Warning: Fake 'bank refund' smishing texts harvesting account details
Texts claiming you are owed a bank refund or overpayment are circulating widely, directing recipients to fake banking pages designed to steal credentials and card details.
A recurring wave of smishing texts impersonates banks and financial institutions with a message that you are owed a refund — often attributed to a billing error, a duplicate charge, or a regulatory payout. The message includes a link and asks you to confirm your bank details or log in to 'receive' the amount.
The link leads to a convincing replica of your bank's login page or a form requesting card numbers, sort codes, and account numbers. Entering these hands your credentials directly to the scammer, who can then access your account or sell the details.
Banks initiate refunds directly and do not ask you to confirm your account details via a text link in order to receive money already owed to you. Any such contact should be verified by calling the number on the back of your card.
What to do
- Do not click links in unexpected 'refund' texts
- Call your bank on the number on the back of your card to check for any genuine credits
- Never enter login credentials or card details via a link in a text message
- Report the message to your bank's phishing team and forward to 7726 (UK/US) where supported
- If you entered details, contact your bank immediately to secure your account