How to spot a fake bank text
Fake bank fraud alerts are among the most common scam texts in the UK. Here is how to tell a real one from a fake, and what to do instead.
A text arrives claiming to be from your bank. "Unusual activity detected." "New device login." "Your account will be suspended unless you verify now." It includes a link.
This is one of the most common forms of smishing in the UK - and one of the most dangerous, because the message arrives in the same thread as genuine bank notifications and creates immediate panic.
Here is how to tell the real ones from the fake ones - and what to do instead of clicking the link.
Why fake bank texts work so well
Several things make this scam particularly effective:
- Banks really do send texts - payment confirmations, fraud alerts, and one-time passcodes are normal. Scammers copy the same format.
- Fear triggers fast action - "Someone is trying to access your account" makes you want to fix the problem immediately, before you think.
- Sender IDs can be spoofed - the text may appear to come from "BARCLAYS", "HSBC", or "LLOYDS" even when it isn't from your bank at all.
- The link looks plausible - fake login pages are often visually identical to the real mobile banking site.
The goal is always the same: get you to enter your online banking login, card details, or one-time passcodes on a fake page the scammer controls.
What fake bank texts look like
The most common variants:
Suspicious activity alert
"We detected unusual activity on your account. Verify your identity here to avoid suspension: [link]"
New device login
"A new device has signed into your online banking. If this wasn't you, secure your account now: [link]"
Payment blocked
"We have blocked a payment of ยฃ847.00. Confirm or cancel here: [link]"
Account verification required
"Your account access will be restricted in 24 hours. Complete verification: [link]"
One-time passcode bait
"Your security code is 847291. If you did not request this, click here immediately: [link]"
All follow the same pattern: create urgency, impersonate your bank, provide a link.
Payment apps get the same treatment - fake texts claiming to be from PayPal, Revolut, Monzo, or Starling use identical scripts. The rules below apply to all of them.
The one rule to remember
Your bank will never send you a link and ask you to log in to verify yourself.
If there is genuinely a problem with your account, you log in through the official app or by typing the bank's address yourself - not through a link in a text.
The same applies to PayPal, Revolut, and other payment services. They may send you notifications, but they won't ask you to authenticate via a link in an unsolicited text.
How to spot a fake
Check the link before you tap
Real banks use their own domains. Fake links use variations designed to look right on a small screen:
- Barclays:
barclays.co.uk - HSBC:
hsbc.co.uk - Lloyds:
lloydsbank.com - NatWest:
natwest.com - Santander:
santander.co.uk
Fake examples might look like barclays-secure-login.com, hsbc-verify.net, or lloyds-fraud-alert.co.uk. Read the full domain carefully - the brand name in the middle of a longer address is not the real site.
For a full guide to reading links, see how to tell if a link is safe before you click it.
Don't trust the sender name
SMS sender IDs like "BARCLAYS" or "HSBC" can be spoofed. A convincing sender name is not proof the text is genuine. Scammers routinely fake them.
Watch for urgency and threats
"Act within 24 hours", "Your account will be closed", "Immediate action required" - these are designed to stop you checking. A real bank fraud alert gives you time to verify through official channels.
Be suspicious of unsolicited contact
If you weren't expecting a fraud alert and haven't noticed anything unusual on your account, treat an out-of-the-blue text with scepticism - even if it looks convincing.
What to do when you receive one
Don't tap the link. If you're worried the alert might be real, open your banking app directly or type your bank's official address into your browser yourself. Log in there and check for notifications or pending actions.
Call your bank on a number you trust. Use the number on the back of your card or in the official app - not any number in the text.
Check the link without visiting it. Copy the URL from the text (press and hold the link, then select Copy) and paste it into SniffTest. It runs 17 checks including phishing blocklists, domain age, and brand impersonation detection, and returns a plain-English verdict before you open anything.
Report it. Forward the text to 7726 (free on all UK networks - spells SPAM on a keypad). This goes to your mobile network's fraud team. You can also report to Action Fraud at actionfraud.police.uk.
Delete it. Once reported, delete the message so you don't tap the link later by accident.
If you already clicked and entered details
Act immediately - scammers often try to access accounts within minutes.
- Call your bank now - use the number on the back of your card. Ask them to freeze your account, cancel compromised cards, and monitor for fraud.
- Change your online banking password - from a device you trust, using the official app or website (not the link from the text).
- Enable two-factor authentication if it isn't already active.
- Check recent transactions - look for anything you didn't authorise, however small.
- Log out of all sessions - most banking apps have an option to sign out everywhere.
For a full recovery guide covering passwords, card details, and personal information, see what to do after clicking a phishing link.
Fake bank text vs real notification - at a glance
| Signal | Real bank text | Fake bank text |
|---|---|---|
| Asks you to log in via a link | Never | Almost always |
| Creates urgent threat of account closure | Rarely | Very common |
| Link goes to official bank domain | โ (if any link) | โ |
| Sender name matches bank | Usually | Sometimes (spoofed) |
| Safe to verify via official app | โ | โ (always do this) |
Frequently asked questions
Q: Do banks ever send fraud alert texts with links?
A: Banks send fraud notifications and one-time passcodes by text, but they do not ask you to log in through a link in an unsolicited message. If you're unsure, open the official banking app or type the bank's address yourself - never use the link in the text.
Q: How can I check if a bank text is real without clicking the link?
A: Open your banking app directly and look for alerts there. Alternatively, copy the link from the text and paste it into SniffTest to check whether the destination is a known phishing site. Call your bank on the number on your card if you're still unsure.
Q: The text came from "BARCLAYS" (or my bank's name). Is that proof it's real?
A: No. Sender ID spoofing is common and scammers routinely fake bank names in the sender field. Always verify through the official app or a phone number you trust - not through the link in the message.
Q: I entered my online banking details on a fake site. What now?
A: Call your bank immediately on the number on the back of your card. Ask them to freeze the account and monitor for fraud. Change your password through the official app, enable two-factor authentication, and check for unauthorised transactions. See what to do after clicking a phishing link for the full step-by-step guide.
Q: Is a fake bank text the same as vishing?
A: No. A fake bank text is smishing - phishing via SMS. Vishing is phishing by phone call, such as a scammer claiming to be from your bank's fraud team. Both impersonate your bank, but the channel is different. Your bank will never ask you to transfer money to a "safe account" by phone or text - that is always a scam.
Not sure about a link?
Paste it below and we will run our checks for you. It only takes a few seconds, and you do not need an account.
๐ฌ Scam Watch โ our free monthly digest on active scams. Subscribe โ