Fake Bank Subscription Charge Phishing
Criminals send SMS or email alerts mimicking bank transaction notifications, claiming a large subscription payment was just deducted, and directing victims to a phishing page to dispute or cancel it — harvesting banking credentials under the guise of consumer protection.
Part of: Fake Subscription Renewal Phishing
Last reviewed: 7 June 2026
Banks send genuine transaction notifications when a charge is made to your account or card. Scammers have adopted this format to create fake subscription-charge alerts, choosing amounts and merchant names that seem familiar enough to be plausible but large enough to cause alarm. The alert motivates recipients to act immediately on what they believe is their bank's own communication.
The fake bank alert says something like: 'We have processed a payment of $[amount] to [Software/Streaming Service]. If you did not authorise this, click here to dispute.' The 'dispute' link appears to go to the bank's secure portal but instead delivers the victim to a phishing page that replicates the bank's online login interface.
Because the victim's mental model is 'I need to log in to dispute this charge', entering credentials on the fake page feels like the correct and protective thing to do. The fact that the fake page immediately redirects to the real bank site after capturing credentials confirms to the victim that the process worked, delaying suspicion.
How this scam works on the Your Bank brand
Real bank transaction notifications come from your bank's registered SMS shortcode or official email address and typically link directly to your bank's app or website. Most banks' genuine fraud-dispute processes require you to log in at the real site or call the fraud line — they do not include external 'dispute' links in transaction alert messages.
Fake alerts use SMS spoofing to appear in the same thread as your bank's real messages. The merchant name is chosen from well-known subscription services to maximise the proportion of recipients who might conceivably have such a subscription. Even those who do not recognise the charge are alarmed enough to click and investigate.
The phishing page mirrors the bank's current login design closely. After credentials are entered, some pages present an additional 'security check' step asking for a card PIN, memorable word, or full card number — data the bank would only ever request through the app or in-branch, not via a link. This additional data harvest increases the damage from a single successful phishing event.
Common red flags
- A bank SMS or email about a subscription charge with a 'dispute' link
- The dispute link goes to a domain that is not your bank's official website
- A login page asking for your online banking username and password via a link
- An additional 'security check' step asking for your card PIN or full card number
- The merchant name in the alert does not match any subscription you recognise
- The amount is slightly higher than you would expect for a known subscription
- Your bank app shows no corresponding charge when you log in independently
How to protect yourself
- Log in directly to your bank's app or website to check your real transaction history
- If the charge does not appear in your real account, the alert was fake
- Dispute genuine charges through your bank's app or by calling the number on your card
- Never click a 'dispute' link in a transaction alert — use the bank's official dispute process
- Forward suspicious bank texts to 7726 (SPAM) in the US and UK
- Enable your bank's genuine push notification system so real charges appear on your device first
- Use a password manager that only fills on verified bank domains
How to report it
- Call your bank's fraud line using the number on the back of your card
- Forward smishing texts to 7726 (SPAM)
- Report phishing emails to your bank's security team email (listed on the bank's official website)
- File a complaint with the FTC at reportfraud.ftc.gov
- Report to Action Fraud at actionfraud.police.uk (UK) or the FBI's IC3 at ic3.gov (US) if credentials were entered
Frequently asked questions
Do banks include dispute links in their transaction alert messages?
Some banks include links in notification emails, but genuine bank dispute-link destinations are always the bank's own domain. If the link in a transaction alert goes anywhere other than your bank's official URL, do not click it.
What if I genuinely do not recognise a charge on my account?
Log in to your bank's app or website directly, find the transaction, and use the bank's in-app dispute or 'not my transaction' feature. Alternatively, call the number on the back of your card. These are the safe ways to dispute a charge.
Why do scammers use subscription-charge amounts specifically?
Subscription amounts are usually in a range that is large enough to be alarming but small enough to seem plausible from an auto-renewal. The ambiguity — 'did I sign up for this?' — prompts investigation. The alarm motivates rapid clicking without verification.