Fraud and scams

This page gives you information on the latest types of financial fraud or scams being reported across the UK.

We want to protect you and your clients from fraud and scams and give you the tools you need to protect yourselves.

Mortgage fraud

In order to beat mortgage fraud, we need to work together. Remember, detecting and preventing mortgage fraud starts at the application stage.

In its "Dear CEO" letter to mortgage intermediaries, the FCA warned firms that mortgage fraud is an inherent risk within the sector and that it requires firms to be able to spot inaccurate or implausible information, including payslips, accountants’ certificates, tax returns or bank statements.

  • False payslips and bank statements
  • Bank statements showing salary credits by faster payment
  • Self-employed claiming to be employed
  • Unencumbered property fraud (particularly tenanted properties)
  • BTL mortgages for residential purposes (scheme abuse)
  • Data manipulation (e.g. non-disclosure of dependants)
  • False address history to hide commitments
  • False representation

  • Applicant not local to area – by current address or employer
  • Vague about large deposit
  • Income and role not consistent with age
  • Property not suitable for applicant(s)
  • Limited time in current role
  • 2 full-time jobs
  • Pristine payslips
  • Payslips don’t show any deductions like pension, tax, etc.
  • Payslip shows employee number 1 – this could indicate your client is self-employed.

  • Know your customer and carry out robust identity checks
  • Know your introducer
  • Read AML and Anti-bribery & Corruption policies and procedures
  • Robust recruitment process for advisers
  • Enhanced due diligence for high risk cases, such as:
    • Non face-to-face
    • High value loans
    • Internet referrals
  • Check transparency of the transaction – does it look right?
  • Where is the deposit coming from?
  • Sense check employment
  • Do bank statements confirm lifestyle?
  • Sense check the transaction/property
    • Does it suit the customer's needs?

To report mortgage fraud please contact your Principal Company, Network, or your support service provider.

You can also report a scam or unauthorised firm on the FCA website

You should also know about

These happen when a criminal intercepts communications between a buyer and the solicitor and the money is sent to the criminal's bank account. 

To prevent this happening:

  • The buyer must check the account details with the solicitor in person or by calling them.
  • They must do this even if they’ve been in regular contact with them.
  • They mustn’t use the number in the message requesting payment. Instead, use a trusted number, or one that’s publicly available. 

More about payment redirection scams

Known more formally as 'Conveyancing fraud’, this is committed by criminals who hack into the email chains between sellers and buyers and their solicitors and estate agents.

Waiting for the right time, usually on the day of sale completion, fraudsters send a spoofed or mimicked email informing the parties that bank account details have changed at the last minute and that money should be put into a different account. Or, if they get in early enough, they can edit the account number and details shared in the conversation.

The purchaser then transfers the sum of money into the new bank account, which is controlled by the fraudster, leaving the solicitor or client at a substantial financial loss.

As fraudsters monitor previous communications, they can make emails appear identical and delete real ones from accounts. The fraudster may even contact the purchaser by telephone and spoof the genuine solicitor’s number, to add authenticity and support, to make sure everything goes according to plan.

Detailed prevention tips

Check the account details: law firms rarely change their bank details. Before sending any money, visit the solicitors in person to check the account details are real. If that’s not possible, call them on a publicly available telephone number. Don’t send any money to an account without making this check, even if you’ve been in regular contact. 

Use Confirmation of Payee (CoP): this is an account name checking service. It helps make sure payments are sent to the right account. The name on the account can be checked to see if it matches before a new CHAPS, Faster Payment or Standing Order is set up. 

If the CoP check can’t be performed or doesn't match you should speak to the solicitor and check the details again. Making sure they are using the legitimate contact details to check, not the fraudsters.

Beware of emails: the email address can appear genuine, so look out for minor changes such as a full stop or additional letter that's difficult to spot at a glance. Check the company's registered website, or any paperwork they have, for the account details where payments should be made. 

Did you know... Solicitor account rules dictate they can only maintain a client account at a branch or the head office of a bank or building society in England and Wales. This means a genuine solicitor wouldn’t have an account with an internet only provider. 

Number spoofing is when a caller deliberately falsifies how their phone number appears on the Caller ID to disguise their identity. Criminals are increasingly targeting consumers over the phone or by text message; posing as bank staff, police officers and other officials or companies in a position of trust. They try to persuade the victim their accounts are at risk, or they have an overpayment to get them to transfer money or give away personal or security details.

If you challenge the caller, they tell you to check the caller ID of the phone number they’re calling/texting from, which they have masked, or ‘spoofed’, to look like your bank’s genuine phone number – this offers a false display making you think it’s a genuine call.

Be wary of all contact made out of the blue and always follow our top tips to help protect yourself.

Phishing is where cyber criminals send you emails in an attempt to steal your information. They usually pretend to be a reputable company, and it's one of the biggest causes of fraud today.

Emergency situations and hard-to-refuse offers are just some of the methods used to try and get your information. Read our top tips below for how to spot a fraudulent email.

Genuine sender: do you know the sender and does the email address match one you already know? Most malicious emails will also address you generically, rather than by your name.

Suspicious links: an email may contain links, which take you to a different website than it suggests. If you hover your mouse over the link (without clicking), you can see a review of the actual link that you will be taken to.

Urgency: most malicious emails play to emotion or the urgency of a situation and many urge you for quick payment or personal information. Always confirm that this type of request is legitimate and never share sensitive information unencrypted.

Spelling and grammar: many phishing emails contain poor spelling and grammar. If you don't recognise the sender, were not expecting the email, and it's full of errors, it could be a phishing email or spam.

To learn more about common fraud and scams, visit our ‘Spotting fraud and scams' on our Santander website.