.
CDA operations director Garry Lilburn said: “If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems off, end the call and report it using your bank’s official contact methods.”
Cifas CEO Mike Haley said: “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”
UK Finance principal of remote banking channels Dianne Doodnath said: “Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk. To protect yourself, follow the Take Five to Stop Fraud advice: pause, check the source and only respond using verified contact details.”
Adding to the discussion, SmartSearch chief technology and product officer Stuart Morris said: “This latest wave of impersonation scams shows just how inventive—and brazen—criminals have become in exploiting public trust. From fake bank calls and cloned investment websites to bogus ‘parcel’ texts and deepfake voices, fraudsters are deploying increasingly sophisticated tricks to part people from their money. The stakes are high: over £100bn in illicit wealth washes through the UK economy each year, undermining confidence and fuelling organised crime.
“Our latest research finds nearly half of regulated firms have seen a rise in criminal activity within their own operations—a warning that fraud is no longer a fringe threat but a mainstream business risk. Consumers must stay sceptical of unexpected messages or calls and never share access or security details, however convincing the pitch. Yet technology can tilt the balance. If banks and financial firms universally adopt advanced digital verification and identity tools, imposters will find it far harder to slip through the cracks. In the end, it’s a three-part defence: education, vigilance, and smarter systems. Only by combining sharper human instincts with modern detection tools can we hope to keep pace with the scammers’ ingenuity.”
Individuals are advised to hang up on suspicious calls, verify numbers directly via their bank card or app, and use the 159 service to connect to their bank’s fraud team. Suspicious text messages should be forwarded to 7726.
Keep up with all the latest RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
