Businesses, charities, and individuals with high-value accounts across the UK are being targeted by a highly sophisticated banking scam that has already resulted in losses totalling millions of pounds. The Cyber Defence Alliance (CDA) has issued an urgent warning after reports that some victims have had over £1 million stolen from their accounts.
How the Sophisticated Scam Operates
The fraud begins with criminals making contact, often via a phone call. They typically pose as representatives from a bank's legitimate fraud department, sometimes following up on a deceptive text message. This initial contact is designed to create trust and alarm.
Victims are then directed to a fake website that mimics their bank's genuine online portal. Here, they are tricked into downloading and installing software, frequently under the guise of "security" or "anti-fraud" applications. This software, however, grants the criminals remote access to the victim's device, allowing them to directly control the computer and navigate online banking platforms.
Major Financial Losses and Collaborative Action
The scale of the fraud is significant. The CDA reports that losses are in the tens of thousands of pounds for many, with the most severe cases seeing individual accounts plundered of sums exceeding £1 million. The alert was issued on 07 December 2025.
In response, a coalition of leading UK fraud prevention bodies is working together to raise public awareness. The CDA is collaborating with Cifas and the banking trade association UK Finance, particularly ahead of the Christmas period when financial activity increases.
Expert Advice to Protect Yourself
Senior figures from these organisations have provided clear guidance to help the public stay safe.
Garry Lilburn, Operations Director at the Cyber Defence Alliance, advised: "If you receive a message or call that feels unusual, pause and consider if it matches your bank's normal way of communicating. If anything seems off, end the call immediately and report it using the official contact details you already have for your bank."
Mike Haley, CEO of Cifas, highlighted the criminals' tactics: "Fraudsters create a false sense of urgency to exploit trust and steal large sums. Remember, your bank will never ask you to download software or transfer funds to 'protect' your account. Always question unexpected requests."
Dianne Doodnath, Principal of Remote Banking Channels at UK Finance, reinforced the message: "These impersonation scams often start with a contact claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at immediate risk. Follow the Take Five to Stop Fraud advice: stop, think, and only respond using verified contact details."
The key takeaway is to be extremely wary of unsolicited contact regarding your bank account, never grant remote access to your devices, and always initiate contact with your bank yourself using a known, trusted number or website.
