Real Bank Fraud Alert vs Smishing Spoof
How to tell a genuine bank fraud-detection text from a smishing message designed to steal your credentials or authorise a fraudulent payment.
Last reviewed: 1 June 2026
Banks really do send fraud alerts by text, and most of the ones you receive are genuine. A typical alert states a transaction and asks you to reply YES or NO, and that is the end of it. Fraudsters copy this closely, and because sender IDs can be spoofed their message can drop into the same conversation thread as the real ones on your phone, sitting directly under a message you know was authentic. Add the alarm of seeing a payment you did not make, and a reasonable person taps the link. Nothing in how a message looks will separate the two reliably. What separates them is what happens next: a genuine alert does not need you to click through to a login page, and never needs a one-time code read aloud.
Side-by-side comparison
| Genuine bank fraud alert | Smishing spoof message | |
|---|---|---|
| Call to action | Asks you to confirm or deny a transaction by replying YES or NO — no link, no call to an unknown number | Contains a link to 'verify your account', 'cancel a transaction', or calls you and asks you to read back a one-time code |
| Link presence | Genuine fraud alerts rarely include clickable URLs; when they do, the domain is the bank's well-known official domain | Contains a shortened URL, a misspelled domain (e.g. lloydsbank-secure.com), or a domain registered recently |
| Urgency language | States facts ('A transaction of £120 was attempted') without demanding immediate action under threat of account suspension | Uses high-pressure language: 'Your account will be suspended in 2 hours', 'Act NOW to protect your funds' |
| Information requested | Never asks for your full card number, PIN, password, or one-time code in the same message or on a linked page | Linked page or follow-up call requests PIN, password, full card number, or the OTP sent to your phone |
| Sender display name | Sender ID matches the exact name used in all previous genuine messages from your bank | Sender ID may match your bank's name (spoofed) but small variations appear — or the message arrives from a mobile number |
| Reply behaviour | Replying to a NO reply stops the transaction; no further contact unless you initiate it | Replying triggers a follow-up call from a 'fraud team' that asks for account access or a transfer to a 'safe account' |
Common red flags
- Message contains a link asking you to log in or verify card details
- Follow-up call claims to be from your bank's fraud team and asks you to move money to a 'safe account'
- Message asks you to read back a one-time passcode sent to your phone
- Urgency framing warns your account will be closed or frozen immediately
- Sender number is a standard mobile number rather than a short-code or named sender ID
Verification steps
- Call your bank using the number on the back of your card — never a number in the suspicious message
- Log in to online banking by typing your bank's URL directly in a browser to check for genuine alerts
- If you clicked a link, check the domain carefully against your bank's official website before entering any details
What not to do
- Do not call back a number included in the text message or provided by a caller claiming to be from fraud prevention
- Do not read back any one-time code to a caller, even one who appears to know your account details
- Do not transfer funds to a 'safe account' — genuine banks never ask this
A safe response
Put the phone down for a moment, because a real fraud alert does not get worse for waiting five minutes. Do not use any number or link in the message. Call the number printed on the back of your card, or open your bank's own app, and ask whether the alert came from them. If a caller claims to be your bank, hang up and call back on that card number. A genuine adviser never asks you to move money to a safe account. If you have already clicked, shared a code, or transferred money, call your bank now, say you think you have been defrauded, and ask for a security review.
Frequently asked questions
The caller knew my address and recent transactions, how could they if they are not my bank?
Knowing details is not proof of identity. That information reaches fraudsters through data breaches, stolen post, earlier phishing you may have forgotten, and sometimes from you during the call itself, through questions that sound like verification. Treat correct details as neutral rather than reassuring. The only reliable test is the channel, so end the call and dial the number on your card yourself. If the caller was genuine, nothing at all is lost by calling back.
My bank text arrived in the same conversation thread as genuine messages — does that mean it is real?
Not necessarily. Fraudsters can spoof a sender ID so their message appears in the same thread as genuine bank messages. The content of the message and what it asks you to do are far more reliable indicators than the thread it appears in.
What should I do if I replied YES to a smishing message?
Contact your bank immediately using the number on the back of your card. Alert them that you may have interacted with a fraudulent message. Ask them to review recent activity and consider placing a temporary hold on your account while you investigate.