7 SMS messages from your “bank” that are probably scams
Crooks are always looking for different ways to fool victims into downloading files they shouldn’t be downloading and clicking on links they shouldn’t be clicking on. The stories they spin to fool victims in this way are called “social engineering” techniques.
One popular social engineering technique is for the crook to claim to be from a bank in order to trick the victim. Crooks send out thousands of messages to large lists of phone numbers (and emails) knowing that at least a certain percentage of those recipients will actually be customers of whichever bank the crook claims to be from.
These are called untargeted phishing scams, and they’re the most common type of SMS phishing (smishing) scam a recipient is likely to encounter. Below we list the most common types of bank-themed social engineering tricks crooks use to try and scam victims. (Of course be aware that the wording will vary depending on specific examples.)
1. An Attempted Transaction
A common themed you will see with most of these examples of that they’re designed to alarm and panic the recipient, which is why claiming to be from your bank – where most of your money likely sits – is always a popular ploy with phishing scammers. After all, there is nothing more alarming than thinking there is something suspicious happening with your bank account.
The “attempted transaction” is a good example of this, whereby the recipient receives a text message claiming that someone attempted to make a transaction from the recipient’s bank account. This is a good trick to panic a recipient into clicking a link.
2. New Payee
In a similar vein to the “attempted transaction” variant, the “new payee” (or “trusted payee”) version similarly attempts to trick the recipient into thinking a new payee has been setup on their bank account.
And again this is an effective ploy to panic the recipient – who has of course added no such payee – into panicking and clicking a link.
3. A Transaction Has Been Made
Again a very similar permutation to the “attempted transaction” trick is the claim that a transaction has actually been made against the recipient’s bank account.
The idea again is to panic the recipient into clicking the link to “cancel or report the transaction”.
Sponsored Content. Continued below...
4. Unusual or Suspicious Activity
This vaguer bank-themed ploy doesn’t offer the recipient many details other than to claim that there has been some sort of suspicious activity on the recipient’s bank account.
Alternatively the message may claim the unusual activity was on the recipient’s bank card.
The text will then inevitably offer up a link for the recipient to click to investigate.
5. Frozen/Suspended/Locked/Deactivated/Restricted Bank Account
This message goes a little further than the above “suspicious activity” message and makes the additional claim that as a result of such suspicious activity, the recipient’s bank account has been restricted in some way.
Again a link is offered for the recipient to “regain access” to their account.
Sponsored Content. Continued below...
6. New Device
This variation of message claims a new device has been authorised on the recipient’s bank account. This technique exploits the fact that many banks require you to register devices for online banking.
And again a link is provided for the recipient to click to “cancel” or “report” the registration.
7. This Is Your Passcode
This variation is difficult to spot because it impersonates the genuine security protocols that some banks have in place. Many banks require you to enter a passcode to authenticate a purchase you’ve made with your bank card. This text impersonates this passcode message.
If you have not made a purchase, it’s probably a scam, but if you’re not sure we’d recommend contacting your bank anyway. Don’t click on any links in the message itself!
Don’t fall for these scams
Scam texts like these will usually try and trick you into either clicking a link in the message or calling a phone number. These will lead to spoof websites or scam call centres, and from there you’ll be lured into parting with your personal information. If you get any text messages resembling any of the above (remember the wording will differ from scam to scam) then don’t click or call!
If you’re not sure the message is legitimate, contact your bank directly by using the phone number on your paperwork or go directly to their website.
Continued below...
Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.
We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here
Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X