Real Bank Fraud Alert vs Smishing Spoof
How to tell a genuine bank fraud-detection text from a smishing message designed to steal your credentials or authorise a fraudulent payment.
Last reviewed: 1 June 2026
Banks send automated SMS alerts when unusual activity is detected on an account, and fraudsters have learned to mimic these messages almost exactly — including threading them into the same conversation thread as genuine bank messages. The key difference is never in how the message looks, but in what it asks you to do next.
Side-by-side comparison
| Genuine bank fraud alert | Smishing spoof message | |
|---|---|---|
| Call to action | Asks you to confirm or deny a transaction by replying YES or NO — no link, no call to an unknown number | Contains a link to 'verify your account', 'cancel a transaction', or calls you and asks you to read back a one-time code |
| Link presence | Genuine fraud alerts rarely include clickable URLs; when they do, the domain is the bank's well-known official domain | Contains a shortened URL, a misspelled domain (e.g. lloydsbank-secure.com), or a domain registered recently |
| Urgency language | States facts ('A transaction of £120 was attempted') without demanding immediate action under threat of account suspension | Uses high-pressure language: 'Your account will be suspended in 2 hours', 'Act NOW to protect your funds' |
| Information requested | Never asks for your full card number, PIN, password, or one-time code in the same message or on a linked page | Linked page or follow-up call requests PIN, password, full card number, or the OTP sent to your phone |
| Sender display name | Sender ID matches the exact name used in all previous genuine messages from your bank | Sender ID may match your bank's name (spoofed) but small variations appear — or the message arrives from a mobile number |
| Reply behaviour | Replying to a NO reply stops the transaction; no further contact unless you initiate it | Replying triggers a follow-up call from a 'fraud team' that asks for account access or a transfer to a 'safe account' |
Common red flags
- Message contains a link asking you to log in or verify card details
- Follow-up call claims to be from your bank's fraud team and asks you to move money to a 'safe account'
- Message asks you to read back a one-time passcode sent to your phone
- Urgency framing warns your account will be closed or frozen immediately
- Sender number is a standard mobile number rather than a short-code or named sender ID
Verification steps
- Call your bank using the number on the back of your card — never a number in the suspicious message
- Log in to online banking by typing your bank's URL directly in a browser to check for genuine alerts
- If you clicked a link, check the domain carefully against your bank's official website before entering any details
What not to do
- Do not call back a number included in the text message or provided by a caller claiming to be from fraud prevention
- Do not read back any one-time code to a caller, even one who appears to know your account details
- Do not transfer funds to a 'safe account' — genuine banks never ask this
A safe response
If you receive a suspicious fraud alert text, call your bank directly using the number on your card or their official website. If you have already clicked a link or shared a code, contact your bank immediately to report it and request a security review of your account.
Frequently asked questions
My bank text arrived in the same conversation thread as genuine messages — does that mean it is real?
Not necessarily. Fraudsters can spoof a sender ID so their message appears in the same thread as genuine bank messages. The content of the message and what it asks you to do are far more reliable indicators than the thread it appears in.
What should I do if I replied YES to a smishing message?
Contact your bank immediately using the number on the back of your card. Alert them that you may have interacted with a fraudulent message. Ask them to review recent activity and consider placing a temporary hold on your account while you investigate.