What is it?

Banking fraud can occur via three channels: online, telephone and mobile. To commit this fraud criminals gain access to your business’s bank account and make unauthorised transfers of money.

Businesses should be aware of the dangers of this type of fraud, where criminals target victims directly and use social engineering tactics to trick them out of their personal and financial information in order to access their accounts. Criminals have exploited modern forms of banking, as levels of usage have increased so has fraud.

Three types of banking fraud to watch out for:

  • Mobile banking fraud takes place when you are contacted by a criminal who persuades you to provide access to or make payments from your mobile banking applications.
  • Online banking fraud takes place when criminals persuade you to provide access to or make payments from your bank account online.
  • Telephone banking takes place when businesses are contacted over the phone and persuaded to make a payment or provide access to accounts during the call. Criminals use social engineering tactics to convince people that they represent a legitimate organisation.

Figures from 2019 show that 81 per cent of the adult population used at least one form of remote banking and there was a significant rise in internet and mobile banking fraud recent years.


  1. Your business’s account details have somehow been changed and you may not be able to access your account
  2. New payees, direct debits and standing orders have been set up on your business’s bank account that you didn’t authorise
  3. There are transactions on your business’s bank statement you don’t recognise


Monty* was feeling stressed and under pressure. Several of his colleagues had called in sick and he was really busy when he received a text from what he thought was the bank, informing him of suspicious activity on the business’s bank account.

Despite being rushed off his feet Monty knew he had to sort this issue out quickly, so he called the fraud prevention number provided in the text. He spoke to someone claiming to be from the fraud department, and they confirmed the business’s address and recent transactions. He was asked to provide the business’s bank details in order for the account issues to be resolved. Shortly after, Monty received a One-Time Passcode which he shared with the bank employee. Finally he was informed that the problem with the business’s account had been resolved.

Several days later when he checked the business’s bank account, Monty noticed countless transactions that he hadn’t authorised. He contacted the bank immediately, this time using the number on a bank statement.

Jade* had a busy role in the finance team of her organisation.  Having recently submitted tax returns for the organisation, tax was on her mind when she received an email from HMRC. The email said the organisation was due a tax rebate and included a link to a website plus a number to call. Aware of the risks of clicking on links in emails, Jade opted to call the number.

Her suspicions eased when she spoke to the caller claiming to represent HMRC, who verified the organisation’s information. Keen to recoup the money, Jade provided the company account details to the caller. She was informed it would take a week for the refund to be processed.

It wasn’t until the next week when she checked the business’s bank account that she saw all the unknown transactions and she realised she’s been scammed.

*Case studies are based on insights from partners

If you believe your business has fallen for a scam, contact the bank immediately on a number you know to be correct, such as the one listed on the back of your business’s bank card.

Report it to Action Fraud on 0300 123 2040 or via actionfraud.police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101 or Advice Direct Scotland on 0808 164 6000.

Always remember

Only provide organisations that you trust and have given consent to with your personal or financial details

Question uninvited approaches and contact companies directly using a known email or phone number

Contact your business’s bank immediately if you identify transactions on bank statements that you don’t recognise

Just because someone knows details about your business doesn’t mean they’re genuine

Be wary of unexpected or suspicious looking pop-ups that appear during your online banking session

Check the online banking security options your business’s bank may provide

If you have visited a website you think is suspicious you can report it to the National Cyber Security Centre.

Scam warning: Criminals may purport to be from Take Five, using our official branding on websites, social media posts, literature, on the phone or by text. Take Five doesn’t provide endorsement or approval for any products/services and would never call or text anyone.