Is that bank fraud alert text real or a scam?
Fake bank fraud alert texts are among the most convincing scams in circulation today, because they closely imitate something your real bank genuinely does. You receive a text claiming a suspicious transaction has been detected and asking you to confirm whether you authorised it — usually a 'Reply YES or NO' or a link to review the charge.
If you reply or click, one of two things happens. In the simpler version, you're taken to a fake bank login page to capture your credentials. In the more sophisticated version — an increasingly common 'vishing' (voice phishing) attack — replying confirms you're active, and seconds later you receive a call from a fake 'fraud team' who already knows your name, account details, and the last few transactions, which they use to build false trust before talking you through 'verification steps' that hand them access to your real account.
The sophistication of these texts has increased sharply. In some cases they appear in the same SMS thread as genuine past messages from your bank, due to SMS spoofing techniques that inject messages into existing conversations.
🚩 Red flags to watch for
- ▶The text asks you to click a link to 'verify' or 'confirm' — real bank fraud texts usually ask only for a YES/NO reply and never direct you to click a link to enter login details.
- ▶The link destination isn't your bank's official domain — look carefully for subtle misspellings (barc1ays.com, chase-secure.net).
- ▶A follow-up call arrives almost immediately after you click or reply — this orchestrated timing is a tell.
- ▶During the call, the 'fraud team' asks for your PIN, one-time passcode, or full online banking password — real bank fraud teams never request these.
- ▶Pressure to 'act immediately or your account will be frozen' with a very short window.
- ▶The transaction mentioned is a round number or just specific enough to feel real — $1.00 authorisation, or a retailer name you vaguely recognise.
✅ What to do
- 1Do not click the link. Call your bank directly using the number on the back of your card or on your bank's official website — look it up yourself, don't use any number in the message.
- 2Never give your PIN, full online banking password, or a complete one-time passcode to anyone who called you. Real bank fraud teams do not ask for these — this is a firm industry standard.
- 3If you clicked and entered credentials: contact your bank immediately via official channels to flag a potential account compromise.
- 4In the UK, call 159 — this number connects directly to the fraud teams of most major British banks, so you can reach them without having to find the right number under pressure.
- 5Forward the text to 7726 (SPAM) and report to your bank's fraud line.
📣 Where to report (by country)
🇺🇸 United States
🇬🇧 United Kingdom
- Action Fraud
- Police Scotland — call 101
🇦🇺 Australia
🇨🇦 Canada
🌍 Everywhere else
- Contact your local police and your bank immediately
- If money was sent, ask your bank about a recall request — act within hours
Got a suspicious message right now?
Paste it into our free AI checker for an instant pattern analysis
No account needed · Free to try · Privacy-first
Check your message free →No tool is a guarantee. AI pattern detection is a guide, not a verdict — always use your own judgment.
Common questions
The scam text appeared in the same thread as real messages from my bank. How is that possible?
SMS spoofing allows scammers to set the 'sender name' on a text message to anything, including your bank's name or shortcode. Mobile phones group messages by sender name, so a spoofed message can appear in your existing bank thread. This doesn't mean your bank's systems were breached — it's a carrier-level spoofing trick.
The person who called knew my account balance and recent transactions. Doesn't that prove they're really from my bank?
No. Scammers obtain partial account data from breaches, from previous social engineering calls, or from other scammers who sold the information. Knowing a balance or recent transaction is not sufficient proof of identity. Hang up and call your bank on the number on your card.
I gave them my one-time passcode. What should I do?
Contact your bank immediately — call the number on the back of your card or visit a branch. A one-time passcode can be used within minutes to authorise a transaction or account change. The sooner you report it, the better your bank's ability to reverse any fraudulent actions.