7 SMS messages from your “bank” that are probably scams

Crooks are always looking for different ways to fool victims into downloading files they shouldn’t be downloading and clicking on links they shouldn’t be clicking on. The stories they spin to fool victims in this way are called “social engineering” techniques.

One popular social engineering technique is for the crook to claim to be from a bank in order to trick the victim. Crooks send out thousands of messages to large lists of phone numbers (and emails) knowing that at least a certain percentage of those recipients will actually be customers of whichever bank the crook claims to be from.

These are called untargeted phishing scams, and they’re the most common type of SMS phishing (smishing) scam a recipient is likely to encounter. Below we list the most common types of bank-themed social engineering tricks crooks use to try and scam victims. (Of course be aware that the wording will vary depending on specific examples.)

1. An Attempted Transaction

A common themed you will see with most of these examples of that they’re designed to alarm and panic the recipient, which is why claiming to be from your bank – where most of your money likely sits – is always a popular ploy with phishing scammers. After all, there is nothing more alarming than thinking there is something suspicious happening with your bank account.

The “attempted transaction” is a good example of this, whereby the recipient receives a text message claiming that someone attempted to make a transaction from the recipient’s bank account. This is a good trick to panic a recipient into clicking a link.

2. New Payee

In a similar vein to the “attempted transaction” variant, the “new payee” (or “trusted payee”) version similarly attempts to trick the recipient into thinking a new payee has been setup on their bank account.

And again this is an effective ploy to panic the recipient – who has of course added no such payee – into panicking and clicking a link.

3. A Transaction Has Been Made

Again a very similar permutation to the “attempted transaction” trick is the claim that a transaction has actually been made against the recipient’s bank account.

The idea again is to panic the recipient into clicking the link to “cancel or report the transaction”.


Sponsored Content. Continued below...




4. Unusual or Suspicious Activity

This vaguer bank-themed ploy doesn’t offer the recipient many details other than to claim that there has been some sort of suspicious activity on the recipient’s bank account.

Alternatively the message may claim the unusual activity was on the recipient’s bank card.

The text will then inevitably offer up a link for the recipient to click to investigate.

5. Frozen/Suspended/Locked/Deactivated/Restricted Bank Account

This message goes a little further than the above “suspicious activity” message and makes the additional claim that as a result of such suspicious activity, the recipient’s bank account has been restricted in some way.

Again a link is offered for the recipient to “regain access” to their account.


Sponsored Content. Continued below...




6. New Device

This variation of message claims a new device has been authorised on the recipient’s bank account. This technique exploits the fact that many banks require you to register devices for online banking.

And again a link is provided for the recipient to click to “cancel” or “report” the registration.

7. This Is Your Passcode

This variation is difficult to spot because it impersonates the genuine security protocols that some banks have in place. Many banks require you to enter a passcode to authenticate a purchase you’ve made with your bank card. This text impersonates this passcode message.

If you have not made a purchase, it’s probably a scam, but if you’re not sure we’d recommend contacting your bank anyway. Don’t click on any links in the message itself!

Don’t fall for these scams

Scam texts like these will usually try and trick you into either clicking a link in the message or calling a phone number. These will lead to spoof websites or scam call centres, and from there you’ll be lured into parting with your personal information. If you get any text messages resembling any of the above (remember the wording will differ from scam to scam) then don’t click or call!

If you’re not sure the message is legitimate, contact your bank directly by using the phone number on your paperwork or go directly to their website.